Wednesday, July 07, 2004

Gmail Exploit

Just to sour the news of my previous post, Broadband Reports carries news of a potential Gmail exploit that may cause user information to be disclosed.

A lengthy description of the exploit can be found here, but basically:

A remote user with a valid GMail invitation can determine information about another user attempting to register an account with the service, including the target user's first and last name and the target user's desired GMail account username.

Additionally, Broadband Reports notes this problem (the link takes you to a list of about 500 Gmail registration pages that include executed addresses).

To be honest, neither of these problems seem to be that big of a deal.  For those of you that are super upset by this, perhaps you should have read the license agreement.  If that doesn't do it for you, ever time you log in you will notice that the Gmail service is still in beta.  If you're still upset, don't use it.

No comments: