5 Great Unofficial Gmail Themes

Well, it took 6 months since we first heard a peep about an official release of Gmail themes for Google to make them a reality. But even with this week’s rollout from Mountain View HQ, some of you will still want more.

Indeed, the Google design corps won’t hit the spot for every Tom, Dick, and Henrietta. So there’s really only one alternative route to venture down to get Gmail a new dress: some good ol’ CSS chop-shoppage via the ever-popular Greasemonkey and Stylish Firefox add-ons. Here are our current top picks:

Be sure to post your faves if you’ve got ‘em, and tell us how they compare to Google’s own.

Gmail Redesigned

The king of all Stylish Gmail themes, Gmail Redesigned is without a doubt the most professionally done of all the themes listed here. It sports a fancy custom loading screen, and many details you won’t catch right away, but they’ll get under your skin after a while, making you wish the official Gmail theme had them.

Super Clean

Super Clean is very liberal with its use of white and sweeping blues. Which, if we’re honest, give it a sort of Microsoft Live-like atmosphere. Admittedly, it looks quite good, wouldn’t you agree?

Dark Gmail 2 Nasa

What’s not white and fits in with the Nasa Night Launch Firefox theme? Yep, Dark Gmail 2 Nasa. This one’s pretty rich on the graphics, so if you’re seeking something more clean-looking (like Gmail’s own “Terminal” option), this isn’t the thing for you.

Dark Gray

Apart from a white search field and some glimmers of light gray around the periphery, Dark Gray holds true to its name.

Dark Shiny Blue

There’s lots of shininess to the Dark Shiny Blue theme. Dark gray and blue tones get equal treatment. The drop-down transparent menu is a nice treat to see. All things considered, gamers may take a particular liking.

Gmail exploit may allow attackers to forward e-mail

A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com.

In his post, Brandon writes that the vulnerability has caused some people to lose their domain names registered through GoDaddy.com.

Without posting the full exploit, here is the key as Brandon explains it relies on obtaining the variables that represent the user name and "at":

When you create a filter in your Gmail account, a request is sent to Google's servers to be processed. The request is made in the form of a url with many variables. For security reasons, your browser doesn't display all the variable contained within the url. Using FireFox and a plugin called Live HTTP Headers, you can see exactly what variables are sent from your browser to Google's servers.

After that, an attacker just needs to identify the variable that is the equivalent of the username.

"Obtaining this variable is tricky but possible," he writes. "I'm not going to tell you how to do it, if you search hard enough online you'll find out how."

The "at" variable can be obtained by visiting a malicious Web site, writes Brandon, who suggests that Google make the "at" variable expire after every request rather than after every session.

To avoid being a victim of the vulnerability, users should check their filters often, Brandon suggests. Firefox users can download an extension called NoScript that helps prevent these attacks, he said.

Of course, any Web site that uses cookies for authentication requests can be taken advantage of in the same way. To avoid becoming a victim to this type of exploit, Gmail users should logout of their accounts when they are not in use, and--of course--not visit Web sites that they don't trust.

Google representatives did not immediately return a request for comment.