GMail security problem fixed



Google’s not had a great week it would appear (Sony’s had worse… but that’s another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that’s been announced and fixed. Details on the bug are here, and a writeup is also here.

Apparently a flaw in the authentication method that Google used could allow a user to log in under another account and read messages as well as pose as a legit user.


I’ve looked at the description of the hack, it’s fairly, ummm let’s say involved. It’s not clear to me that an attacker could do this without being at the same machine used to log in on. (say you’re in an internet cafe or library..), Still, Google patched it 4 days after being notified. Didn’t say anything publicly (which is why they released details and subsequently Google has explained that they did patch the vulnerability.)

Some say, there are probably many other sites that are vulnerable to this kind of attack.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows XP SP3 Well, in the article the other day about the Windows wireless problem/(feature that could be exploitable?) there was a mention that the default behaviour for Windows would be changed with the next service pack, for XP users that's SP3. So, when can we expec this? It seems that service pack......
  • Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
  • NO, Google has NOT cancelled click-to-call It was an odd message that started this on the official google blog. I saw it and thought this doesn't make sense - it doesn't sound like an official statement and it claims it was translated from another language???? Posted by "Maximal" here is the original Google Blog post... After......
Blog Traffic Exchange Related Websites
  • webOS 1.4.5 Now Available For Sprint Palm Pre and Palm Pixi Users Last week, Palm finally released the webOS 1.4.5 update for the Sprint Palm Pre and Palm Pixi. While the latest OS upgrade is available in Europe since last month, there's still no news as to when Palm plans to release the webOS 1.4.5 update for Verizon and AT&T customers. If you......
  • 7 Ways To Use Google Buzz Effectively Did you know about the hot cake in town? I bet you already. Yes, you are right! It's Google Buzz  which is creating quite a stir among social media enthusiastics, bloggers, celebrities, friends, geeks, nerds, carrots and beans. It's only about a week since the launch of Google Buzz, but......
  • Gmail for Free! Phaw still has 99 gmail accounts to give away for free! If you want your own cooool Gmail account, just post your email address in the comments section and I will invite you for a free Gmail account!! With all its cool and oh so helpful features, why is Gmail......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site