Gmail cookie vulnerability exposes user’s privacy
åˆä¸€èµ·Gmailçš„XSS问题。
Petko Petkov of "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users.
"This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. "It’s just a proof of concept at the moment, but what they’re demonstrating is the potential to use this vulnerability for malicious purposes."
According to Gatford, attackers could compromise a Gmail account–using a cross-site scripting vulnerability–if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account’s messages to a POP account.
[…]
"People do use private accounts to store work information," IBRS security analyst James Turner said.[…]
"When you have organizations like Google spending countless man-hours
reducing security vulnerabilities…you can imagine how bad the actual
situation is for other organizations," Gatford said.
通过XSS注入到当å‰çš„Web应用程åºå½“ä¸ï¼Œç„¶åŽæ‰§è¡Œç¨‹åºï¼Œçªƒå–Cookie,进而窃å–éšç§ã€‚éžå¸¸ç®€å•çš„ç»å…¸çš„攻击方å¼ã€‚但是在Web的世界里,Cookie就是一切éšç§ï¼Œä¹Ÿæ˜¯å”¯ä¸€çš„éšç§ã€‚这是一个很大的问题。
è¿™ç§é—®é¢˜å¾ˆåƒä¼ 统安全问题里é¢çš„æƒé™æå‡ï¼Œæœ¬è´¨æ˜¯ä½¿ç”¨æŸç§è¯¸å¦‚手段让自己的代ç å¯ä»¥è¿è¡Œåœ¨å…¶ä»–人的安全上下文当ä¸ã€‚在Webä¸–ç•Œé‡Œï¼Œè¿™ä¸ªé—®é¢˜æ›´åŠ ä¸¥é‡ï¼šæ¯•ç«Ÿåœ¨æ¡Œé¢ç³»ç»Ÿä¸Šé¢ä¼ªé€ 安全令牌时éžå¸¸å¤æ‚的,但是在æµè§ˆå™¨å°šä¸Šï¼Œä¸€æ—¦èŽ·å–到Cookieï¼Œä¼ªé€ ä¼šå˜å¾—éžå¸¸å®¹æ˜“。
è¿›è€Œè€ƒè™‘ä¸€ä¸‹ï¼Œä¼ ç»Ÿçš„å®‰å…¨é—®é¢˜å½“ä¸ï¼Œæ¶æ„代ç æå‡æƒé™çš„目的是为了能够åšæ›´å¤šçš„事情,例如对用户计算机的完全的特æƒè®¿é—®ã€‚在Web安全当ä¸ï¼Œè¿™ä¸ªé—®é¢˜æœ‰äº›ç±»ä¼¼ï¼Œé€šè¿‡XSSçš„æ–¹å¼ï¼Œä»£ç å¯ä»¥ä»¥â€œå½“å‰ç”¨æˆ·â€çš„身份åšæ›´å¤šçš„事情,例如,去感染更多的用户。
éšç€Web应用程åºè¶Šæ¥è¶Šæµè¡Œï¼Œè¿™ç§å®‰å…¨é—®é¢˜æœ€ç»ˆä¼šå˜å¾—很严é‡ï¼šè¯•æƒ³ä¸€ä¸‹ï¼Œæœ‰ä¸€å¤©ï¼Œä½ 的计算机(如果还å¯ä»¥ç§°ä¸ºè®¡ç®—机的è¯ï¼‰ä¸Šé¢ä¸éœ€è¦æœ‰ç¡¬ç›˜ï¼Œä¸éœ€è¦å¤ªå¤šçš„内å˜ï¼Œä½ 需è¦çš„åªæ˜¯ä¸€ä¸ªå›ºåŒ–在ROM里é¢çš„æµè§ˆå™¨â€”—Webç»ˆç«¯ï¼Œé€šè¿‡é«˜é€Ÿçš„ç”µç¼†æˆ–æ— çº¿ä¿¡å·è¿žæŽ¥åˆ°äº’è”ç½‘ã€‚ä½ çœŸæ£çš„æ•°æ®éƒ½å˜å‚¨åœ¨ç½‘络上é¢çš„æ•°æ®ä¸å¿ƒå½“ä¸â€”â€”åœ¨é‚£é‡Œæœ‰æ— æ³•è®¡æ•°çš„æµ·é‡å˜å‚¨è®¾å¤‡ï¼›ä½ 通过访问互è”ç½‘ä¸Šæ— å¤„ä¸åœ¨çš„Web应用程åºæ¥è®¿é—®å’Œå¤„ç†è¿™äº›æ•°æ®ã€‚我å¯ä»¥ç”¨åœ¨çº¿RSS阅读器读å–网络上å„ç§å„æ ·çš„blogæ–‡ç« ï¼›å¯ä»¥é€šè¿‡åœ¨çº¿çš„视频点æ’æˆ–è€…ç”µè§†ç³»ç»Ÿè§‚çœ‹ç”µè§†èŠ‚ç›®ï¼›ç”šè‡³ä½ å¯ä»¥å°†è‡ªå·±çš„照片ã€è§†é¢‘ã€æ–‡æ¡£ç»Ÿç»Ÿä¿å˜åœ¨äº’è”网上,以便å¯ä»¥åœ¨å„处查阅。
这时候的互è”网就是一个æ“ä½œç³»ç»Ÿï¼Œä½†æ˜¯ï¼Œä½ æ‰€æœ‰çš„éšç§ï¼Œéƒ½åŸºäºŽä¸€äº›Cookie——å˜å‚¨åœ¨æµè§ˆå™¨å½“ä¸çš„一些çŸå°çš„å—符串。Cookieï¼Œå°±æ˜¯ä½ çš„ä¸€åˆ‡éšç§ã€‚
这是个很大的问题。
