Gmail Messages Are Vulnerable To Interception

Michael Wally writes "GMail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages destined for other people, will appear with the test messages, in the attacker's inbox. Sometimes, this information may include usernames and passwords... Do you use GMail? Are your communications private? Should they be? Well, here's what we figured out about the issue, that may or may not help you - or perhaps GMail, if anyone can get ahold of their developers, to tell them about it." Update: 01/12 22:21 GMT by T : Good news for Gmail users; those malformed messages are no longer being accepted; read below for a message from Chris DiBona.

chrisd writes "Just so you know, at 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous emails that had this problem will also no longer will be accessible. If you don't mind, I'd like to take the time to remind Slashdot readers that they can send bugs that may have a security aspect into security@google.com. If they like, they should feel free to cc me at cdibona@google.com. We appreciate your patience and we're sorry about the bug."

Re:Security Category in Gmail Bugs List?

Wow, security by obscurity is not hot stuff on /.!

Who would have thought we'd live to see the day.

How transparently biased can you get?

"Slashdot Darling" == "Can do no wrong even if they ate your pets"

"Slashdot Enemy" == "Could do no right even if they gave everyone in the world a free computer, a copy of all software ever made and a million bucks."

Re:Security Category in Gmail Bugs List?

[dioscaido]

Security by obscurity is no security at all.

woah!

[northcat]

Is this the second or third security hole in gmail? All this in a fucking email service!! Google is turning out to be as bad as (or worse than) MS.