GMail vulnerability


Well, if you’re planning to give all your personal info to Google (i.e., store all your emails in GMail and have them indexed by Google), think again: the first user information disclosure vuln. has been found while this is still in the Beta.


OTOH, Google looks into this, anyway. Quoting Mr. McNealy: “You’ve got zero privacy anyway. Get over it.”


(Btw, you can fill my GMail inbox at frankpr@gmail.com … I’ve got 1000 MB of storage space to fill 🙂


Comments (6)

  1. Anon says:


    Surely that’s the whole point of a Beta, that problem WON’T be in the released version.

  2. FrankPr says:

    You’re probably right, not THAT problem…

  3. Mike says:

    I can’t find anyone to give me a Gmail invite so nobody will be filling up my inbox

  4. I am using Gmail for last 2 months and i never have any issue . Gmail invitations are hashed with the recipient First /Last names . just you need to have the invitation hashing url .

    I dont think this is a serious problem as In the Gmail invitation you never give complete details other than First /Last name . whats the big deal with that ?

    Any thing i m missing here ?

  5. FrankPr says:

    Raveendran: Sure getting s.o.’s first, last, and user name is not a big security hole – yet. It can be seen as some kind of "proof of concept" that bigger exploits might be possible with the system that Google is installing. This should be seen as a serious warning sign. In the past, many big web-based email providers had nasty XSS vulnerabilities (Hotmail, Yahoo, e.g.), so GMail probably won’t be an exception (esp. since it’s gonna be a BIG target for hackers so lots of people will try to find holes – the reward being access to potentially ALL of s.o.’s email correspondence if they do as Google tells them, and never throw anything away).

Skip to main content