Philipp Lenssen has discovered a hack to Google's XSS that allows access to personal data, according to Blogoscoped today.
The tests he used with co-editor Tony Ruscoe show that is possible to get access to subject line information and first few words of emails from Gmail, statistical information from Google Analytics, as well as see what Google Gadgets are being used.
The glitch is specific to Explorer, the pair reported, and uses a cross site scripting attack.
The post comes with detailed pics of what is happening. Well worth the read.
Introducing SES Online
Want to view one of the sessions you missed or listen to an especially informative presenter a second time? SES New York sessions are available for purchase on ClickZ Academy's new e-Learning site. SES is now Online!