Major Google Web Accelerator Security Issue

By tajddin
in Site & Forum Issues

 Share

Recommended Posts

Rookie

duerra

Posted
Posted

The bug sounds a lot worse than it is. You're not logged in as anybody, it's simply the cached page that you're seeing. You cannot perform actions as the user that you may see:

http://news.com.com/Google+speed+bump+draw..._3-5698447.html

And no - you don't have to worry about your banking information or anything like that being seen by anybody. Banking is always done over HTTPS, and google couldn't see that stuff even if they wanted to.

Collaborator

nickg78

Posted
Posted
Where are the "ill follow Google into hell" fans now? i dont really buy this researchware stuff, spyware with a friendly name.

well Google made a bad bobo, they will fix it but broadband should be fast enough without it, do you really need it? you were fine before it

585884442[/snapback]

I couldn't agree more. :yes:

I was curious to see this so called speed improvement, so I installed it on another computer only for 15 minutes. It said that there was 1 second of speed improvement within 15 minutes of browsing. :woot:

Improvement of 1 second, but all your cookies and personal data exposed to other people. Does it worth? :no:

Rookie

duerra

Posted
Posted

Not only that, but if programmers designed their applications properly, there wouldn't be any problems anyway. Google's WA uses standard HTTP headers to determine the status of whether a page can be served from cache or should be retrieved again. If somebody's privacy is somehow exposed, it ultimately *is* a bug that the host application should address by properly sending the Cache-Control HTTP headers, including the last-updated status of the page.

Veteran

Makeshift Hammer

Posted
Posted
Why are people installing this anyway? Do people on broadband really need more speed? I agree that this is a HUGE bug, but come on, these web accelerators never do what they claim.

585882031[/snapback]

Agreed. If, and only IF it speeded things up, the speed would be so negligable that any memory/resources the app used were being wasted. Maybe Google Inc. are testing the waters to see how dumb people really are, and what crap they'll voluntarily install on their systems. :p

Grand Master

shockz

Posted
Posted
It really appears that absolutely nobody has read that this isn't as big of an issue as the users in this thread have made it out to be....

585886386[/snapback]

What do you mean.

I've seen screenshots of peoples PM's being read... via the cache.

This is defiantely a bigger issue then your playing it down to be.

Rookie

duerra

Posted
Posted
Their sessions might not be stolen... but I've seen screenshots of cached PM inboxes, with their PM's viewable.

585887696[/snapback]

*nod* The programmers should fix their applications, then. It's not Google's fault if web applications aren't following standard HTTP protocols.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By AsherGZ · Posted

      I named Hitler because he is the de facto anti-semite. But you don't have to hate Jews to be a genocidal maniac. In fact, these days, so called semites are the ones acting in ways that would make Hitler proud.
    • 3DP Chip 26.05

      By Copernic · Posted

      3DP Chip 26.05 by Razvan Serea 3DP Chip is a standalone, no-install portable tool that scans your computer’s hardware and automatically detects the latest drivers available for your specific configuration and external devices. It provides a clear list of drivers that need updates, locates the correct downloads, and helps you upgrade them easily. 3DP Chip will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). Also, if you're upgrading your operating system or just need to reinstall Windows, 3DP Chip can backup all the drivers on your PC or laptop. 3DP Chip backup and reinstall features can save you hours of searching for and installing individual device drivers. 3DP Chip most popular drivers include: audio and sound drivers video drivers printer and scanner drivers digital camera drivers network drivers webcam drivers keyboard and mouse drivers 3DP Chip v26.05 changelog: Driver date/version information has been added or updated AMD motherboard chipset v8.03.25.247 AMD motherboard chipset v8.05.04.516 Newly added product or support has been enhanced AMD Radeon Graphics AMD Radeon 780M Graphics AMD Radeon 840M Graphics AMD Radeon 860M Graphics AMD Radeon 880M Graphics AMD Radeon RX 9070 XT AMD Radeon Pro W7500M NVIDIA GeForce RTX 3050 6GB Laptop GPU NVIDIA GeForce RTX 4050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5060 NVIDIA GeForce RTX 5070 Laptop GPU NVIDIA GeForce RTX 5070 Ti Laptop GPU NVIDIA RTX Pro 500 Blackwell Generation Laptop GPU NVIDIA RTX Pro 1000 Blackwell Generation Laptop GPU NVIDIA RTX Pro 2000 Blackwell Generation Laptop GPU Download: 3DP Chip 26.05 | 7.2 MB (Freeware) Links: 3DP Chip Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The official Funny Pictures thread

      By snowy owl · Posted

    • Apple reluctantly forces strict new age checks on Texas users starting today

      By zikalify · Posted

      Apple reluctantly forces strict new age checks on Texas users starting today by Paul Hill Apple will begin enforcing the Texas Age Assurance Law (SB 2420) following a recent court ruling that lifted an injunction on SB 2420. Starting June 4 (today), Apple will enforce strict age-verification and parental-consent rules for new Apple accounts created in Texas. This move will affect children under 18 who go to download apps or attempt to make in-app purchases. Apple previously expressed privacy concerns related to this law, but compliance is now mandatory for the company, nevertheless. Apple will use several APIs to follow the law. Principally, the Declared Age Range API will fetch the specific user age bracket (Under 13, 13-15, 16-17, or 18+) and a verification method. The Significant Change API (PermissionKit) will trigger a system dialog for parental consent if an app gets a major update or an age-rating shift. There is also a new property type in StoreKit that allows developers to automatically check when their app’s age rating has changed on a user’s device and then use the Significant Change API to request parental consent. Finally, App Store Server Notifications can be configured to tell developers when a parent revokes consent, blocking app launches. To ensure they are ready for these changes, developers must immediately use Apple’s sandbox testing environment to validate these APIs in their apps. For any developers out there finding this to be inconvenient, get used to it. Other regions, such as Utah, Louisiana, and Brazil, are looking at, or have implemented, similar rules.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Skyfrog
      72
    4. 4
      FloatingFatMan
      62
    5. 5
      neufuse
      54
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!