Tuesday, March 11, 2008

Third-Party Gmail Application Highlights Google Security Worries

Thomas Claburn writes on InformationWeek:

On Friday, Coding Horror, a popular blog run by programmer Jeff Atwood, published allegations that a Windows shareware application for archiving Gmail messages called G-Archiver steals users' Gmail login details.

The allegations were made by Dustin Brooks, a .Net programmer with a database management company based in the Midwest.

In a phone interview, Brooks confirmed that he had used a programming analysis tool called Reflector to review the application's source code and found that the program's author had hard-coded the e-mail address jterry79@gmail.com into the code, along with the password to the account.

As Brooks explained in an e-mail to Atwood, "Having just entered my own information I became concerned. I opened up a browser and logged in to Gmail using his account information. It still worked. Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine."

More here.


Post a Comment

<< Home