Teen Exposes Google Security Flaw, Partially Fixed Overnight

Acting very quickly, Google fixed the security hole on Jan. 1 after being notified of its existence on Dec. 30. According to reports online, however, the flaw was only partly corrected. The flaw can exploit, either via a website or by manually inserting code into a user's web browser, users who have logged into Gmail, Blogger or other Google services with their Google accounts. An attacker could potentially send malicious messages with viruses or malware to people on an exposed contact list.

The vulnerability was discovered by 16-year-old Haochi Chen of Columbus, Ohio. He was tinkering with an undocumented feature of the Google Video service that allows a user to e-mail videos to anyone in their Gmail contact list. According to Chen, Google responded to his alert within 30 hours after he reported the flaw to them. Google patched the problem on Monday morning. According to ZDNet's Googling Google blog, the vulnerability was "only partially fixed. The author of the blog, Garret Rogers wrote: "I recommend you log out of Gmail when you are not using it until the problems are solved."

View: Googling Google
News source: CBC News

Report a problem with article
Previous Story

Disney.com to Relaunch This Month

Next Story

Linux Group to Simplify Software Installation

10 Comments

Commenting is disabled on this article.

at least he wasn't crammed up with another million people trying to watch the london eye fireworks only to see some flashes in the sky because a building was blocking the view! (and on the 1st waking up early to study for exams )

So, Soon as a gmail user will we be expecting "Monthly Security Flaw fixed report - google security bulletein - Feb 2007"... :P