GMail vulnerability on Atom feed?



I don’t know about this, and will be curious to see what the answer is…. barrapunto.com had the link to a post from a Gmail user who notes… Gmail has the capability to have a feed of your new messages in Atom format. (We’re talking rss feeds here.) That’s all well and good. He went to bloglines though and tried to setup viewing of his feed…. and saw tons of email – NOT HIS.


… and also not that of ANYONE that had previously used his PC.

It looks as though Google uses the same URL for someone to access it’s feed. https://gmail.google.com/gmail/feed/atom

You do have to enter a username and password, but cookies are used to cache that information. For this reason he didn’t expect it to work through an online page like bloglines, but it seems it probably had cached either one of two things…. 1) SOMEONE elses login information and when he signed up for the feed it showed him another persons inbox. or 2) it simply cached the feed after the first user checked their mail.

If it’s the first case, it’s possibly a Google security bug. If it’s the 2nd, then it’s something bloglines needs to handle (caching of feeds across accounts – some feeds shouldn’t be cached.)

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide Desktop Security 2010 is a rogue antivirus application. It is a successor to Total PC Defender and installs on your pc without permission through the use of malware. Once on your system it will create numerous files that it then finds during scheduled scans and it claims these files are......
  • Funny - list of reasons it doesn't pay to be "the computer guy"... I found this not too long ago at a techamok forum... copied here for convenience - not intended to slight the original author.... I only met my brother’s ex-girlfriend’s family once — the year they invited our family over to share Thanksgiving dinner. Since we were basically a group of......
  • Google cache revealing critical personal infromation A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I've come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that......
Blog Traffic Exchange Related Websites
  • Review of: Brute Force RSS (An RSS Blasting Service) Brute Force SEO has long been a popular solution for businesses and individuals looking to create a more efficient web presence online. Taking things one step further, Brute force RSS, an RSS blasting service, is creating this same type of improved web presence, but this time focusing on corporate blogs......
  • Making Money with AdSense It may not bring in the millions, but making money with AdSense sure does make a lot of sense overall. Using Google AdSense is simiple, and if you have a website, even if it is just for information, you should consider making money with AdSense. If you are considering starting......
  • Two Ways to Reclaim Your Feeds from FeedBurner Do you use FeedBurner for your blog feed(s)? Are you annoyed that the article links are feeds.feedburner.com URLs rather than the URLs of the original articles? This bothered me for some time until I was finally able to figure out what was causing it and how to prevent it from......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site