Gmail Security Flaw Proof of Concept
Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge.
The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names registered through GoDaddy.
To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail. LetÃ¢â‚¬â„¢s use a current example and assume that I was trying to steal MakeUseOf.com and I already knew it was registered by GoDaddy. LetÃ¢â‚¬â„¢s also assume that I knew the ownerÃ¢â‚¬â„¢s Gmail address. I would want to create a filter like the one in the image above, where all email sent from GoDaddy Support was automatically deleted and forwarded to my email address.
Read more: geekcondition.com