Google has been hitting a few speed bumps lately with their Gmail service. They’ve had some problems in the past, but the latest round of trouble started with around 60 users who lost some or all of their email received prior to December 18th. It was another instance of Google performing magic and making those messages disappear with the trick gone bad, and the messages not coming back. Then came the flaw which could have given anyone your contact list. This happened at the end of December shortly after the first problem. This appears to be fixed, and now speed bump #3 comes along. They say that the third time is a charm, so hopefully this is the last of the problems for now!
The latest problem was reported by Google Blogoscoped where luckily he had a friendly hacker (Tony Ruscoe) get access to emails, spreadsheets, reading habits on the Google personalized homepage, search history, etc. Now how’d you like someone viewing all of that? It really wouldn’t be a very nice surprise. That’s just the short list of what he was able to do! What he wasn’t able to do was read the full emails, check Calendar events, or change the Google Account password.
Tony got access to this by a ”proof of concept” script specifically targeting this loophole. All that was needed was for a person who was logged into their Google account to visit a page of his. After visiting, the users Google cookies were available to Tony which gave him access to all kinds of personal information. Ruscoe was a nice guy and contacted Google Security about it first, and hasn’t disclosed how it was done.
Google Blogoscoped says not to worry because, “the vulnerability in question is a very special kind, and Tony, by “claiming†this loophole, also blocked it for other abusers. This means that for the sake of this case, even though Google didn’t yet fix the hole, there is nothing to worry about (except that someone might find more holes in the vicinity of this bug).”
I guess this is just a good reminder for us that our private “secure” data is really never completely, fool-proofed secure. You never know when a malicious hacker can do! Lucky for Philipp of Google Blogoscoped that the Hacker is a friendly guy!
Enjoyed the post? Subscribe to our feed to get a daily dose of CyberNet!
Tags: Google
Related Posts:
- Google Security Woes Continue
- Microsoft Flaw Being Sold On eBay
- The Google Blog Was Hacked Because Of A Blogger Flaw
- Gmail Flaw can Give Anyone your Contact List
- QuickTime Bug Affects Java-Enabled Browsers
That’s sounds like a Microsoft rep talking, “Yes, someone could you your Google Checkout account to bankrupt you, but please don’t worry about it”
The fact is if Tony Ruscoe found it then someone else probably already knows about it.
The whole situation was a little weird though. Since they didn’t release any details on how the flaw works we can only imagine, but they said that since this guy “claimed” the flaw there was no other way for someone else to do the same thing. I’m not quite sure what is meant by that but I hope my information is safe.