Google Blogoscoped

Saturday, October 30, 2004

Gmail Vulnerable

Several sources point to a Gmail security problem announced at Israeli news site Nana.

“When approached, Google admitted to the security flaw. Google also assured us that this matter is being resolved, and that “the company will go to any length to protect its users” (...)

In order not to further jeopardize mail boxes’ owners, we will only disclose that the process is based upon a security breach in the service’s identity authentication. It allows the hacker to “snatch” the victims cookie file (...) using a seemingly innocent link (which directs to Gmail’s site itself). Once stolen, this cookie file allows the hacker to identify himself as the victim, without the need of a password.”

Until Google fixed the problem, security expert Ofer Elzam in the article suggests to not store any messages or files in Gmail that might be maliciously used. AimlessWords points out we are looking at an XSS (cross-side scripting) exploit here and suggests to not check the “auto-login for 2 weeks” button to safeguard your account.

This might be related to a possible fix from Google: some people had to log-in again to Gmail this morning even though they had auto-login enabled.

AdWords Tutorial (Flash)

Straight from Google comes a demo [Flash] on Google AdWords bidding and ranking to “find out how Google determines the cost and ad position of your AdWords ads.”

Hidden Pictures

You probably know those old illustrations where a woman’s nose or a bearded man appeared in the shape of a wood if you search hard enough. Now B3ta points to this gallery of hidden images which take the same idea to the Photoshop age.

Google’s Halloween

The guys from Google’s Blogger wish Happy Halloween and dress up silly on that occasion. More Halloween photos can be found at the Google Blog post “Boo whoo?” from Friday (note the permalink to that post contains broken images).


Just see Froogle (currently in Halloween mode) for an extensive mullet wig gallery. [Thanks Justin F.]


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!