Gmail flaw allows forwarding messages to attacker’s mailbox

by Bharat Suneja

As I sat watching a cool video put together by “Gmail fans” yesterday, reports of a flaw with Google’s popular web-based email service were beginning to appear. The flaw allows an attacker to create a filter to forward a victim’s messages to any email address specified by the attacker.

Scary stuff – Gmail is one of the email services I use.

More in “Gmail zero-day flaw allows attackers to steal messages” on InfoWorld.com.

Little over a week ago, Google Docs’ new Presentations feature, a would-be competitor for Microsoft PowerPoint, reportedly revealed email addresses of users collaborating/viewing a presentation. Not a very serious flaw, imo, but it had privacy experts concerned.

This is not as much about pointing out Google’s vulnerabilities, but more about realizing that web-based software, just like software that runs on your PCs or servers, can have vulnerabilities. Additionally, so can the infrastructure of web-based service providers.

I was recently notified by another web-based service provider that their databases were compromised, but they’re making sure no major damage is done (or some such verbiage that I can’t seem to recollect but didn’t make much sense at all when I read it). I should monitor my credit reports, it added further. Thanks, that makes me feel very comfortable. Where do I send the bill from the credit monitoring service?

The Gmail collaborative video wasn’t nearly as bad.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: