Hacker News new | past | comments | ask | show | jobs | submit login
Gmail is safe, as long as you avoid falling for phishing scams (googleonlinesecurity.blogspot.com)
16 points by paul on Nov 25, 2008 | hide | past | favorite | 6 comments



The followup to http://news.ycombinator.com/item?id=372699, which incorrectly claimed that Gmail was open to cross-site attacks.


While Google have an interest in talking about the message that Gmail is secure, from a security perspective it's kind of naive to say "Gmail is secure".

All web mail (or any other system) is just a step away from the next exploit. The difference in my mind between web mail and regular mail is there another dangerous attack vector (XSS) which is only fixable by a single vendor.

The standard mail servers companies use are often vetted patched from many sources and can be hidden behind some pretty well tested encryption protocols.

Trusting mission critical things like domain name registrations to web mail seems like an unacceptably big risk to me. While XSS wasn't the issue this time, it clearly has been in the past.


Trusting mission critical things like domain name registrations to web mail seems like an unacceptably big risk to me.

What?


"We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details."

What about bugs that aren't disclosed?


What about them? :)


What about a user on stumbleupon ... stumbling onto a nefarious website?

The community would curtail such a site after awhile, but those prior may have been hacked.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: