Slashdot Mirror


Google Corrects Gmail Security Flaw

0110011001110101 writes "Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into peoples Gmail accounts to read messages and pose as legitimate email users. Security researchers in Spain exposed a flaw in the way Google authenticates its users, allowing the breach in the system that counts more than 5 million users. The process for exploiting Gmail was posted to a hacker web site." From the article: "Google spokesperson Sonya Boralv said only users who supplied information to the hackers were potentially vulnerable. 'We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials,' Ms. Boralv said. 'Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues.'"

12 of 209 comments (clear)

  1. So hackers can't get in now... by Galius+Persnickety · · Score: 5, Funny

    So hackers can't get in now if I give them my credentials?

    1. Re:So hackers can't get in now... by z0idberg · · Score: 2, Funny

      no, silly. RTFA...they fixed it. So even if you do give them your credentials they still cant get in. Now thats what I call SECURITY!

  2. Re:In preply to the torrent of dumbness.... by BushCheney08 · · Score: 4, Funny

    You forgot to post the link to the torrent

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  3. 1-2-3-4-5 by rolandog · · Score: 4, Funny

    That's amazing. I got the same combination on my luggage.

  4. Great news! by theSpaceCow · · Score: 3, Funny

    See, up until now, if you knowingly gave hackers your credentials, they'd be able to log on to your account with them. But now Google's refined their system to the point that even if you give out your personal information, hackers can't get in!

    It's really very simple. They simply cycle through every Google ad you've ever clicked on (to find potential phishers), geo-locate the IP trying to log on and cross-reference it to the "From" location in most of your Google Maps directions searches, attempt to visually identify you from any webcam pictures they may have cached, calculate the speed in which the username/password was typed in compared to the "keyboard profile" they have on file from all your searches, and compare the logon time to your typical usage times for GMail and Google Talk.

    Perfect security. At least, from everybody but Google.

    --
    I support the separation of oil and state.
  5. Re:A very timely fix unlike M$ by Red+Flayer · · Score: 2, Funny

    "a security researcher called ANELKAOS alerted the company to the problem"

    If someone named ANALCHAOS told me I had a bug, you bet I'd look into that right away.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  6. Re:Grammar Police by richdun · · Score: 2, Funny

    Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them.

    Uh, we have a 226 in progress: used "its" instead of "it's"

  7. Re:Grammar Police by MSantiago · · Score: 5, Funny
    "While the hacker website that published the exploit is safe from Criminal Prosecution, they may still get a visit from the Grammar Police Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them."


    Hate to do this to you, but when someone starts criticizing someone else's grammar, they'd better use proper grammar, punctuation, spelling, and capitalization in their own posts.

    For starters, "Criminal Prosecution" isn't a proper noun and shouldn't be capitalized. Also, "its" is not being used in its possessive form. Rather, it's a contraction of "it is" and should contain an apostrophe. Lastly, "spanish" must be capitalized.
  8. Google fix by spurtle15 · · Score: 5, Funny

    FTFA

    "We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials," Ms. Boralv said. "Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues."

    Fix:

    From: Google
    To: Gmail users
    Subject: Security Bug

    To all Gmail users:

    Please do not give out your user name and password.

    Thank you. That is all.

  9. Re:wait a minute by 93+Escort+Wagon · · Score: 2, Funny

    The site says Google fixed the problem on October 18, four days after a security researcher called ANELKAOS alerted the company to the problem. Google didn't make a public announcement about the problem. Companies such as Microsoft typically alert their users to security flaws in their software.

    Huh? So apparently this person thinks all security holes in Windows are discovered on the second Tuesday of each month?

    Microsoft, like many companies, doesn't disclose most security holes until it has patched them. When they are really severe, they will sometimes disclose them as soon as they have a work-around. But I can't recall Microsoft ever saying "hey, someone just reported this bad security hole - good luck to you!"

    --
    #DeleteChrome
  10. Re:Question by Woldry · · Score: 2, Funny

    No, you need a different Google hack for that.

    --
    How can a post be modded "overrated" or "underrated" when it hasn't been rated yet?
  11. You're kidding!! by tomcres · · Score: 2, Funny
    Gee, I hope that no one was able to see that I store my SS#, CC#, and username/passwords for every site that I use. This could really be bad! The last time I checked, this was Beta software anyway, and if it was a concern, realize that most people weren't concerned when they got google eyed for a 2GB account. Get serious, who in the their right mind would send sensitive information over e-mail anyway???

    Up until today, I was including that info in my sig!!