Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

David Airey: Google's Gmail security failure leaves my business sabotaged (via) Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves.

Posted 26th December 2007 at 12:16 pm

Tagged , , , ,

1 comment

  1. This is why I love Django's CSRF middleware.

    Jason Davies - 26th December 2007 13:08 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site