January 12, 2005 4:22 PM PST

Gmail glitch yields access to messages

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Google worm targets AOL, Yahoo
December 28, 2004; Google's search for security
December 22, 2004; Google: We've fixed desktop search tool flaw
December 20, 2004; Google to offer gigabyte of free e-mail
April 1, 2004

A problem with Google's e-mail service, Gmail, let any user query the company's servers for information on the last message sent, two hackers announced on Wednesday.

The programmers, part of a community site dedicated to the Unix-like FreeBSD operating system, found that an improperly formatted address allowed Gmail users to retrieve the message body of the last HTML-formatted e-mail processed by the server.

"The result is a compromise of the privacy of communications over Gmail," the two programmers stated in their write-up of the problem. "Message content and address information are easily--if somewhat randomly--available to unintended recipients."

Google acknowledged the problem Wednesday and said it had been fixed. It is unclear how long the glitch lasted.

The problem became apparent when an e-mail message sent by the programmers left off a ">" from the end of a recipient's address. The result: Google's server sent back seemingly random information that the hackers realized was information from someone else's e-mail message.

Google acknowledged the problem and had fixed it by the end of the day, a source at the company said Wednesday. Since the problem originated in the application on the company's servers, the fix immediately plugged the leak for all users, the source said.

The search giant has increasingly had to deal with security flaws because its popularity has security researchers looking more closely at the firm's products. Worms have used Google's search engine to find potentially vulnerable hosts on the Internet, and flaws in the company's desktop search program left computers that ran the software open to attack.

Google's free e-mail bet, Gmail, was launched last April and has quickly gained a large following. While the system is technically still in beta, many users have begun to rely on it.

However, because most of Google's services run on the company's own servers rather than on software installed on users' systems, fixes for security problems can be deployed quickly.

See more CNET content tagged:
Gmail, glitch, Google Inc., programmer, message

Add a Comment (Log in or register) 2 comments

Gmail down as of 1-12-05 20:59
by January 12, 2005 5:59 PM PST: Guess it isn't fixed yet; Reply to this comment View reply
Processing

Latest tech news headlines

At 10 years old, whither Google?
Posted in News - Digital Media by CBS Interactive staff

September 6, 2008 10:15 AM PDT
Mozilla releases second Firefox 3.1 alpha
Posted in Webware by Renai LeMay

September 6, 2008 8:27 AM PDT
Chrome's JavaScript challenge to Silverlight
Posted in News - Business Tech by Suzanne Tindal

September 6, 2008 7:43 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' photos
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Outside the Lines
EIC Squared: Chrome, iPods, and a Dell-Salesforce union
On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
At 10 years old, whither Google?
Daniel Sieberg of CBS News looks at how the company grew exponentially from start-up to superstar and part of our culture, but what's ahead?
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
Mozilla releases second Firefox 3.1 alpha
Added features include support for a new video tag element introduced with the HTML 5 standard, along with some speed enhancements.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.