Hole plugged now, apparently...
By Robert Lemos
Published: 13 January 2005 09:40 GMT
A problem with Google's email service, Gmail, let any user query the company's servers for information on the last message sent, two programmers announced on Wednesday.
The programmers, part of a community site dedicated to the Unix-like FreeBSD operating system, found that an improperly formatted address allowed Gmail users to retrieve the message body of the last HTML-formatted email processed by the server.
The two programmers stated in their write-up of the problem: "The result is a compromise of the privacy of communications over Gmail. Message content and address information are easily - if somewhat randomly - available to unintended recipients."
Google acknowledged the problem on Wednesday and said it had been fixed. It is unclear how long the glitch lasted.
The problem became apparent when an email message sent by the programmers left off a ">" from the end of a recipient's address. The result: Google's server sent back seemingly random information that the hackers realised was information from someone else's email message.
A source at the company said on Wednesday that Google acknowledged the problem and had fixed it by the end of the day. Since the problem originated in the application on the company's servers, the fix immediately plugged the leak for all users, the source said.
The search giant has increasingly had to deal with security flaws because its popularity has security researchers looking more closely at the firm's products. Worms have used Google's search engine to find potentially vulnerable hosts on the internet, and flaws in the company's desktop search program left computers that ran the software open to attack.
Google's free email service, Gmail, was launched last April and has quickly gained a large following. While the system is technically still in beta, many users have begun to rely on it.
However, because most of Google's services run on the company's own servers rather than on software installed on users' systems, fixes for security problems can be deployed quickly.
Robert Lemos writes for CNET News.com.
Google is contemporarily the worst privacy-invadin...
yeah, like I give you my name
Integration Architect/Manager Websphere MQ,WMQ,WMB, Message Broker Location: London Salary: 50,000 - 70,000 Company: ANSON MCCADE Job type: Permanent ...
PHP Web Developer / PHP Programmer - Joomlaor Magento CMS - Google Accredited AgencySlough, BerkshireUp to 28,000We are one of Berkshire's leading ...
Clinical SAS Programmers Required with CDISC experience Please note: This role is a homebased opportunity and previous experience in SAS programming ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy