Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Google Security - Quickly fixes GMAIL email address harvesting issue

Google quickly resolved this unauthorized email harvesting issue.  As it strives to better compete with Facebook, security and privacy are always important design considerations as Google continues to bundle numerous services in it's portal for the "one stop" shopping.

Whoa, Google, That’s A Pretty Big Security Hole:
http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/

Facebook would probably just consider this a feature, but the rest of us will definitely consider this a big security hole. The creator of a security website emailed us this morning to explain. If you’re already logged in to any Google account (Gmail, etc.), and visit that site, he’s harvested your Google email. And proves it by emailing you immediately.

ISSUE RESOVLED: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”