homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Google / Google Gmail Advertising
Forum Library, Charter, Moderator: open

Google Gmail Advertising Forum

This 38 message thread spans 2 pages: 38 ( [1] 2 > >     
GMail security flaw...
Blogger finds security flaw in GMail, but its not unique...

 1:19 pm on Apr 27, 2004 (gmt 0)

Very interesting. I hope they fix this. Apparently if you click the lost password screen and can correctly answer the "security question" (which the user picks) this happens:

...I'm immediately presented with the option of resetting the password. Input a new password twice, click submit and voilą: I'm in charge of another person's account.

The author points out that if users were to simply choose a more obscure security question, one that is impossible to find out, then this flaw would be erased. But he criticizes google for allowing a password reset without first sending out an email.

Just checked, and google@gmail.com's security question is "What is Google's most important property, besides search, in 2008". Guess they got the memo eh?

Read more here: [bradlands.com ]



 1:43 pm on Apr 27, 2004 (gmt 0)

This is fun!

admin@gmail.com - "Who is the coolest software engineer at Google?"

(I dunno, Sergey?)

test@gmail.com "How many software engineers work at google?"

(I tried 1-15. Didn't work. )

sergey@gmail.com "What is your library card number? "

I also tried one of my friends emails, who used his mother's maiden name as his security question. Ugh

Geesh, for a big company, they have no idea of security. I'm not using gmail. I've got no confidence in them now.


 1:43 pm on Apr 27, 2004 (gmt 0)

I wouldn't consider this a security flaw ... I mean really, that's like saying if someone knows your password and uses it to log in it's a security flaw? Come on. You have 3 responsibilities when you register for a website:

(1) Pick a password that no one will guess
(2) Don't FORGET your password, stupid
(3) If you DO forget your password, pick a security question/answer no one will guess.

I mean really, that's what they are THERE for? Why is everyone so anti-Google all of a sudden?


 1:45 pm on Apr 27, 2004 (gmt 0)

I don't have to read about everyone getting offered accounts anymore - I've gotten 10 in the last 25 minutes!


 2:22 pm on Apr 27, 2004 (gmt 0)

This is crazy. It's going to go on national press and G better get their PR team ready.


 2:44 pm on Apr 27, 2004 (gmt 0)

Q ) who wants a one gig mail account more than Digitalv..?

A)no one ....


 3:43 pm on Apr 27, 2004 (gmt 0)

digitalv - I agree with you, its the user's fault really.. BUT.. I agree with the author that Google should require an additional email challenge before letting the user/intruder totally reset the password. I mean its one thing to GUESS a password but at this point you've been given a clue :).

As far as being anti-google, (which I am not), the author addresses this in his most recent post (which is worth a read as well): [bradlands.com ]

In that post he points out that hotmail (and others) also have similar problems!


 7:37 pm on Apr 27, 2004 (gmt 0)

Hotmail, PayPal, pretty much everyone that asks a security question/answer routine has this problem.

Remember, in most cases the first step is to e-mail your password to you. Security Q/A is often used when the e-mail account they have stored for you is not available, in which case they need another question to verify your identity.

My point is that Google is being singled out here. It has nothing to do with whether I "want gmail" for myself or not - which I openly admit that I do - it's about the right to do what the F you want on the Internet.

I don't want the government to start regulating the Internet because then it will be just like everything else in this country: started as a good thing and the liberals and democrats F'd it up by trying to control it. Seriously. To me, the Gmail issue is STRICTLY political - if people allow legislation in this area, we are giving our respective governments permission to MAKE DECISIONS FOR US instead of letting us make our own. I don't want that ... why the heck do you?


 7:48 pm on Apr 27, 2004 (gmt 0)

Looks like they fixed the flaw then!

Reset password ¦ enter word ¦ Get this message:
We have sent an email with instructions on how to reset your password to your google.com email address.

To initiate the process of resetting your password, please access your email and follow the instructions provided.

HELLO! I LOST MY PASSWORD! So, I'll log into my account and change it, shall I? Hm...


 1:52 am on Apr 28, 2004 (gmt 0)

I tried 1-101 inclusive on that test email. I was really bored, anyone want to continue where I left off?



 2:29 pm on Apr 28, 2004 (gmt 0)

digitalv- Yep, I agree, GMail *is* being singled out here by this weblogger.

