http://www.smh.com.au/news/security/glitches-dent-confidence-in-googles-offerings/2007/01/02/1167500103904.html By Asher Moses January 2, 2007 A serious flaw is discovered in Google's free email service allowing hackers to steal users' entire contact lists. To exploit the flaw, the hacker would add a piece of code to their website server, which in turn gave them access to the Gmail contacts of passing browsers, so long as they were also signed in to their Gmail account in another window. The hacker could then add the stolen contacts to an email spam database, or sell them to other spammers. Gmail, the third most popular free web-based email service, has been embraced by both personal and business users alike, largely because it allows for easy access to messages from any computer worldwide. Google's security team appeared to have fixed the flaw within hours, but various subsequent reports suggested the fix didn't address the full extent of the issue. Further, it is understood that spammers were exploiting the security hole for quite some time before it was discovered. The simplest way to avoid being exposed is to sign out of Gmail when it is not in use. News of the flaw came just days after another, separate Gmail security issue was revealed. From late December, some Gmail users - 60, according to Google - logged in to their accounts to find all of their emails and contacts had been automatically deleted. User complaints soon flooded Google's Gmail support discussion board, but some of the lost data could not be retrieved. Google was then forced to work with each affected user to help them restore their messages from any personal backups they may have made. But it is not just Gmail security flaws that have been detrimental to Google's goodwill leading into 2007. It has also been accused of monopolistic behaviour, through listing its own products at the very top of search results for terms such as "calendar", "blog" and "photo sharing". This practice is shared with other internet search providers such as Yahoo and Ask, but Google's actions in particular have caught the ire of internet users who expect the company to live up to its idealistic corporate motto - "Don't be evil". Most notably, Blake Ross, a co-founder of the Firefox web browser, last week criticised Google in his blog, suggesting it had lost its moral compass. Matt Cutts, head of Google's webspam team, responded to Mr Ross' claims on his own blog. Surprisingly, he agreed with many of Mr Ross' conclusions. "I'd remove these tips or scale them way back by making sure that they are very relevant and targeted," Mr Cutts wrote. Google also came under fire last month when it was accused of manipulating the results of its top 10 search term list, published yearly. Google later clarified that the list was compiled based on changes in the most popular searches on a year-to-year basis. Generic and offensive terms were not included. Technology industry commentators have suggested that, when combined, the relatively minor issues could have a profound effect on Google's public perception, which has remained largely untainted since the company's inception. "This subtle shift in public attitude could signal a tidal wave of negativity down the road," said Michael Arrington, author of the popular TechCrunch blog. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 02 2007 - 00:57:15 PST