Advertisement
Promo

Security threats Toolkit

Gmail flaw opens up access to emails

Published: 13 Jan 2005 08:30 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A problem with Google's email service, Gmail, let any user query the company's servers for information on the last message sent, two programmers announced on Wednesday.

The programmers, part of a community site dedicated to the Unix-like FreeBSD operating system, found that an improperly formatted address allowed Gmail users to retrieve the message body of the last HTML-formatted email processed by the server.

"The result is a compromise of the privacy of communications over Gmail," the two programmers stated in their write-up of the problem. "Message content and address information are easily -- if somewhat randomly -- available to unintended recipients."

Google acknowledged the problem on Wednesday and said it had been fixed. It is unclear how long the glitch lasted.

The problem became apparent when an email message sent by the programmers left off a ">" from the end of a recipient's address. The result: Google's server sent back seemingly random information that the hackers realised was information from someone else's email message.

Google acknowledged the problem and had fixed it by the end of the day, a source at the company said on Wednesday. Since the problem originated in the application on the company's servers, the fix immediately plugged the leak for all users, the source said.

The search giant has increasingly had to deal with security flaws because its popularity has security researchers looking more closely at the firm's products. Worms have used Google's search engine to find potentially vulnerable hosts on the Internet, and flaws in the company's desktop search program left computers that ran the software open to attack.

Google's free email service, Gmail, was launched last April and has quickly gained a large following. While the system is technically still in beta, many users have begun to rely on it.

However, because most of Google's services run on the company's own servers rather than on software installed on users' systems, fixes for security problems can be deployed quickly.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
82 out of 159 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters