Google took just three hours to close a Gmail security hole
Google scrambles to plug Gmail hole
/v3-uk/news/1986855/google-scrambles-plug-gmail-hole
03 Mar 2006, Tom Sanders in California , V3
Google has plugged a vulnerability in its Gmail service that could allow an attacker to gather email addresses from a user's account and possibly gain access to the account.
A blogger by the name of 'Anthony', who claims on his blog to be 14 years old, accidentally stumbled on the flaw when he was mailing some JavaScript to his Gmail account from an outside email address.
When he opened the message in Gmail, the service executed the script. " Apparently JavaScript will run if it is within the preview of the message," Anthony wrote on his blog.
Google confirmed the vulnerability in an email to vnunet.com. "We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," wrote Google spokeswoman Sonya Borälv.
Google criticised the blogger for publicly disclosing details about the flaw before notifying the company.
"We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public," said Borälv.
The blog posting went up on Wednesday at around noon. Google had updated and patched its service about three hours later.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Fixed & gave guidance
I'm glad they pointed out fix first then go public. We are all lucky that this one could be fixed quickly.
Posted by Chaplain William Nichols, 03 Mar 2006
new problems?
Today 4th March, been unable to access gmail at all. Is the problem bigger than we thougt? Where can we get info?
Posted by Mister.nif, 04 Mar 2006
Yeah sure
So they want to point the blame at the kid. Google Fd up and they can't stand the heat. Minor problem, I know, but who cares he could have done whatever he wanted.
Posted by Daniel, 06 Mar 2006
Access to gmail account
I have cleaned my cache, I use Internet Explorer and McAfee Virus Scan only ,no
firewall settings.. I have contacted tech support 3 different times again, nothing has changed.. I cannot get my gmails and I am still getting the same message.. I hope someone
from tech support will see this and do something about it..I am not the only one having this problem as I have seen at nine other complaints at google help/support .
I use Google Tool Bar as well . on one advice I have set IExplorer to accept cookies/ads from mail.google &www.goolgle.com ,but all in vain .
On help/suppoert site I cannot fill/tick the form as it appears partially on my monitor so there is noway to get help. for 4 days I have been trying to access my gmail.Any help???
Posted by Nasim Raie, 17 May 2006