Simon Willison's Weblog: david-aireyhttp://simonwillison.net/2007-12-26T12:16:48+00:00Simon WillisonDavid Airey: Google's Gmail security failure leaves my business sabotaged2007-12-26T12:16:48+00:002007-12-26T12:16:48+00:00https://simonwillison.net/2007/Dec/26/csrf/#atom-tag
<p><strong><a href="http://www.davidairey.co.uk/google-gmail-security-hijack/">David Airey: Google's Gmail security failure leaves my business sabotaged</a></strong></p>
Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves.
<p><small></small>Via <a href="http://www.xssnews.com/2007/12/25/csrf-is-dangerous-mkay/">XSS News</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/david-airey">david-airey</a>, <a href="https://simonwillison.net/tags/gmail">gmail</a>, <a href="https://simonwillison.net/tags/google">google</a>, <a href="https://simonwillison.net/tags/security">security</a></p>