Xoopit Teaches Google How To Make Gmail Right

Xoopit is a companion Firefox plug-in that turn Gmail in a social-sharing network. Xoopit scans your Inbox for Images, Videos and Files regardless if its an actual attachment of a link. The plug-in provides a additional views to view shared media and files in a gallery format without leaving Gmail. It also automatically shows all related media in respect to the current thread being read and the sender.

Check-out the screen shot of my Xoopit enhanced Gmail!

Happy New Year Google: Gmail Hacks posted on Digg!

Hacker's gave Google a new year's gift: A ways to steal all your Gmail contacts by just visiting a site, anysite for that matter. By the time im writing this, 1628 people dugg the article on digg plus they posted the code on the comment page.

I tried it myself and it only took me 10 minutes to code a Gmail address book slurper using PHP, this code is released for educational purposes only. You may try out if your Gmail is vulnerable here(fixed).

Maybe this is the end of Google peaceful reign and join the likes of Microsoft who battles endless wave of hackers trying to find the next vulnerability.

UPDATE: 3:53AM +8:00

Guys if your using the test site please create a dummy account and add some useless email address on the contact list. Although I'm not harvesting your account (so your safe if you trust me) but my hosting just called saying my access_logs has bloated. So please, create a dummy account first and add Bush to the contact list before testing. I'm adding more tests scripts using other sources of the contact list data such as Google notepad and Google groups.
Thanks.

UPDATE 7:31PM +8:00

I'm checking in to report that the hack has been closed thanks to the cult followers of Gmail who were relentless in finding all the bugs. I'm not sure what time it was fixed since I wasn't able to stay awake to test regularly via the test site, thanks to Aileen Apolo's reply (to my mass email warning) i woke up to update this post right away. Kudos to Google team, i think they had to skip some needed holiday break just to fix this hack as fast as possible lastly kudos the rest of the blogosphere and diggers who searched and posted the hack. IMHO if these guys who initially found the hack didn't come forward with the report (they didn't withheld the hack and use it for their own profit), lots of accounts could have been compromised.