Security Issue With Google Accounts Cookie Said Fixed

Google says it has now fixed a security problem with its Google Accounts service, which provides a cookie-based way for people to log into various Google services.

Last Thursday, Google Blogoscope pointed to a
forum discussion
(and also here) that suggested Google’s
Froogle service in particular might inadvertently let people access Gmail accounts, because account information embedded in the Google cookie could be hijacked.

I emailed Google about this on Friday and received back the following statement:

Google was recently alerted to a potential security vulnerability affecting Froogle. We have since fixed this vulnerability, and all current and future Froogle users are

Spotted via Organized Shopping, eWeek has a nice write-up in Google Plugs
Cookie-Theft Data Leak
on what happened, with quotes from Nir Goldshlager, a security research who spotted the hole. He also warns that anyone who had their cookie stolen
would still be at risk.

Related reading

Simple Share Buttons