G-Archiver Harvesting Google Mail Passwords

← Back to Stories (view on slashdot.org)

G-Archiver Harvesting Google Mail Passwords

Posted by kdawson on Tuesday March 11, 2008 @05:47AM from the change-password-now dept.

Thwomp writes "It appears that a popular Gmail backup utility, G-Archiver, has been harvesting users' Gmail passwords. This was discovered when a developer named Dustin Brooks took a look at the code using a decompiler. He discovered a Gmail account name and password embedded in the source code. Brooks logged in and found over 1,700 emails all with user account information — with his own at the top. According to a story in Informationweek, he deleted the emails, changed the account password, and notified Google. The creator of G-Archiver has pulled the software, stating that it was debug code and was unintentionally left in the product."

20 of 462 comments (clear)

Min score:

Reason:

Sort:

This is why I backup my Gmail with G-Archiver by Anonymous Coward · 2008-03-11 05:47 · Score: 5, Funny

Oh, wait...
1. Re:This is why I backup my Gmail with G-Archiver by infonography · 2008-03-11 07:53 · Score: 5, Funny
  
  Well he wrote it .Net, isn't that enough evidence of malicious intent?
  
  --
  Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
2. Re:This is why I backup my Gmail with G-Archiver by Sleepy · 2008-03-11 08:04 · Score: 4, Funny
  
  >For closed source software you're stuck trying arcane trickery like this guy did in order to find out when a program is spying on you.
  
  Arcane trickery to see what the code is doing?
  You've obviously never edited someone else's Perl...
Hmmm by Anonymous Coward · 2008-03-11 05:50 · Score: 5, Funny

he deleted the emails But did he make a backup first?
Caught by Itninja · 2008-03-11 05:53 · Score: 4, Funny

Looks like someone got caught with their pants down in the cookie jar. That's not nearly as hot as it sounds.

--
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
1. Re:Caught by Spy+der+Mann · 2008-03-11 07:17 · Score: 2, Funny
  
  It's probably more like "with their pants down" AND "in the cookie jar." Then it makes sense.
  
  Son, I think it's time we talk, man to man.
Re:Even the courts aren't this daft by WPIDalamar · 2008-03-11 05:55 · Score: 5, Funny

It only did send them to Gmail :)
Re:Debug, Sure by tristian_was_here · 2008-03-11 05:55 · Score: 5, Funny

I did something similar I once picked up the wrong keys yet when I went to take them back to the person I decided to let myself in and accidentally walked out with a new TV.
Re:Debug, Sure by Anonymous Coward · 2008-03-11 06:00 · Score: 5, Funny

Right. And I have a bridge I'd like to sell you too.

Why do you feel the need to hurt the reputation and business of us legitimate bridge sellers?!?
Re:Even the courts aren't this daft by Zordak · 2008-03-11 06:01 · Score: 5, Funny

This guy deserves to be prosecuted under anti-hacking statutes. Exactly. I mean, he was using a debugger! Doesn't he know that violates the DMCA? No doubt he'll be hearing from the G-Archiver lawyers AND the DoJ soon. It's time to show this clown that, in America, we don't put up with these kinds of shenanigans. And somebody call the copyright lobby. This is exactly the story they've been looking for to justify increasing the penalties for violating copyright to capital punishment.

--

Today's Sesame Street was brought to you by the number e.
Re:A-ha! by Roofus · 2008-03-11 06:05 · Score: 5, Funny

Yeah, I was logged into your account and noticed that too....very strange!
Re:Even the courts aren't this daft by Zordak · 2008-03-11 06:06 · Score: 2, Funny

Hmmm, maybe I should have used explicit sarcasm tags.

--

Today's Sesame Street was brought to you by the number e.
Re:Debug, Sure by countSudoku() · 2008-03-11 06:15 · Score: 2, Funny

And if he had nothing to hide, why was he trying to protect his password? People who use passwords are trying to hide something. I say leave open your accounts just in case the FBI or CIA need to check to make sure you're not a terroristo!!1!

--
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
Re:Debug, Sure by gEvil+(beta) · 2008-03-11 06:33 · Score: 4, Funny

oiling snakes I assume?

And who among us can honestly say they've never oiled their snake?

--
This guy's the limit!
Re:Debug, Sure by bcat24 · 2008-03-11 06:39 · Score: 4, Funny

And who among us can honestly say they've never oiled their snake?
Girls?
Re:Debug, Sure by Anonymous Coward · 2008-03-11 06:54 · Score: 0, Funny

Who AMONG US. You should read more carefully. :P
Re:Debug, Sure by pipatron · 2008-03-11 06:55 · Score: 4, Funny

And who among us can honestly say they've never oiled their snake? Girls?
He said us, that clearly excludes girls.

--
c++; /* this makes c bigger but returns the old value */
Re:Debug, Sure... Around 1999 I found this out by davidsyes · 2008-03-11 08:03 · Score: 2, Funny

Thanks!

I call:

- ms word ms blurb
- access abscess
- excel hexedcell
- x box hexed box
- outlook LOOKOUUUTTT!!!!
- powerpoint powerpointless

But, I'd have to say my faves are abscess and front phage...

--
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Re:Debug, Sure by DancesWithBlowTorch · 2008-03-11 08:43 · Score: 4, Funny

And who among us can honestly say they've never oiled their snake?
Girls?

Who?
Re:Wha?!? by XMyth · 2008-03-11 09:26 · Score: 2, Funny

I don't see where this is going.

So, to continue, why not just make the firewall check itself to make sure it checks if it has been modified?

What could the malware possibly do then?