Gmail Plus? Actually, it's fake
Over the weekend, an XSS report bubbled up on the Intarnets. Normally a "ho-hum" event, this one was pretty interesting because it detailed an attack involving google.com -- so it affects me, since I do pretty much all of my e-mail through google.com.
Though I'm not usually one prognosticate, I am betting that the Next Big Attack will revolve around an XSS involving one or more webmail services. By XSS'ing Gmail, Hotmail, or YahooMail (or all three at the same time) in an automated way, you instantly get access to about a zillion qualified e-mail addresses, inboxes, and the means of replication.
However, while the initial outbreak will potentially be devestating, all of these individual nodes are under the control of one (or two or three) authorities. It shouldn't take too long for the web-mail providers to clamp down and fix the problem completely, so we won't be left with the vestigates of this worm for years after release.
Though I'm not usually one prognosticate, I am betting that the Next Big Attack will revolve around an XSS involving one or more webmail services. By XSS'ing Gmail, Hotmail, or YahooMail (or all three at the same time) in an automated way, you instantly get access to about a zillion qualified e-mail addresses, inboxes, and the means of replication.
However, while the initial outbreak will potentially be devestating, all of these individual nodes are under the control of one (or two or three) authorities. It shouldn't take too long for the web-mail providers to clamp down and fix the problem completely, so we won't be left with the vestigates of this worm for years after release.
posted by todb at 3:08 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home