GMail vulnerability on Atom feed?



I don’t know about this, and will be curious to see what the answer is…. barrapunto.com had the link to a post from a Gmail user who notes… Gmail has the capability to have a feed of your new messages in Atom format. (We’re talking rss feeds here.) That’s all well and good. He went to bloglines though and tried to setup viewing of his feed…. and saw tons of email – NOT HIS.


… and also not that of ANYONE that had previously used his PC.

It looks as though Google uses the same URL for someone to access it’s feed. https://gmail.google.com/gmail/feed/atom

You do have to enter a username and password, but cookies are used to cache that information. For this reason he didn’t expect it to work through an online page like bloglines, but it seems it probably had cached either one of two things…. 1) SOMEONE elses login information and when he signed up for the feed it showed him another persons inbox. or 2) it simply cached the feed after the first user checked their mail.

If it’s the first case, it’s possibly a Google security bug. If it’s the 2nd, then it’s something bloglines needs to handle (caching of feeds across accounts – some feeds shouldn’t be cached.)

Related Posts

Blog Traffic Exchange Related Posts
  • Funny - list of reasons it doesn't pay to be "the computer guy"... I found this not too long ago at a techamok forum... copied here for convenience - not intended to slight the original author.... I only met my brother’s ex-girlfriend’s family once — the year they invited our family over to share Thanksgiving dinner. Since we were basically a group of......
  • Google roundup.... 55 ways to have fun, ipv6 and schoolkids Social Security Numbers.... There are a few Google related stories of the last few days to catch up. 1)55 Ways to have fun with Google is an e-book available for purchase on Amazon or Lulu.com, but it's also avaiable as a free pdf download. (And it's licensed so you can mix it up/etc...)......
  • Google cache revealing critical personal infromation A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I've come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that......
Blog Traffic Exchange Related Websites
  • My First Mother's Day! I will open by saying that I think every day should be Mother's Day...I may not be the first, and I certainly won't be the last to say that. I know that the novelty will eventually wear off...kind of like a birth day, but for my very first Mother's......
  • Two Ways to Reclaim Your Feeds from FeedBurner Do you use FeedBurner for your blog feed(s)? Are you annoyed that the article links are feeds.feedburner.com URLs rather than the URLs of the original articles? This bothered me for some time until I was finally able to figure out what was causing it and how to prevent it from......
  • Using Login Banner on a Mac OS X system What is a login Banner? A login banner is a statement made by the system owner that asserts their rights and informs the users of the system what expectation of privacy they should have. Login banners are a critical aspect of IT system security as they allow IT systems administrators......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site