Gmail Messages Are Vulnerable To Interception

Michael Wally writes "GMail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages destined for other people, will appear with the test messages, in the attacker's inbox. Sometimes, this information may include usernames and passwords... Do you use GMail? Are your communications private? Should they be? Well, here's what we figured out about the issue, that may or may not help you - or perhaps GMail, if anyone can get ahold of their developers, to tell them about it." Update: 01/12 22:21 GMT by T : Good news for Gmail users; those malformed messages are no longer being accepted; read below for a message from Chris DiBona.

chrisd writes "Just so you know, at 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous emails that had this problem will also no longer will be accessible. If you don't mind, I'd like to take the time to remind Slashdot readers that they can send bugs that may have a security aspect into security@google.com. If they like, they should feel free to cc me at cdibona@google.com. We appreciate your patience and we're sorry about the bug."

Re:Security Category in Gmail Bugs List?

[Cromac]

the human programmer forgot to check for boundary conditions in the data interpretation.

The programmer may have forgotten to test it, but that's an absolute basic testing 101 test case that their QA department should have picked up in the first test pass.

Maybe Google should spend some of that PHD brain power on hiring some decent real world experienced testers and not just people fresh out of 10 years of advanced education.