there is a [x] box.. "Don't ask for my password for 2 weeks."
this sets the users cookie. Gmail uses the cookie for authentication. >XSS holes are not (as we all know) an immediate bypass for > any authentication. right >It can be used, with a bit of work, to steal > cookies/authentication data from unexpecting users, NOT as an immediate > break-into-accounts kiddie tool. right > However, the interesting thing I found about this article was this line: > "regardless of whether or not the password is subsequently changed" > > Does Gmail use some sort of static security key? > Does anyone have any further details on the security implemented by Google > in their new service? see above. m.wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
