GMail security problem fixed

Google’s not had a great week it would appear (Sony’s had worse… but that’s another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that’s been announced and fixed. Details on the bug are here, and a writeup is also here.

Apparently a flaw in the authentication method that Google used could allow a user to log in under another account and read messages as well as pose as a legit user.

I’ve looked at the description of the hack, it’s fairly, ummm let’s say involved. It’s not clear to me that an attacker could do this without being at the same machine used to log in on. (say you’re in an internet cafe or library..), Still, Google patched it 4 days after being notified. Didn’t say anything publicly (which is why they released details and subsequently Google has explained that they did patch the vulnerability.)

Some say, there are probably many other sites that are vulnerable to this kind of attack.

   Send article as PDF   

Similar Posts