Gmail Usage Caveat


This post was originally published in 2009
It may contain stale & outdated information. Or it may have grown more awesome with age, like the author.

Quite some time ago I awoke to an inbox full of messages from friends, associates and family (everyone in my Gmail address book) why I thought they’d be interested in purchasing “cheap good goods from convenient service import site”. My Gmail account had been hacked – I even had an auto-responder set up – also advertising the same site.

After panicking, then changing my password, I did a little research. It seems that it is possible for some sites to access Gmail accounts if one browses to said malicious site with Gmail open in a different tab.

The oracle, from Revelations From An Unwashed Brain gives a very informative description of the problem here: Gmail Accounts Hacked – Unpatched Hole Exists.

So how to avoid this? Never open Gmail in a tab – run it in a separate browser. If using Ubuntu, one could use Gmail in Epiphany, and browse the rest of The Internet with Firefox.

Even better, use Thunderbird with Gmail & IMAP.

You’ve been warned.

No comments | Trackback