Comments on: Google Fixes Contact List Flaw http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/ Browser news, reviews and opinions Tue, 06 Jan 2009 08:28:28 +0000 http://wordpress.org/?v=2.0.4 by: More Gmail Drama at FreshBlogger http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4515 Tue, 02 Jan 2007 19:15:56 +0000 http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4515 [...] Some are reporting that Google has already responded with a fix to this issue. It sounds like they’ve reacted pretty quickly and put in a simple fix that will prevent most of the damage. Others have pointed out that there are still vulnerabilities in GMail that can be exploited by malicious hacks. [...] […] Some are reporting that Google has already responded with a fix to this issue. It sounds like they’ve reacted pretty quickly and put in a simple fix that will prevent most of the damage. Others have pointed out that there are still vulnerabilities in GMail that can be exploited by malicious hacks. […]

]]> by: Andrew http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4502 Tue, 02 Jan 2007 15:15:23 +0000 http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4502 Why hasn't this security flaw received more press coverage? Surf the net while logged in to Google and give your entire contact list to every web site (and its advertisers!) you visit. It's appalling. How many other web services have this problem? Are Yahoo Mail users vulnerable to a similar attack? Will Google let anyone know when they have put in place a REAL fix for this problem? I went through their help pages yesterday and submitted a request that they announce when they've fixed the problem. I doubt anyone will ever hear from them. Their arrogance is extraordinary and may ultimately bring them down. Why hasn’t this security flaw received more press coverage? Surf the net while logged in to Google and give your entire contact list to every web site (and its advertisers!) you visit. It’s appalling.

How many other web services have this problem? Are Yahoo Mail users vulnerable to a similar attack?

Will Google let anyone know when they have put in place a REAL fix for this problem? I went through their help pages yesterday and submitted a request that they announce when they’ve fixed the problem. I doubt anyone will ever hear from them. Their arrogance is extraordinary and may ultimately bring them down.

]]> by: Bob http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4492 Tue, 02 Jan 2007 14:24:50 +0000 http://browserden.co.uk/blog/2007/01/02/google-fixes-contact-list-flaw/#comment-4492 It seems fairly incompetent of Google to only partially fix this. The URL that generates this XML is the same as the one that did generate that JavaScript but with different parameters passed to it. This seems so unlike Google who usually hire some of the best engineering talent. It seems fairly incompetent of Google to only partially fix this. The URL that generates this XML is the same as the one that did generate that JavaScript but with different parameters passed to it. This seems so unlike Google who usually hire some of the best engineering talent.

]]>