Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Google Search and Gmail Correlation

from [Ádám Szilveszter dr.] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Google Search and Gmail Correlation
Date: Thu, 24 Feb 2005 13:12:24 +0100 
Hello Cody,

I think that what you are observing is this: the cookie you get when 
visiting your gmail account is valid for the whole google.com domain, and 
therefore will be transferred again when you do web searches as well.

As you write, this is not a bug per se, the cookie mechanism is working as 
expected.

It is also obvious that such an approach may raise privacy concerns.

Now, *if* google wanted to mitigate this problem, it would be easy. They 
should migrate the gmail service web frontend to a subdomain (say: 
gmail.google.com) or even a whole new domain (gmail.com exists already but 
www.gmail.com merely redirects) and make the cookie only valid in that 
domain/subdomain.

The questions is, do they want to do this?

And yes, for now, if you are privacy conscious, delete the cookie before 
doing a Google search (or using any other Google service).

Regards:

Szilveszter Adam
Budapest
Hungary
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Cyclades AlterPath Manager Vulnerabilities, Sullo
Next by Date:  Re: [Full-Disclosure] Google Search and Gmail Correlation, Thierry Zoller
Previous by Thread:  [Full-Disclosure] Google Search and Gmail Correlation, Cody Hatch
Next by Thread:  RE: [Full-Disclosure] Google Search and Gmail Correlation, Aditya Deshmukh
Indexes:  [Date] [Thread] [Top] [All Lists]