GMail vulnerability on Atom feed?
I don’t know about this, and will be curious to see what the answer is…. barrapunto.com had the link to a post from a Gmail user who notes… Gmail has the capability to have a feed of your new messages in Atom format. (We’re talking rss feeds here.) That’s all well and good. He went to bloglines though and tried to setup viewing of his feed…. and saw tons of email – NOT HIS.
… and also not that of ANYONE that had previously used his PC.
It looks as though Google uses the same URL for someone to access it’s feed. https://gmail.google.com/gmail/feed/atom
You do have to enter a username and password, but cookies are used to cache that information. For this reason he didn’t expect it to work through an online page like bloglines, but it seems it probably had cached either one of two things…. 1) SOMEONE elses login information and when he signed up for the feed it showed him another persons inbox. or 2) it simply cached the feed after the first user checked their mail.
If it’s the first case, it’s possibly a Google security bug. If it’s the 2nd, then it’s something bloglines needs to handle (caching of feeds across accounts – some feeds shouldn’t be cached.)
Popularity: 1% [?]
Related Posts - Google Sitemaps continue to improve I've noticed that the information in Google Sitemaps continues to improve. For instance in the list of search terms and the average top position which is something that previously was quite tedious to figure out (search and then click until you find your page referenced...) It also gives content analysis......
- Google roundup.... 55 ways to have fun, ipv6 and schoolkids Social Security Numbers.... There are a few Google related stories of the last few days to catch up. 1)55 Ways to have fun with Google is an e-book available for purchase on Amazon or Lulu.com, but it's also avaiable as a free pdf download. (And it's licensed so you can mix it up/etc...)......
- Remove Antivirus Pro 2010 Antivirus Pro 2010 is another rogue security application that installs itself by ways of security vulnerabilities. This particular one seems to be installed by the braviax(cru629) family of trojans. It's related to PC Antispyware 2010, PC Security 2009, and Home Antivirus 2010. It essentially claims that your pc is unprotected......
Related Websites - 5 Ways To Making Money From Your Blog Having a good time blogging? It doesn’t need to be a mere diversion. Your blog can serve as a cash cow as well. These are 5 ways by which you can monetize your blog.1. Register under the Google AdSense program or other pay per click (PPC) programs accessible presently. PPC......
- Review of: Brute Force RSS (An RSS Blasting Service) Brute Force SEO has long been a popular solution for businesses and individuals looking to create a more efficient web presence online. Taking things one step further, Brute force RSS, an RSS blasting service, is creating this same type of improved web presence, but this time focusing on corporate blogs......
- My First Mother's Day! I will open by saying that I think every day should be Mother's Day...I may not be the first, and I certainly won't be the last to say that. I know that the novelty will eventually wear off...kind of like a birth day, but for my very first Mother's......
Similar Posts
- Google now officially giving news feeds
- Watch what things you store in public places…. part 342
- Google Reader cache-ing feed behavior
- Google Reader makes it easier to add RSS feeds to your profile
- Gmail down September 1, 2009