Major Google Web Accelerator Security Issue

By tajddin
in Site & Forum Issues

 Share

Recommended Posts

Rookie

duerra

Posted
Posted

The bug sounds a lot worse than it is. You're not logged in as anybody, it's simply the cached page that you're seeing. You cannot perform actions as the user that you may see:

http://news.com.com/Google+speed+bump+draw..._3-5698447.html

And no - you don't have to worry about your banking information or anything like that being seen by anybody. Banking is always done over HTTPS, and google couldn't see that stuff even if they wanted to.

Collaborator

nickg78

Posted
Posted
Where are the "ill follow Google into hell" fans now? i dont really buy this researchware stuff, spyware with a friendly name.

well Google made a bad bobo, they will fix it but broadband should be fast enough without it, do you really need it? you were fine before it

585884442[/snapback]

I couldn't agree more. :yes:

I was curious to see this so called speed improvement, so I installed it on another computer only for 15 minutes. It said that there was 1 second of speed improvement within 15 minutes of browsing. :woot:

Improvement of 1 second, but all your cookies and personal data exposed to other people. Does it worth? :no:

Rookie

duerra

Posted
Posted

Not only that, but if programmers designed their applications properly, there wouldn't be any problems anyway. Google's WA uses standard HTTP headers to determine the status of whether a page can be served from cache or should be retrieved again. If somebody's privacy is somehow exposed, it ultimately *is* a bug that the host application should address by properly sending the Cache-Control HTTP headers, including the last-updated status of the page.

Veteran

Makeshift Hammer

Posted
Posted
Why are people installing this anyway? Do people on broadband really need more speed? I agree that this is a HUGE bug, but come on, these web accelerators never do what they claim.

585882031[/snapback]

Agreed. If, and only IF it speeded things up, the speed would be so negligable that any memory/resources the app used were being wasted. Maybe Google Inc. are testing the waters to see how dumb people really are, and what crap they'll voluntarily install on their systems. :p

Grand Master

shockz

Posted
Posted
It really appears that absolutely nobody has read that this isn't as big of an issue as the users in this thread have made it out to be....

585886386[/snapback]

What do you mean.

I've seen screenshots of peoples PM's being read... via the cache.

This is defiantely a bigger issue then your playing it down to be.

Rookie

duerra

Posted
Posted
Their sessions might not be stolen... but I've seen screenshots of cached PM inboxes, with their PM's viewable.

585887696[/snapback]

*nod* The programmers should fix their applications, then. It's not Google's fault if web applications aren't following standard HTTP protocols.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • LibreWolf 151.0.3-1

      By Copernic · Posted

      LibreWolf 151.0.3-1 by Razvan Serea LibreWolf is an independent “fork” of Firefox, with the primary goals of privacy security and user freedom. It is the community run successor to LibreFox. LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. LibreWolf features: Latest Firefox — LibreWolf is compiled directly from the latest build of Firefox Stable. You will have the the latest features, and security updates. Independent Build — LibreWolf uses a build independent of Firefox and has its own settings, profile folder and installation path. As a result, it can be installed alongside Firefox or any other browser. No phoning home — Embedded server links and other calling home functions are removed. In other words, minimal background connections by default. User settings updates Extensions firewall: limit internet access for extensions. Multi-platform (Windows/Linux/Mac/and soon Android) Community-Driven Dark theme (classic and advanced) LibreWolf privacy features: Delete cookies and website data on close. Include only privacy respecting search engines like DuckDuckGo and Searx. Include uBlockOrigin with custom default filter lists, and Tracking Protection in strict mode, to block trackers and ads. Strip tracking elements from URLs, both natively and through uBO. Enable dFPI, also known as Total Cookie Protection. Enable RFP which is part of the Tor Uplift project. RFP is considered the best in class anti-fingerprinting solution, and its goal is to make users look the same and cover as many metrics as possible, in an effort to block fingerprinting techniques. Always display user language as en-US to websites, in order to protect the language used in the browser and in the OS. Disable WebGL, as it is a strong fingerprinting vector. Prevent access to the location services of the OS, and use Mozilla's location API instead of Google's API. Limit ICE candidates generation to a single interface when sharing video or audio during a videoconference. Force DNS and WebRTC inside the proxy, when one is being used. Trim cross-origin referrers, so that they don't include the full URI. Disable link prefetching and speculative connections. Disable disk cache and clear temporary files on close. Disable form autofill. Disable search and form history...and more. LibreWolf 151.0.3-1 changelog: Upstream release, see the Firefox 151.0.3 Release Notes Notable changes: Clears the preference toolkit.winRegisterApplicationRestart, which may otherwise trigger an upstream bug on Windows (librewolf/issues#3056) Download: LibreWolf 64-bit | Portable 64-bit | ~100.0 MB (Open Source) Download: ARM64 | Portable ARM64 Links: LibreWolf Home Page | Addons | Screenshot | Reddit Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Apple reluctantly forces strict new age checks on Texas users starting today

      By excalpius · Posted

      Unsurprisingly, there's what the law says and what the old white wealthy males legally enforce...
    • [NEWS] Over 105000 games are available to play on Linux.

      By Circaflex · Posted

      Or anything online that requires an anti-cheat
    • Here is the new Surface Laptop Ultra wallpaper in high resolution

      By FunkyMike · Posted

      Gf needed a new Surface and was looking at a Surface Laptop because of the Snapdragon. Seeing as it was a two year old chip she just decided to get a Lenovo Yoga 2 in 1 instead. Personally this Surface Ultra Cassis reminds me a bit of Razor. It would be interesting if it could handle proper gaming and be 17 inch.
    • [NEWS] Over 105000 games are available to play on Linux.

      By Case_f · Posted

      No idea, frankly, I'm not into minimum requirements gaming, but it would be an interesting test to find out. Also, I just have to point out that it wasn't my intention to downplay the performance of DXVK on Linux or Linux gaming in general (despite my own experience being a bit of a mixed bag). I just thought it would be good to point out that DXVK is not Linux exclusive and that you can benefit from using it even in Windows.

  • Recent Achievements

    • Apprentice
      fernan99 went up a rank
      Apprentice
    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      480
    2. 2
      PsYcHoKiLLa
      247
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      78
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!