Simon Willison’s Weblog

Items tagged gmail in 2007

Filters: Year: 2007 × gmail ×


David Airey: Google’s Gmail security failure leaves my business sabotaged (via) Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves. # 26th December 2007, 12:16 pm

Gmail Greasemonkey API (via) The new version of Gmail includes API hooks for Greasemonkey script authors. The documentation is by Mark Pilgrim, author of Greasemonkey Hacks. # 7th November 2007, 10:38 am

Mailplane (via) A commercial OS X Gmail client built around a site-specific browser. # 25th October 2007, 7:57 am

The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords? # 12th October 2007, 9:25 am

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin. # 4th October 2007, 2:53 pm

WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks. # 27th September 2007, 1:55 pm

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge. # 27th September 2007, 10:29 am

Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.” # 21st September 2007, 11:23 pm

Never use a warning when you mean undo. The abundance of “undo” is one of my favourite things about Gmail. I wonder if there’s anything Django could do to make implementing undo functionality easier... # 17th July 2007, 11 am

Gmail and Django. I’d never considered using Gmail to send e-mail from applications, but it could be a useful way of avoiding having outbound e-mail falsely flagged as spam. # 2nd July 2007, 9:46 pm

Importing your social network from other sites. Dopplr now does this from GMail, Twitter, vCard or hCard and XFN. I’m convinced that contact import is a killer app for OpenID. # 26th June 2007, 1:46 am

Gmail Atom feeds. Could be useful as a pipe for creating an e-mail interface to an existing Atom-consuming application. # 16th January 2007, 2:50 pm

Offline Gmail and Blogger Using the Dojo Offline Toolkit. These are just mockups at the moment, but they’re a useful illustration of how offline browsing modes for Web applications could work. # 10th January 2007, 12:40 pm