The reason behind the theft of my account and password is not because some one stole my password but because of a vulnerability in Google'e email system, Gmail.

I will not go into the technical details however for those who use gmail, I would recommend the following

1. Check the filters in your mail settings and make sure that all the filters in your gmail are the ones you created.

2. Install a piece of software called NoScript. It is available from this link http://noscript.net/

For those who use other browsers, they will have to find an anti-Cross-site request forgery, or simply put anti-CSRF software which prevents cross site scripting attacks.

This vulnerability is a very serious one and it is a big shame that a company as big as Google has not informed its users of the security flaw for the past coulple of months.

If you are a victim of such an attack, you will never even know and the attacker will receive all your email communications. I am still unable to figure out how the attacker got access to my PayPal account. However, I am slowly catching up.

For a more detailed overview , you can read the following articles

http://www.gnucitizen.org/blog/google-g ... technique/ (http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/)

Thanks to the original poster who showed me the light.

http://www.davidairey.com/google-gmail-security-hijack/

Kind Regards

useful stuff.... thanks for sharing with us.

I have read the full article and i immediately checked my gmail...np here.... :D
BTW i already have no script plugin in my FF... :lol:

This is very serious coz i have heard majority of paypal email id's are gmail one's so if any one get access to gmail then he has virtually all your paypal money... :o

and moreover we gmail users have a bad habit->we will not often log out... :?

well said

I never use log out function unless it is important

Thanks for Making a note Nut I think Google is developing it to make it more safe I think Orkut used to be easily hacked and Now a days it is tough to hack orkut .Hope they fix this Bugs with Gmail also

Thanks to the original poster who showed me the light.

http://www.davidairey.com/google-gmail-security-hijack/

Kind Regards

Thatz right.
I read in his Blog that his site was hijacked this way and the hacker demanded money in return.
That was a great blow to him as he is considered as the best logo designer on the web.

Thread Moved to "Google" Forum. We have specific forum for Google and Gmail falls into Google category, so...

and btw, interesting post.

Thanks a lot for sharing this crucial piece of info...
btw i think that GMail is the best email service. Now I have started using Google Apps for my own domain and as far as of now, its quite smooth and excellent...

Well,
I never employ the function of disconnection unless it is important.

I dont think it works anymoer. Didnt work with me.

Thats why i use live for paypal accounts. I knew that gmail is not safe as i get a whole lot of spam mails everyday. I dunn why. But it doesn't happen with other accounts,.