Security Q/A is often used when the e-mail account they have stored for you is not available

Indeed. I've seen it all over the net as you have. However it seems Google must now think (as I do) that password resets should only be allowed after an email challenge, as Sanenet has pointed out that they've changed their system to operate in this manner.

And while I'm responding to your post, I'm curious as to why you started a tangent on Government regulation of the internet, when did I or anyone else bring that up?


 9:19 pm on Apr 28, 2004 (gmt 0)

And while I'm responding to your post, I'm curious as to why you started a tangent on Government regulation of the internet, when did I or anyone else bring that up?

Have you read any other GMail-related threads? People are nitpicking the crap out of Google over Gmail - just like in this thread. Pretty much everything they're whining about is also done by every e-mail provider out there, yet no one says a word about Hotmail or Yahoo doing the same thing. The government control issue is because some morons are actually trying to get LAWS passed to stop the launch of Gmail, which is just stupid. Take a look around at some of the other threads. In particular the "28 civil liberty organizations" thread.


 10:27 pm on Apr 28, 2004 (gmt 0)

Yes, but Digitalv, let's please keep party affiliations out of this. As you really ought to know, the Democrats hardly have a monopoly on actual and attempted government intervention when it comes to technology issues. The fact that the moron senator who authored the anti-Gmail bill happens to be a Democrat is no more relevant than the fact that many senators who support draconian DRM or "protect the children from evil on the Internet" crap and similar stuff are often Republicans.

This is a GOVERNMENT problem. Not a Democrat or Republican problem. Thanks for recognizing this :)


 11:04 pm on Apr 28, 2004 (gmt 0)

digitalv- thanks for clearing that up. I thought I had accidentally pressed your buttons without meaning to :).

Your totally right, Google is getting all this hate and scrutiny just because of who they are. If people don't like what Google is doing with gmail then they should simply NOT USE IT, am I right?

I think that in the back of peoples minds they remember Microsoft. I think that, for the most part, most of the backlash we are witnessing is because people fear that Google could "go there".

Personally I think that Google is, in its current state atleast, extremely vunerable- if people stop liking Google then they can just as easily start using another search engine-- the web seamlessly routes around things it doesn't like. Overnight Google could lose its entire user base if people just chose not to use them. Of course Google recognizes this and thats why they've started services like Gmail and that friendster clone of theirs to help make Google stickier and reduce that risk.

All in all its sad to hear the reports that Google is suprised by the negative reactions to gmail-- As a Google fan, I had hoped that they would have thought of that scenario or atleast have anticpiated it more so that they would not have been "surpised" as they have said.

Now ... where's my account?! :)

(edit)ThatAdamGuy - took the words right out of my mouth. Thank you.(/edit)


 2:37 am on Apr 29, 2004 (gmt 0)


Al Gore would beg to differ. He's the father of the Internet, remember? :) hehehehe.

Although I guess I have to admit, John McCain was the guy who pushed for that stupid "do not spam" list (like the "do not call" list) and he's a republican. I guess I should clarify ... the democrats listen to every cry-baby minority or special interest group and leap into action to kiss their ass, however stupid their request may be. The republicans come up with the stupid requests on their own. :p

Either way, the U.S. Government made their lack of understanding of the Internet crystal clear when they proposed the do not spam bill. I certainly don't want those clowns making decisions on who I can use as an e-mail provider. If people keep whining about Google, eventually a government slap down is going to occour and then we all lose.


 2:43 am on Apr 29, 2004 (gmt 0)

digitalv to return to somewhere we both were recently but now finding the situation has completely inverted itself.

Mark A finds he is unable to respond on reading the last post from digitalv

His head has just exploded :-)


 11:29 am on Apr 29, 2004 (gmt 0)

Mark_A ..your inbox is full so I cant get back to you ....

Digitalv.....sorry guy but I've got to say it ...

Whilst I certainly am direct if not brusque ..and your tone has changed in the "28 " forum ...

I find your tone on the whole offensive....and "schoolyardish"...if you talk like this off fora you must pick up many bruises ...

and BTW the "internet is not the "property" of the USA and its citizens" ...

I am pro USA in almost all things but your posts are totally dismissive of the thought of all those outside of the USA ....


 2:06 pm on Apr 29, 2004 (gmt 0)


Actually my thoughts are inclusive of those outside of the USA - my point is that the United States government should have no "rights" over the Internet, yet for some reason they think they do. Legislation that regulates, bans, or otherwise tries to control Google (or ANY site on the Internet) is something I am strongly against. If that shows in the "tone" of my messages, GOOD - then I am conveying the message I want to. Yes, I would (and often do) make the same statements in real life.

