Slashdot Mirror


Google Corrects Gmail Security Flaw

0110011001110101 writes "Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into peoples Gmail accounts to read messages and pose as legitimate email users. Security researchers in Spain exposed a flaw in the way Google authenticates its users, allowing the breach in the system that counts more than 5 million users. The process for exploiting Gmail was posted to a hacker web site." From the article: "Google spokesperson Sonya Boralv said only users who supplied information to the hackers were potentially vulnerable. 'We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials,' Ms. Boralv said. 'Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues.'"

6 of 209 comments (clear)

  1. So hackers can't get in now... by Galius+Persnickety · · Score: 5, Funny

    So hackers can't get in now if I give them my credentials?

  2. Re:In preply to the torrent of dumbness.... by BushCheney08 · · Score: 4, Funny

    You forgot to post the link to the torrent

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  3. 1-2-3-4-5 by rolandog · · Score: 4, Funny

    That's amazing. I got the same combination on my luggage.

  4. Great news! by theSpaceCow · · Score: 3, Funny

    See, up until now, if you knowingly gave hackers your credentials, they'd be able to log on to your account with them. But now Google's refined their system to the point that even if you give out your personal information, hackers can't get in!

    It's really very simple. They simply cycle through every Google ad you've ever clicked on (to find potential phishers), geo-locate the IP trying to log on and cross-reference it to the "From" location in most of your Google Maps directions searches, attempt to visually identify you from any webcam pictures they may have cached, calculate the speed in which the username/password was typed in compared to the "keyboard profile" they have on file from all your searches, and compare the logon time to your typical usage times for GMail and Google Talk.

    Perfect security. At least, from everybody but Google.

    --
    I support the separation of oil and state.
  5. Re:Grammar Police by MSantiago · · Score: 5, Funny
    "While the hacker website that published the exploit is safe from Criminal Prosecution, they may still get a visit from the Grammar Police Then again, its a spanish language site, so I give them kudos for finding someone whose English isn't terrible to write it up for them."


    Hate to do this to you, but when someone starts criticizing someone else's grammar, they'd better use proper grammar, punctuation, spelling, and capitalization in their own posts.

    For starters, "Criminal Prosecution" isn't a proper noun and shouldn't be capitalized. Also, "its" is not being used in its possessive form. Rather, it's a contraction of "it is" and should contain an apostrophe. Lastly, "spanish" must be capitalized.
  6. Google fix by spurtle15 · · Score: 5, Funny

    FTFA

    "We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials," Ms. Boralv said. "Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues."

    Fix:

    From: Google
    To: Gmail users
    Subject: Security Bug

    To all Gmail users:

    Please do not give out your user name and password.

    Thank you. That is all.