March 2, 2006 4:30 PM PST
Google fixes 'minor' Gmail flaw
- Related Stories
Google plugs 'obscure' phishing holesDecember 21, 2005
Google Desktop tweaked to block attackersDecember 6, 2005
Yahoo fixes Web mail security flawOctober 21, 2005
Google fixes Web site security bugOctober 10, 2005
Microsoft plugs phishing hole in Xbox siteMay 25, 2005
Gmail glitch yields access to messagesJanuary 12, 2005
The blogger, who claims to be a 14-year-old student, found the flaw when sending code from his Yahoo Web mail account to his Gmail account, he wrote on Wednesday. The Web log is hosted by Google's Blogger service.
Google fixed the flaw "very shortly after the initial blog post went up," a representative for the Mountain View, Calif., company said. "We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," the representative said.
Because the vulnerability was fixed quickly, it likely never was exploited in any attacks, the representative said. Still, Google would have preferred to have been alerted to the flaw privately, instead of via a public blog.
"We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public," the representative said.
Flaws in online services are found regularly. Last December, Google fixed a security hole in the mechanism it uses to generate error pages for forbidden redirects and pages that don't exist on the Google Web site. The flaw opened the door to phishing scams, account hijacks and other attacks.
4 commentsJoin the conversation! Add your comment