Tuesday, January 02, 2007

google's security flaws

Gmail's security flaw has bugged me quite a lot. I find gmail opening
even if I close a browser without logging out. Moreover, I use google
browser sync. Using this, you can synchronize the many browsers across
many computers you keep using. I found that if I log into my office
machine, some one accessing my home machine can also log-in into my
google accounts although I log out of it at home.
Now, people have been able to find a easy way of hacking your contact
information. Google tried to fix it immediately, but the problem still
exists after having been reported more than 24 hours ago. They tried
to do some quick fix, but people are still reporting flaws:
http://harshdeep.wordpress.com/

I am sure by now, many spam sites would have used this flaw to get
some mails. Although people may perceive contact list as less
vulnerable, I find it a huge security risk. I use a number of unique
e-mail IDs for blogging, sending data to some sites which are as
critical as passwords.

Just going on the below mentioned site using firefox after logging
into gmail will show you your contact list:
http://docs.google.com/data/contacts?out=xml&show=ALL&psort=Affinity&callback=google&max=99999

It's good that this flaw has been exposed. I can now hope that the
security issues will be dealt with strongly by the google team,
although it may come up as a pain since at present, by logging into
one of google's product, you can automatically get into other sites.
But security must be given adequate importance.


--


--

No comments: