gmail security issue

[Handruin]

By the looks of things it's a serious issue. Just keeping you guys in the loop.

Reference:
http://www.theinquirer.net/?article=19366
Source:
http://net.nana.co.il/Article/?ArticleID=155025&sid=10

 

[Fushigi]

The way I'm reading this is that if you always go directly to gmail vs. following a link from another (questionable or hacked) site, you're fine. Or can any site at all read the cookie file?

 

[Pradeep]

Is it any worse than clicking on some dodgy email that purports to be from your bank, and then fishes the username/password?

Also I'm wondering how the cookie would let people in even after you have logged in from somewhere else. That does need to be fixed.