Gmail Accounts Vulnerable to XSS Exploit

["Todd Towles" <toddtowles () brookshires com>]

Slashdot.org
"A security hole in GMail has been found (an XSS vulnerability) which
allows access to user accounts without authentication. What makes the
exploit worse is the fact that changing passwords doesn't help. The full
details of the exploit haven't been disclosed. The vulnerability was
reported by Israeli news site Nana
<BLOCKED::http://net.nana.co.il/Article/?ArticleID=155025&sid=10> . They
were tipped off by an Israeli hacker. Google has been notified and they
are working to close the hole. The Register has the story here
<BLOCKED::http://www.theregister.co.uk/2004/10/29/gmail_vuln/> ."