Site Admin
Joined: 06 Jul 2007
Posts: 129
Location: india
|
|
A serious flaw has been discovered in Google's free email service
allowing hackers to steal users' entire contact lists.
To exploit the flaw, the hacker would add a piece of code to their
website server, which in turn gave them access to the Gmail contacts
of passing browsers, so long as they were also signed in to their
Gmail account in another window.
The hacker could then add the stolen contacts to an email spam
database, or sell them to other spammers.
Gmail, the third most popular free web-based email service, has been
embraced by both personal and business users alike, largely because it
allows for easy access to messages from any computer worldwide.
Google's security team appeared to have fixed the flaw within hours,
but various subsequent reports suggested the fix didn't address the
full extent of the issue.
Further, it is understood that spammers were exploiting the security
hole for quite some time before it was discovered.
The simplest way to avoid being exposed is to sign out of Gmail when
it is not in use.
News of the flaw came just days after another, separate Gmail security
issue was revealed. From late December, some Gmail users - 60,
according to Google - logged in to their accounts to find all of their
emails and contacts had been automatically deleted.
User complaints soon flooded Google's Gmail support discussion board,
but some of the lost data could not be retrieved.
Google was then forced to work with each affected user to help them
restore their messages from any personal backups they may have made.
But it is not just Gmail security flaws that have been detrimental to
Google's goodwill leading into 2007. It has also been accused of
monopolistic behaviour, through listing its own products at the very
top of search results for terms such as "calendar", "blog" and "photo
sharing".
This practice is shared with other internet search providers such as
Yahoo and Ask, but Google's actions in particular have caught the ire
of internet users who expect the company to live up to its idealistic
corporate motto - "Don't be evil".
Most notably, Blake Ross, a co-founder of the Firefox web browser,
last week criticised Google in his blog, suggesting it had lost its
moral compass.
Matt Cutts, head of Google's webspam team, responded to Mr Ross'
claims on his own blog. Surprisingly, he agreed with many of Mr Ross'
conclusions.
"I'd remove these tips or scale them way back by making sure that they
are very relevant and targeted," Mr Cutts wrote.
Google also came under fire last month when it was accused of
manipulating the results of its top 10 search term list, published yearly.
Google later clarified that the list was compiled based on changes in
the most popular searches on a year-to-year basis. Generic and
offensive terms were not included.
Technology industry commentators have suggested that, when combined,
the relatively minor issues could have a profound effect on Google's
public perception, which has remained largely untainted since the
company's inception.
"This subtle shift in public attitude could signal a tidal wave of
negativity down the road," said Michael Arrington, author of the
popular TechCrunch blog. |
_________________
Avinash
|
|
