NYCPHP Meetup

[nycphp-talk] [OT] Gmail security issue - avoid Froogle for a while?

inforequest 1j0lkq002 at sneakemail.com
Mon Jan 17 14:48:29 EST 2005


Keith Richardson keithjr-at-gmail.com |nyphp dev/internal group use| wrote:

>hmm link is down... do you have a recap of what it said?
>
>
>On Sat, 15 Jan 2005 01:15:01 -0500, inforequest
><1j0lkq002 at sneakemail.com> wrote:
>  
>
>>Looks like a Froogle link can grab your personal info and access to
>>Google services data...
>>
>>http://www.aviransplace.com/index.php/archives/2005/01/13/serious-flaw-in-froogle-reveals-gmail-accounts/
>>    
>>

For clarity, there are reports it has been fixed (unconfirmed byme).

The original report is here (in Hebrew)
http://www.ynet.co.il/NonReg/Ext/App/Billing/BillingRegistration/CdaRegBill_RegScreen1_SubsDetails/1,,,00.html?CG=US&HU=/articles/0,7340,L-3031962,00.html
A second flaw fixed by google on the same day (but not the same issue) 
is here:
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,98920,00.html
The slashdot coverage is here:
http://slashdot.org/article.pl?sid=05/01/12/1655246

Since you are reading this via gmail, why doesn't google detect the 
context and insert a nice big banner ad that says "Froogle has been 
fixed! Gmail is safe! Be Happy!"... since they CAN.
(well, that's what I would do if I worked there)

-=john andrews







More information about the talk mailing list