Third-Party Gmail Application Highlights Google Security Worries
Thomas Claburn writes on InformationWeek:
On Friday, Coding Horror, a popular blog run by programmer Jeff Atwood, published allegations that a Windows shareware application for archiving Gmail messages called G-Archiver steals users' Gmail login details.More here.
The allegations were made by Dustin Brooks, a .Net programmer with a database management company based in the Midwest.
In a phone interview, Brooks confirmed that he had used a programming analysis tool called Reflector to review the application's source code and found that the program's author had hard-coded the e-mail address email@example.com into the code, along with the password to the account.
As Brooks explained in an e-mail to Atwood, "Having just entered my own information I became concerned. I opened up a browser and logged in to Gmail using his account information. It still worked. Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine."