Major Google Web Accelerator Security Issue

By tajddin
in Site & Forum Issues

 Share

Recommended Posts

Rising Star

tajddin

Posted
Posted (edited)

I just logged into Neowin and notice that I had logged in as several neowin users. Every time I refreshed the page, the username changed, and I could access any portion of the site.

I was able to access their control panels and possibly even post (I did so to make sure that this was a security issue.)

It is still happening and I apologize if that has already been posted.

Edit:

This is a major Google Web Accelerator security issue:

http://news.zdnet.co.uk/internet/security/...39197327,00.htm

"I went to the Futuremark forums and noticed that I'm logged in as someone I don't know. Great, I've used Google's Web Accelerator for a couple of hours, visited lots of sites where I'm logged in. Now I wonder how many people used my cache. I understand it's a beta, sure, but something like that is totally unacceptable."

Edit 2:

Someone please modify the title of this thread. At the time of its posting, I hadn't realized it was a Google issue.

(MOD EDIT: changed the title now, hope that helps... DB)

Edited by dbfriends
Grand Master

mistical

Posted
Posted
I just realized: Could it be because of Google's Web Accelerator?

It is because of it. I'd highly recommend people stay away from this tool. I love Google but I don't like this tool at all, it's useless really and don't like what they are doing with it.

Here's SlashDot's discussion, http://slashdot.org/article.pl?sid=05/05/0...&tid=217&tid=95 and also SomethingAwful, which I do not visit but got passed the link also has an article on Google's Web Accelerator that's a pretty good read, believe the links though are banned here on the forum though. So look for yourself if you want to read it.

Grand Master

mAcOdIn Veteran

Posted
  • Veteran
Posted

What could a mod do though? If it truly shares your cookies, the only way to combat it would be to disable cookies and make you sign in at all times.

The issue isn't with Neowin, cookies were designed to store your info for a site on your computer, if your cookie gets shared it's not the sites fault. You need to complain to google, not neowin.

Rising Star

tajddin

Posted
  • Author
Posted
What could a mod do though?  If it truly shares your cookies, the only way to combat it would be to disable cookies and make you sign in at all times.

The issue isn't with Neowin, cookies were designed to store your info for a site on your computer, if your cookie gets shared it's not the sites fault.  You need to complain to google, not neowin.

585880087[/snapback]

I think you need to understand that at the time of the first posting, I did not know it was Google!

This should be posted on the front page.

Grand Master

morficus

Posted
Posted
I think you need to understand that at the time of the first posting, I did not know it was Google!

This should be posted on the front page.

585880093[/snapback]

Agree :yes:

this is a HUGE issue.

this info should also be passed on to other forums as an attempt to avoid this stuff from happening.

Grand Master

mAcOdIn Veteran

Posted
  • Veteran
Posted

Considering how big the issue really is, I have a hard time seeing how it was ever greenlighted at all.

The interaction between a cookie and web page has been a relative standard for the internet for years, heck I think the idea's over 10 years old, and to make a tool that basically throws that out of the window was downright irresponsible of google.

I know it's beta, I know it's not for the mainstream and is basically damn near hidden on thier site but, crap, what was going through thier heads?

The person who came up with this idea should never be allowed to work on any network related program ever again, this is the worst judgement I've ever seen a company make on the internet.

Rising Star

tajddin

Posted
  • Author
Posted
Considering how big the issue really is, I have a hard time seeing how it was ever greenlighted at all.

The interaction between a cookie and web page has been a relative standard for the internet for years, heck I think the idea's over 10 years old, and to make a tool that basically throws that out of the window was downright irresponsible of google.

I know it's beta, I know it's not for the mainstream and is basically damn near hidden on thier site but, crap, what was going through thier heads?

The person who came up with this idea should never be allowed to work on any network related program ever again, this is the worst judgement I've ever seen a company make on the internet.

585880169[/snapback]

Very well said. As a software developer myself, I cannot comprehend how such a major issue would afflict a public beta. It's completely unacceptable.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By haxasaur · Posted

      That stupid annoying Sign in with Google on all these sites now... get the fk outta here
    • Cuktech 10 Ultra charger review: big display, four ports, 110W total power

      By Elliot B. · Posted

      I was just being silly based on David Uzondu's comment ☺️
    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By rseiler · Posted

      The unified inbox, when it arrives, will be a powerful argument for those who have > 1.
    • Politically funny images of the World

      By +primortal · Posted

    • Fan Control V269

      By Copernic · Posted

      Fan Control V269 by Razvan Serea Fan Control is a powerful and versatile portable utility that allows you to monitor, control and customize the fans of your GPU and CPU to keep your machine cool and running smoothly. Fan Control supports a wide range of devices and hardware configurations, giving you complete control over your computer's cooling system. Fan Control backend is mainly based on LibreHardwareMonitor, an open source fork of the original OpenHardwareMonitor. This means that hardware compatiblity is entirely open for anyone to contribute, and doesn't rely on a single developer who may stop caring at some point. Combined with the plugin system, Fan Control is unlocked for many generations of hardware to come. Main features Guided setup process on first launch Save, edit and load multiple profiles Change the theme and color of the application. Multiple temperature sources ( CPU, GPU, motherboard, hard drives... ) Multiple fan curve functions, including a custom graph Mix fan curves or sensor togethers (max, min, average) Low resource usage Advanced tuning with steps, start %, stop %, response time and hysteresis FanControl V269 changelog: Allow only 1 service client at a time App title no longer show the full path Add service retry policy by default Fix pre-pairing issue between control and speed cards Fix a bug with ADLX % (duty) reporting Download: FanControl V269 | Installer ~20.0 MB (Open Source) View: Fan Control Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Collaborator
      Asgardi earned a badge
      Collaborator
    • Conversation Starter
      mobandz earned a badge
      Conversation Starter
    • Apprentice
      fernan99 went up a rank
      Apprentice
    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      469
    2. 2
      PsYcHoKiLLa
      243
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      73
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!