GMail security problem fixed



Google’s not had a great week it would appear (Sony’s had worse… but that’s another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that’s been announced and fixed. Details on the bug are here, and a writeup is also here.

Apparently a flaw in the authentication method that Google used could allow a user to log in under another account and read messages as well as pose as a legit user.


I’ve looked at the description of the hack, it’s fairly, ummm let’s say involved. It’s not clear to me that an attacker could do this without being at the same machine used to log in on. (say you’re in an internet cafe or library..), Still, Google patched it 4 days after being notified. Didn’t say anything publicly (which is why they released details and subsequently Google has explained that they did patch the vulnerability.)

Some say, there are probably many other sites that are vulnerable to this kind of attack.

Related Posts

Blog Traffic Exchange Related Posts
  • Massive Windows Update Tuesday Microsoft had a mammoth patch Tuesday this month with 28 bug fixes (23 critical). (Computerworld article linked above. This is one of the largest update releases in five years (!) Those fixes were wrapped up in 8 updates for Internet Exporer, Office, Sharepoint, Windows media player and visual studio and......
  • Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
  • Google Voice Review | I got the golden ticket.... Last Thursday I opened up my GMail and found to my surprise that I had an invite to Google Voice. I didn't have time to deal with it at that time, so I saved it as new until Thursday evening and spent some time then playing with it. I had......
Blog Traffic Exchange Related Websites
  • Google Voice & Phone: Free All-In-One Communications Platform I've said it before and I'll say it again: the Internet is the greatest disintermediation force the business world has ever seen and middlemen the world over are being eliminated. Yesterday, Google announced it has added a "you can call any phone right from Gmail" feature into it's extremely popular......
  • Gmail for BES? Goolge App connector targets Gmail for the Enterprise eWeek is reporting that Google is releasing software for BES (Blackberry Enterprise Server) that will allow GMail to be routed to blackberry devices.  The software is in beta now, but will be available to users of Google Apps Premier when it is fully released in July.  Right now, the application......
  • Saving Telephone Costs with Gmail I have been an avid user of Google Voice for several months. I have encouraged my family, friends,  and many of my key clients to use my Google Voice number as the best way to reach me anytime, anywhere. My experiences with the Google Voice system have been excellent. Yesterday,......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site