Gmail Messages Are Vulnerable To Interception

Michael Wally writes "GMail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages destined for other people, will appear with the test messages, in the attacker's inbox. Sometimes, this information may include usernames and passwords... Do you use GMail? Are your communications private? Should they be? Well, here's what we figured out about the issue, that may or may not help you - or perhaps GMail, if anyone can get ahold of their developers, to tell them about it." Update: 01/12 22:21 GMT by T : Good news for Gmail users; those malformed messages are no longer being accepted; read below for a message from Chris DiBona.

chrisd writes "Just so you know, at 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous emails that had this problem will also no longer will be accessible. If you don't mind, I'd like to take the time to remind Slashdot readers that they can send bugs that may have a security aspect into security@google.com. If they like, they should feel free to cc me at cdibona@google.com. We appreciate your patience and we're sorry about the bug."

Wow

[bperkins]

Did any of this "left over" information happen to be spurious commas?

Re:Wow

[TedCheshireAcad]

,,,, no, ret,u,rn to yo,ur work. ,,
,do,not,,worry abou,t t,he com,mas.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Well hey..

[sinner0423]

Google = best & brightest, right?

I mean, their aptitude tests & hiring policies makes me believe they've got a few nobel prize winners working there..

Shouldn't they be able to fix this during lunch break?

Re:Well hey..

I mean, their aptitude tests & hiring policies makes me believe they've got a few nobel prize winners working there..

Yes, but they are busy playing with colored balls and rolling around on Segway-scooters.

The real work is done by 4$/h student-workers.

This is no lie, believe me.

Re:One Key Word

Next up on Slashdot: the Google apologists vs. the Apple apologists in a brown nose-off...

end of the world is coming!!

[jxyama]

headless $500 Mac and $99 iPod...

now Google messes up...

with all the natural disasters happening, i cannot think of a good reason why the world wouldn't end the day after tomorrow.

Re:Are you communications private?

[American+AC+in+Paris]

I don't even know where to start with this one!!!!>

Simple.

All you communications are belong to them.

Re:Security Category in Gmail Bugs List?

#include

Re:Are you communications private?

Are you communications private?

I don't even know where to start with this one!!!! Editors? You out there???

He's talking to the communications. Example:

"Are you guys ready?"
"Are you folks hungry?"

Yawn...

[revery]

I already read about this in a newsletter that I received in the "Reply To" field of an email.

--
Was it the sheep climbing onto the altar, or the cattle lowing to be slain,
or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.

Re:A Darker Shade of Grey Hat

[cakestick]

Sorry to bother you, Microsoft. It won't happen again.

Re:Security Category in Gmail Bugs List?

1:44: std/security_through_obscurity.h: No such file or directory

or rather

[apparently]

#include <std/security_through_obscurity_rant.h hey moms, it's big poppa here! be looking to fly with you 2nite an' get a little stank on mah hanglow, dig-it?! It's gonna be a <B

need invite

Please send an gmail invite. the last one got intercepted...

Did anyone else see this?

[Lank]

At the bottom of TFA:

Screen Capture #5
Jack Rabbit Vibrator Features

This message describes the features of one "Jack Rabbit Vibrator," a 7.5" Multi-Speed toy of sorts.

What are the odds of finding that?

You Win An Award

[rho]

Most Humorously Appropriate Usage of the Word "Festoon" In A Slashdot Post.