GMail vulnerability on Atom feed?



I don’t know about this, and will be curious to see what the answer is…. barrapunto.com had the link to a post from a Gmail user who notes… Gmail has the capability to have a feed of your new messages in Atom format. (We’re talking rss feeds here.) That’s all well and good. He went to bloglines though and tried to setup viewing of his feed…. and saw tons of email – NOT HIS.


… and also not that of ANYONE that had previously used his PC.

It looks as though Google uses the same URL for someone to access it’s feed. https://gmail.google.com/gmail/feed/atom

You do have to enter a username and password, but cookies are used to cache that information. For this reason he didn’t expect it to work through an online page like bloglines, but it seems it probably had cached either one of two things…. 1) SOMEONE elses login information and when he signed up for the feed it showed him another persons inbox. or 2) it simply cached the feed after the first user checked their mail.

If it’s the first case, it’s possibly a Google security bug. If it’s the 2nd, then it’s something bloglines needs to handle (caching of feeds across accounts – some feeds shouldn’t be cached.)

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide Desktop Security 2010 is a rogue antivirus application. It is a successor to Total PC Defender and installs on your pc without permission through the use of malware. Once on your system it will create numerous files that it then finds during scheduled scans and it claims these files are......
  • Google cache revealing critical personal infromation A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I've come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that......
  • Google roundup.... 55 ways to have fun, ipv6 and schoolkids Social Security Numbers.... There are a few Google related stories of the last few days to catch up. 1)55 Ways to have fun with Google is an e-book available for purchase on Amazon or Lulu.com, but it's also avaiable as a free pdf download. (And it's licensed so you can mix it up/etc...)......
Blog Traffic Exchange Related Websites
  • 5 Ways To Making Money From Your Blog Having a good time blogging? It doesn’t need to be a mere diversion. Your blog can serve as a cash cow as well. These are 5 ways by which you can monetize your blog.1. Register under the Google AdSense program or other pay per click (PPC) programs accessible presently. PPC......
  • Making Money with AdSense It may not bring in the millions, but making money with AdSense sure does make a lot of sense overall. Using Google AdSense is simiple, and if you have a website, even if it is just for information, you should consider making money with AdSense. If you are considering starting......
  • Remember To Vary The Food When Feeding A fish only aquarium or reef aquarium offers several pleasures. One of them is obvious, and that is just sitting and admiring. After a while, all seems at peace in the world. Maybe that’s why some doctors and dentists have aquariums in their surgeries. Another very pleasurable experience for the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site