Google Inc. has quietly patched a security bug in its Gmail service, but the company is downplaying the severity of the risk to its users. Google confirmed that it made "modifications" to Gmail to cover an attack vector that allowed malicious hackers to take complete control of a victim's Gmail account. The elhacker.net advisory described how a Gmail user token could be used in conjunction with other hacking tricks to take control of the victim account. However, Google spokesperson Sonya Boralv told Ziff Davis Internet News that a successful attack would require the victim to open up an authenticated token and willingly give it to the attacker. The risk of an actual attack is so slim, she said the company did not consider it a security vulnerability. Boralv said the authentication token is totally encrypted and cannot be sniffed by an attacker. "Nevertheless, we have made some modifications to Gmail to mitigate these kinds of issues in the future," Boralv added....
Know News[Important]