Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail Messages Are Vulnerable To Interception

Posted by timothy on from the top-men-are-working-on-it-top-men dept.

Michael Wally writes "GMail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages destined for other people, will appear with the test messages, in the attacker's inbox. Sometimes, this information may include usernames and passwords... Do you use GMail? Are your communications private? Should they be? Well, here's what we figured out about the issue, that may or may not help you - or perhaps GMail, if anyone can get ahold of their developers, to tell them about it." Update: 01/12 22:21 GMT by T : Good news for Gmail users; those malformed messages are no longer being accepted; read below for a message from Chris DiBona.

chrisd writes "Just so you know, at 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous emails that had this problem will also no longer will be accessible. If you don't mind, I'd like to take the time to remind Slashdot readers that they can send bugs that may have a security aspect into security@google.com. If they like, they should feel free to cc me at cdibona@google.com. We appreciate your patience and we're sorry about the bug."

12 of 460 comments (clear)

  1. Crap by Quasar1999 · · Score: 0, Offtopic

    What's the point... I can't get other people's GMAIL account/password info without already having a GMAIL account in the first place... And everyone knows, the goal is to get yourself a GMAIL account if you don't already have one... ;)

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:Crap by dolo666 · · Score: 0, Offtopic

      I've marked you as a friend previously. Email me and I'll send you an invite if you don't already have one! Although at this point I will have to stipulate that I take no responsibility for you using the system as a condition of you accepting my invite.

  2. Fp Fp by Anonymous Coward · · Score: -1, Offtopic

    Frosty Piss

  3. Communicating by drewzhrodague · · Score: 0, Offtopic

    It is difficult to communicate with a person at Google -- Hay, Google, Hire me, I'm interested in working there.

    --
    Zhrodague.net - I do projects and stuff too.
  4. What do you want for free? by msauve · · Score: -1, Offtopic

    Rubber biscuits?

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  5. Gmail Inivation Emails here by derphilipp · · Score: -1, Offtopic

    Whoever wants an gmail account shall post his email adress here. (Please post if someone sent somebody an invitation)

    --
    Spelling mistakes: My is english spoken not tongue of mother.
    1. Re:Gmail Inivation Emails here by Q-Branch · · Score: 0, Offtopic

      would love a gmail invite if anyone is feeling so generous. Thanks in advance. jumbotech@yahoo.com

    2. Re:Gmail Inivation Emails here by theguywhosaid · · Score: 0, Offtopic

      ive got some i want to get rid of too.

  6. ROTFLMAO by Anonymous Coward · · Score: -1, Offtopic

    Spelling Nazi.

  7. Don't wait 'till stable! by Tribbin · · Score: 0, Offtopic

    Because all good addresses will be taken by then!

    I made sure I got my tribbin@gmail.com.

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  8. Re:Broken XML by Anonymous Coward · · Score: -1, Offtopic

    Has Jesus answered you yet? Please do tell if "He" does.

  9. Yes, there is bias. by Duhavid · · Score: -1, Offtopic

    But...

    Microsoft is the company that goes around touting that they are a world class software development company. Not to mention that Microsoft, in my view, has earned the disaffect they generate here. They have done things that are illegal, that they knew full well were illegal, then did everything they could to skip out of being held accountable. ( Not you, nessesarily, but I should like to be spared the "corporations are only responsible to shareholders, they have to do anything they can to make money. I have a small company, lots of shareholders, it is not doing well, but I *can* stick up 7/11's without much fear of being caught, should I? No, I should not. Shareholders be dratted in this case... )

    If you are fine with how they act, then that is where you are at. Why do I have to be OK with it?

    But, I do agree that there are a great number of comments that bash Microsoft on issues where they have not earned it. That I would like to see stop, but I dont expect it too. Much like I dont expect those that race to Microsofts defence in equal measures of blindness to stop.

    PS: I dont really have a company, that was argumentation setup.....

    --
    emt 377 emt 4