Google fixes Gmail bug

Google said it has fixed a bug in its web-based Gmail e-mail service that allowed users to read the contents of other people's...

Google said it has fixed a bug in its web-based Gmail e-mail service that allowed users to read the contents of other people's messages.

Unix community website HBX Networks said the bug was discovered when some of its members sent out a newsletter to themselves as a test before sending it out to everyone.

The HBX site reports, "Gmail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages, destined for other people, will appear with the test messages in the attacker's inbox. Sometimes, this information could include usernames and passwords."

When the test e-mail arrived in their inboxes, the "Reply To" field in the e-mail header that Gmail displayed contained HTML code, which was the message body of another person's e-mail message.

Google said it corrected the problem, linked to certain characters inserted in the "from" field, soon after it was brought to its attention.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Operating systems software

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close