Gmail Bug goes Undisclosed
Results 1 to 4 of 4

Thread: Gmail Bug goes Undisclosed

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    Gmail Bug goes Undisclosed

    Hey Hey,

    I just thought I'd toss this up here... It showed up in my inbox through DailyDave. This was the email

    http://www.elhacker.net/gmailbug/english_version.htm

    "Hey, your email could have been released to * and we didn't even bother to tell you"


    -dave
    So I visited the site and what I saw was quite scary... Every gmail account (regardless of password, or anything else) was available to those malicious malcontents out there... if they so desired to see what was inside them. The paper walks through one of three apparent methods for accessing other peoples accounts.. It was patched within 4 days of being reported but still... who knows if this was out there before then and google has not made an announcement regarding this... I find it a little disconcerting..

    Anyways.. enjoy.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    The label of beta indicates that this is still considered a flawed application and requires development. They don't have to tell you anything because they have the right to assume that the data being held on it is of no value. It should be assumed that bugfixes and changes are going to be made continually, therefore anything of importance shouldn't be held on Gmail for that reason.

    That'd be Google's argument... which of course is moot if I got an invitation for Gmail and have no clue what the word beta means.

  3. #3
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    At the end it says:
    OK, it's a Beta version, and they don't have to report anything. But if they would have recognized it and published a thank you note, this information wouldn't had been published. We have 3 ways to get to the same result, the others 2 are quite easier, and because of that easily we can deduce that it's a multibug, and a design error. With all these clues, they will not take too much to discover new methods.
    Who does he mean by "they"? The Gmail coders? Or people with malicious intent?

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    It means they as in google.... and I know that they're beta so they don't have to... If it was out of beta they'd have to report it... but still... that's not the point... This is a big thing to not announce even if you are in beta....

    I don't think it's really beta anymore..everyone uses it... it's more they are worried about things like this so they're leaving that beta title attached...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •