Simon Willison’s Weblog

Items tagged google, gmail in 2007

Filters: Year: 2007 × google × gmail ×


David Airey: Google’s Gmail security failure leaves my business sabotaged (via) Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves. # 26th December 2007, 12:16 pm

Gmail Greasemonkey API (via) The new version of Gmail includes API hooks for Greasemonkey script authors. The documentation is by Mark Pilgrim, author of Greasemonkey Hacks. # 7th November 2007, 10:38 am

Mailplane (via) A commercial OS X Gmail client built around a site-specific browser. # 25th October 2007, 7:57 am

The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords? # 12th October 2007, 9:25 am

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge. # 27th September 2007, 10:29 am

Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.” # 21st September 2007, 11:23 pm