Wednesday, January 12, 2005

GMail vulnerability exposed :/ (AND FIXED)

UPDATE 2:18 EST 1/13/05: No, I can't promise that this is the last update. No, I don't have a life. Just got Google's reply (sent 12:37 AM) to my bug report concerning the fix. I can also read the test message I sent to myself (of which I got over 15 copies) without the "Oops..." message getting in my way. I thought I would continue getting them forever. I think Google's initial response was as I described below, blocking access to the emails until they could fix the problem for all users, but not wanting users to lose the mail, so they kept messages in the queue until they fixed the problem for good? Anyway, when you look at the message header as they show over at HBX, you still get to see the missing final >, but there's nothing else wrong with the email. I will report back about whether or not I keep getting those messages. [UPDATE 2:22 EST 1/13/05: I still do, but at least now I can make a filter for them :)]

UPDATE 10:00 PM EST 1/12/05: About 2.5 hours before I even read about the vulnerability, CNET said it had already been fixed. I feel stupid.

Re-live the insanity.

No comments:

Blog Archive