uh, that’s not exactly true - i just ate a wicked lotta snickers for halloween…but given all of the other bad elGoog press, would this news surprise you? i just read that elGoog fixed a serious gmail security flaw…did you even know that it was broken? as elGoog prepares to take over the world of personal web services through lightweight apps and utilities (like gmail), perhaps we all oughta spend a little more time thinking about how evil people will stalk the ‘don’t be evil’ company…for those of you with the attention span of ‘big boss‘ (world’s smallest dog), here’s an issue recap..

gmail ain’t safe: for starters, there’s the gmail incident (first reported last week by israeli site nana news)… “A major security hole in Google’s mail service….allows the hacker to “snatch” the victims cookie file (a file planted in the victim’s computer used to identify him) using a seemingly innocent link (which directs to Gmail’s site itself). Once stolen, this cookie file allows the hacker to identify himself as the victim, without the need of a password. Even if the victim does change his password afterwards, it will be to no avail.” (did i mention that one of my gmail accounts has already been spoofed??)

…and elGoog desktop has been compromised: sw developer jim ley tried to tell elGoog about his discovery, but they ignored him…so he explained it through examples on his blog recently and again in spooky detail…basic idea is that a script insertion flaw within elGoog that he found a while ago can be used to make phishing even easier (he uses the example of a fraudulent elGoog subscription service)…

…and the mind behind hackaday discussed another way to hack into elGoog desktop using a desktop proxy so that you can access the app from another machine…scary indeed…the walkthrough is at project computing, with full detail…

…and of course, the privacy concerns: elGoog desktop does allow for one to opt out of sending back usage data, though it is supposed to be damned near impossible to completely firewall it…david burns, ceo of copernic said it best, “‘Stick your hand up if you want Google to know what pictures you have, and what MP3 files you have“….

…and this privacy issue extends to gmail again: gmail automatically scans message content to determine the relevance of ads - and this puts it at odds with the law..long version of legal discussion can be reviewed through CA senate filings ….and for those of you with the attention span of a short version, “California Penal Code, Section 631…a crime to “by means of any machine, instrument, or contrivance, or in any other manner, … willfully and without the consent of all parties to the communication, … learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or [to] use, or attempt to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained.”

..oh, and the stock price and current company valuation scare the shit out of me too…reminds me of the late 90’s, when people day traded, didn’t understand “churn,” and still listened to the wallflowers and felt bad that the kid had to live in the shadow of his uber-influential dad

Powered by Gregarious (21)

Share This

Some similar nonsense, if you like that kind of thing:

    None Found

Links that were in this post, but only if there were any: