Google Corrects Gmail Security Flaw
0110011001110101 writes "Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into peoples Gmail accounts to read messages and pose as legitimate email users. Security researchers in Spain exposed a flaw in the way Google authenticates its users, allowing the breach in the system that counts more than 5 million users. The process for exploiting Gmail was posted to a hacker web site." From the article: "Google spokesperson Sonya Boralv said only users who supplied information to the hackers were potentially vulnerable. 'We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials,' Ms. Boralv said. 'Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues.'"
So hackers can't get in now if I give them my credentials?
You forgot to post the link to the torrent
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
That's amazing. I got the same combination on my luggage.
See, up until now, if you knowingly gave hackers your credentials, they'd be able to log on to your account with them. But now Google's refined their system to the point that even if you give out your personal information, hackers can't get in!
It's really very simple. They simply cycle through every Google ad you've ever clicked on (to find potential phishers), geo-locate the IP trying to log on and cross-reference it to the "From" location in most of your Google Maps directions searches, attempt to visually identify you from any webcam pictures they may have cached, calculate the speed in which the username/password was typed in compared to the "keyboard profile" they have on file from all your searches, and compare the logon time to your typical usage times for GMail and Google Talk.
Perfect security. At least, from everybody but Google.
I support the separation of oil and state.
"a security researcher called ANELKAOS alerted the company to the problem"
If someone named ANALCHAOS told me I had a bug, you bet I'd look into that right away.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them.
Uh, we have a 226 in progress: used "its" instead of "it's"
Hate to do this to you, but when someone starts criticizing someone else's grammar, they'd better use proper grammar, punctuation, spelling, and capitalization in their own posts.
For starters, "Criminal Prosecution" isn't a proper noun and shouldn't be capitalized. Also, "its" is not being used in its possessive form. Rather, it's a contraction of "it is" and should contain an apostrophe. Lastly, "spanish" must be capitalized.
FTFA
"We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials," Ms. Boralv said. "Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues."
Fix:
From: Google
To: Gmail users
Subject: Security Bug
To all Gmail users:
Please do not give out your user name and password.
Thank you. That is all.
The site says Google fixed the problem on October 18, four days after a security researcher called ANELKAOS alerted the company to the problem. Google didn't make a public announcement about the problem. Companies such as Microsoft typically alert their users to security flaws in their software.
Huh? So apparently this person thinks all security holes in Windows are discovered on the second Tuesday of each month?
Microsoft, like many companies, doesn't disclose most security holes until it has patched them. When they are really severe, they will sometimes disclose them as soon as they have a work-around. But I can't recall Microsoft ever saying "hey, someone just reported this bad security hole - good luck to you!"
#DeleteChrome
No, you need a different Google hack for that.
How can a post be modded "overrated" or "underrated" when it hasn't been rated yet?
Up until today, I was including that info in my sig!!