Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Corrects Gmail Security Flaw

Posted by Zonk on from the seekrit-communications dept.

0110011001110101 writes "Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into peoples Gmail accounts to read messages and pose as legitimate email users. Security researchers in Spain exposed a flaw in the way Google authenticates its users, allowing the breach in the system that counts more than 5 million users. The process for exploiting Gmail was posted to a hacker web site." From the article: "Google spokesperson Sonya Boralv said only users who supplied information to the hackers were potentially vulnerable. 'We looked into this quickly and learned that it can only occur if a user knowingly provides their credentials,' Ms. Boralv said. 'Nevertheless, we have made some modifications to Gmail to help prevent these kinds of issues.'"

4 of 209 comments (clear)

  1. In preply to the torrent of dumbness.... by KinkoBlast · · Score: 3, Insightful

    Google does NOT read every email. It goes through a computerised filter to supply ads. No different than a spam filter. How come no one complains about Yahoo, MSN, and 99% of other email providers, free or not?

  2. A very timely fix unlike M$ by gasmonso · · Score: 3, Insightful
    "The site says Google fixed the problem on October 18, four days after a security researcher called ANELKAOS alerted the company to the problem."

    Say what you will about Google, but 4 days is fast. I think Microsoft takes weeks, if not months to fix problems. As a matter of fact, I bet there are vulnerabilities that are years old. Not to mention that M$ gets angry whenever a security group points out a bug.

    gasmonso http://religiousfreaks.com/
  3. And No Rollout Necessary by Anonymous Coward · · Score: 3, Insightful

    The good thing about this is that now, everyone benefits from the fixes. Instantly.

    No more issuing patches, fixes, service packs, or whatever, like there is with distributed packages.

  4. Re:Why doesn't this news make me feel any safer? by morgan_greywolf · · Score: 3, Insightful

    I completely disagree with EPIC's privacy analysis of Gmail's "content extraction" techniques.

    First off, whether the ECPA extends to Internet e-mail has NOT been established. The ECPA was written in 1986 and at that time, most people's idea of an 'e-mail' service involved CompuServe or other proprietary mail services.

    I doubt that anyone could have a reasonable expectation of privacy in regards to Internet e-mail. Mail can pass through so many servers and routers and such and ANY of those hosts along the way could grab your mail, which is, unless YOU encrypt it, pretty much transmitted in clear text, with very rare exceptions. Any of those hosts could store and analyze your mail, too. There's nothing stopping them. It's a direct result of the Internet's decentralized nature.

    Anyone who expects that unencrypted Internet e-mail is private is very sadly mistaken.

    --
    My blog