Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Corrects Gmail Security Flaw

Posted by Zonk on from the seekrit-communications dept.

0110011001110101 writes "Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into peoples Gmail accounts to read messages and pose as legitimate email users. Security researchers in Spain exposed a flaw in the way Google authenticates its users, allowing the breach in the system that counts more than 5 million users. The process for exploiting Gmail was posted to a hacker web site." From the article: "Google spokesperson Sonya Boralv said only users who supplied information to the hackers were potentially vulnerable. 'We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials,' Ms. Boralv said. 'Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues.'"

17 of 209 comments (clear)

  1. So hackers can't get in now... by Galius+Persnickety · · Score: 5, Funny

    So hackers can't get in now if I give them my credentials?

    1. Re:So hackers can't get in now... by z0idberg · · Score: 2, Funny

      no, silly. RTFA...they fixed it. So even if you do give them your credentials they still cant get in. Now thats what I call SECURITY!

    2. Re:So hackers can't get in now... by Anonymous Coward · · Score: 1, Funny

      ...and if you can login, you're clearly a hacker! Brilliant.

  2. Re:In preply to the torrent of dumbness.... by BushCheney08 · · Score: 4, Funny

    You forgot to post the link to the torrent

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  3. 1-2-3-4-5 by rolandog · · Score: 4, Funny

    That's amazing. I got the same combination on my luggage.

  4. Great news! by theSpaceCow · · Score: 3, Funny

    See, up until now, if you knowingly gave hackers your credentials, they'd be able to log on to your account with them. But now Google's refined their system to the point that even if you give out your personal information, hackers can't get in!

    It's really very simple. They simply cycle through every Google ad you've ever clicked on (to find potential phishers), geo-locate the IP trying to log on and cross-reference it to the "From" location in most of your Google Maps directions searches, attempt to visually identify you from any webcam pictures they may have cached, calculate the speed in which the username/password was typed in compared to the "keyboard profile" they have on file from all your searches, and compare the logon time to your typical usage times for GMail and Google Talk.

    Perfect security. At least, from everybody but Google.

    --
    I support the separation of oil and state.
  5. Re:A very timely fix unlike M$ by Red+Flayer · · Score: 2, Funny

    "a security researcher called ANELKAOS alerted the company to the problem"

    If someone named ANALCHAOS told me I had a bug, you bet I'd look into that right away.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  6. Re:Grammar Police by richdun · · Score: 2, Funny

    Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them.

    Uh, we have a 226 in progress: used "its" instead of "it's"

  7. Question by Anonymous Coward · · Score: 1, Funny

    I was wondering - is it possible to wash your clothes in a dishwasher ? I don't have a washing machine and this would make my life a lot easier.

    1. Re:Question by Woldry · · Score: 2, Funny

      No, you need a different Google hack for that.

      --
      How can a post be modded "overrated" or "underrated" when it hasn't been rated yet?
  8. Re:Grammar Police by MSantiago · · Score: 5, Funny
    "While the hacker website that published the exploit is safe from Criminal Prosecution, they may still get a visit from the Grammar Police Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them."


    Hate to do this to you, but when someone starts criticizing someone else's grammar, they'd better use proper grammar, punctuation, spelling, and capitalization in their own posts.

    For starters, "Criminal Prosecution" isn't a proper noun and shouldn't be capitalized. Also, "its" is not being used in its possessive form. Rather, it's a contraction of "it is" and should contain an apostrophe. Lastly, "spanish" must be capitalized.
  9. Google fix by spurtle15 · · Score: 5, Funny

    FTFA

    "We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials," Ms. Boralv said. "Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues."

    Fix:

    From: Google
    To: Gmail users
    Subject: Security Bug

    To all Gmail users:

    Please do not give out your user name and password.

    Thank you. That is all.

  10. Re:wait a minute by 93+Escort+Wagon · · Score: 2, Funny

    The site says Google fixed the problem on October 18, four days after a security researcher called ANELKAOS alerted the company to the problem. Google didn't make a public announcement about the problem. Companies such as Microsoft typically alert their users to security flaws in their software.

    Huh? So apparently this person thinks all security holes in Windows are discovered on the second Tuesday of each month?

    Microsoft, like many companies, doesn't disclose most security holes until it has patched them. When they are really severe, they will sometimes disclose them as soon as they have a work-around. But I can't recall Microsoft ever saying "hey, someone just reported this bad security hole - good luck to you!"

    --
    #DeleteChrome
  11. not real haXors by Anonymous Coward · · Score: 1, Funny

    if they were the article would be like this:

    1N7R0DUC710N

    7h15 bu6 h45 4|r34dy b33n c0rr3c73d, 7h47'5 why 17'5 b33n pub|15h3d.

    1n 7h15 m4nu4| y0u w1|| 533 573p by 573p h0w 70 3xp|017 6m41|'5 vu|n3r4b1|17y, 7h47 64v3 y0u 4cc355 70 4ny 4cc0un7, r3p0r73d by 4n3|k405, ...

    ds

  12. Re:A very timely fix unlike M$ by Anonymous Coward · · Score: 1, Funny

    Welcome to Slashdot, user 929871! Glad to see you've already learned to appeal to the group think around here. Just throw around random accusations without anything to back them up, even completely ridiculous ones, like that MS gets angry because of bug postings. Nevermind that MS actually invites hackers to their campus to demonstrate exploits these days.

    Oh, and be certain to continue spelling "MS" with a dollar sign. It makes you appear more intelligent, mature and well-balanced in your judgement.

    Again, user 929871, welcome to Slashdot. You'll feel right at home.

  13. You're kidding!! by tomcres · · Score: 2, Funny
    Gee, I hope that no one was able to see that I store my SS#, CC#, and username/passwords for every site that I use. This could really be bad! The last time I checked, this was Beta software anyway, and if it was a concern, realize that most people weren't concerned when they got google eyed for a 2GB account. Get serious, who in the their right mind would send sensitive information over e-mail anyway???

    Up until today, I was including that info in my sig!!

  14. Re:Grammar Police by Anonymous Coward · · Score: 1, Funny

    And to continue the trend... I hate to do this to you, but the last comma in your sentence should be a semicolon (and moved outside the single quotes).

    And to jump in and continue this even further, that semicolon should be a period, and kept inside of the quotation marks. A semicolon is used for contrasting two ideas. For example:

    "Jim was sure of himself; however, he couldn't help feeling oddly out of place."