Home :: Newsletters :: RSS Feeds :: About Us :: Advertise     
The Industry Standard News and Analysis for the Internet Economy
NEWS
METRICS
BLOGS
JOBS
EVENTS
        Internet News for Internet Business Monday, 04th of April, 2005   

  TOPICS
Technology
Media
Money
Politics
Opinion and Blogs


  Newsletter/RSS
Sign up today for the daily email newsletter:

Internet News
Metrics
Blogs
Jobs
Events
Trackback
What is this?


  BLOGS
Denise Howell
JD Lasica
Esme Vos
Scott Rafer
Ross Mayfield
Doc Searls
Seth Godin
Ashlee Vance
Matt McAlister
Tom Hespos
Mark Jones
Jen Muehlbauer
Cringe Worthy
Mark Frauenfelder
Declan McCullagh
Julene Snyder
Mark Glaser
Rafat Ali
Thomas Goetz
Mike Butcher
Jimmy Guterman

>> RSS Feed



  Archive

June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Recent Entries:
Few details in eBay's Shopping.com plans
Skype, VOIP handsets on show at Computex
Microsoft plans mobile e-mail push upgrade
EBay buys Shopping.com for $620 million
New .xxx domain will be reserved for porn



Previous Story: Steve Case looks back on AOL's turbulent history
Next Story: WiMax vendors creep ahead, look to mobility

Google patches Gmail security hole
By Matthew Broersma, Techworld

Google has fixed a bug in its Web-based e-mail service, Gmail, that allowed users to read the contents of other people's messages.

HBX Networks, a Unix community group, discovered the bug while testing a Perl script intended to automate sending batches of newsletters. Messages sent to the group's own e-mail address contained HTML code in the "Reply To" field, and this code turned out to be the message body of other users' e-mail messages.

The problem appears to be caused by a missing ">" character in the formatting of the "From" fields generated by the group's Perl script. "This, apparently, was enough to get GMail to provide us with some portion of someone else's messages," HBX members wrote in their analysis on Wednesday.

They speculated that the missing character caused Google's application to read other data into this buffer - a message that had been sent recently, for example. In at least one case, the intercepted e-mail contained username and password information, the group said.

"Regardless of the specific failure, the result is a compromise of the privacy of communications over Gmail," the group wrote. "Message content and address information are easily - if somewhat randomly - available to unintended recipients."

Google said the problem was fixed on Wednesday, shortly after the HBX Networks report appeared. "At 10:15am PST mails with the problematic formatting as described in your previous story stopped being accepted into Gmail. Previous e-mails that had this problem will also no longer will be accessible. We appreciate your patience and we're sorry about the bug," said Chris DiBona, Google's open source programme manager, in an e-mail to the tech discussion site Slashdot. He urged users to report security bugs to security@google.com.

HBX expressed concern that other such bugs might exist. "The appearance of this issue, at the user level, probably indicates a failure in GMail's code review and/or quality assurance standards, which may result in other, similar errors," the group wrote.

While it is technically still in beta-testing, Gmail has become one of the most popular Web-based e-mail services since its launch in April, and has begun to come under the same scrutiny as other Google services. Last month, for example, Google fixed a flaw with its desktop search that could have allowed hackers to search the contents of a PC.

Security problems are nothing new to Web e-mail. Last March, shortly before Gmail's launch, IT security firm GreyMagic Software demonstrated that scripts could be run in Hotmail and Yahoo's Web e-mail, bypassing scripting restrictions. Scripts embedded in e-mail messages could have been used to steal passwords or spread worms, researchers said. The problem has now been fixed.

Posted January 13, 2005 07:17 PM |



FREE Email Newsletter RSS Feeds
Sign up today for the
daily email newsletter:
Internet News
Metrics
Blogs
Jobs
Events
Trackback
What is this?





    ADDITIONAL RESOURCES:
    • Find reviews of digital cameras and download the latest graphics tools from PCWorld.
    • Astonish your colleagues with the latest technology news and trends from Computerworld.
    • Digital music that matters: chart-toppers and free audio files from Playlistmag.com.
    • Catch a daily glimpse behind the forces shaping the security business from CSOonline.com.
    • In-depth look at networking products, by Network World's team of independent reviewers.
    • Top reviews, analyses & evaluation of IT products by technology experts from InfoWorld.
    • Hot tech news with links to blogs and resources around the Internet on Lockergnome.

    MORE INTERNET NEWS LINKS


Home :: Newsletters :: RSS Feeds :: About TheStandard :: Advertise    
Copyright © 2004, TheStandard.com :: Terms and Conditions :: Privacy Policy