news November 25th, according to an article in the security researcher Brandon GeekCondition.com published on Sunday pointed out that Google Gmail has a security vulnerability, so hackers may in case the user’s knowledge filter is arranged in the user email account.
Brandon pointed out in the article that the vulnerability has led some users to lose their domain names registered in GoDaddy.com.
but Brandon did not disclose how to use this vulnerability to attack the details of the attack, but pointed out that the key to attack is to get the user name and the name of the variable.
users in the Gmail account to set the filter, will send a request to the Google server instructions. This request is in the form of URL and contains many variables. For security reasons, the browser does not display all the variables contained in the URL. But if you use Firefox and a Live HTTP Headers plugin, you can see all of the variables are sent to the Google server browser.
, as long as the user to find the name of the variable can be found.
Brandon said: "the process of obtaining these variables is complex, but not impossible. I’m not going to tell you what to do, but if you search on the Internet, you’ll know."
Brandon said, @ variables can be accessed by visiting malicious sites, he suggested that Google immediately after the release of each instruction to make the variable expired, rather than wait until after the end of the process expired.
in order to avoid becoming a victim of this vulnerability, Brandon recommends that users often check filter settings. He said, Firefox users can also download a NoScript plug-in to prevent attacks.
Google representatives did not immediately reply to the reporter’s advice.