Sorry you're "offended" by that, but I'm tired of "political correctness" and don't wish to participate in it. That's the beauty of the Internet ... we can say what we want and there is nothing either of us can do to stop the other :P


 3:03 pm on Apr 29, 2004 (gmt 0)

I just use some random answer to the question all the time. I am sure I will never forget my password anyways :). I use something of this sort:


Good luck guessing that.


 3:18 pm on Apr 29, 2004 (gmt 0)

digitalv ...no.. its the way you have chosen to express your views I find offensive ..I and others can disagree with you ..what is tiresome is that you insult and rant at those who do so ...

As to your point that you are thinking of those outside the USA ..your posts with the exception of your last one in reply to me speak for themselves ...not one mention of those outside the USA..

As has been mentioned by others on your side of the water you've even brought your politics into it ...

It's the tone of posts like those that make other people quit fora all over the net ...


 3:36 pm on Apr 29, 2004 (gmt 0)

I and others can disagree with you ..what is tiresome is that you insult and rant at those who do so ...

... and that's different from what you've done how?

Honestly I don't even know what your real complaint with me is? My whole point is that the U.S. Government shouldn't have the right to shut down GMail because a few bonehead U.S. Citizens don't like it. Google is a U.S. based company, so technically they would fall under U.S. Law and what overseas countries think about the decision really doesn't make a difference unless Google goes and sets up shop over there.

But that's not really the point, is it? All along I've been saying how the government SHOULD NOT have the right to shut down or change GMail. How is that "against" the rest of the world? If anything, it's FOR the rest of the world ... I mean here I am, a U.S. citizen, saying that my government shouldn't have the right to control the Internet. I would think you would agree with me - which you seem to - yet you're arguing anyway?

You're not making much sense.


 4:41 pm on Apr 29, 2004 (gmt 0)

au contraire :-) digitalv :-)

You are actually both making perfect and reasonable sense in your argumentative positions that have also been made identially by each of the very opposite ends of every normal electrical battery :-) from their very point of invention.

The argument is actually a mere distraction.

One of you is taking the positive and the other the negative points of view on this tiny electron level detail raised by the bigger and equally distracting issue of Gmail and even Google its very self.

That very polarity, while it continues in itself, would likely ensure an enduring controversy possibly without end, continuing excitement which is in the very nature of the agitation of electricity itself except when acted on by external and internal forces of various types.

You are both right in the sense of the electron.

You are both right in the sense of the raw assumptions that have to be implicit for the essence of computer binary arithmatic to function at all.

However to argue that this same binary logic applies directly to human issues and thinking is also to argue a lot of other things indeed and this is where constant distraction is found and spread so that the essential question can remain hidden whilst being in plain view as obvious as the nose on your face yet at the same time as invisible currently to the naked eye as the furthest planet in outer space.

Moderators I hope you can follow that line of reasoning, believe please or at least humour me in my belief that it is totally on topic.

Unless that is you can positively prove the contrary.

Mark A :-)


 4:47 pm on Apr 29, 2004 (gmt 0)


Umm ... ok :P What does that have to do with what I was talking about? I was addressing this comment specifically:

and BTW the "internet is not the "property" of the USA and its citizens" ...

I am pro USA in almost all things but your posts are totally dismissive of the thought of all those outside of the USA ....

I'm saying I don't understand what made him draw that conclusion when clearly my opinion is that the U.S. government should NOT be controlling the Internet.


 5:22 pm on Apr 29, 2004 (gmt 0)

I caution those of you casually hitting whatevah@gmail.com and trying to guess the security question's answer that you are quite seriously breaking the law. You can be prosecuted.

It is unfortunate but due in large part to the ignorance of all of us to the impact that regulations like DMCA and Patiot Act have on our society, they were passed and are now enforceable laws. Companies that have nothing to do with International terrorism have been using them to prosecute people who compete with them commercially... or hinder them, or just plain p*ss them off; many have been successful.

If you try to access a gmail account like that you are breaking several federal laws, no matter how innocent your intent.


 5:27 pm on Apr 29, 2004 (gmt 0)

...That's the beauty of the Internet ... we can say what we want and there is nothing either of us can do to stop the other :P

Oh how incorrect this statement is!

I find it interesting, digitalv, that in one forum you are an advocate of freedoms such as here, and in another you are aggressively defending Gmail despite it's leadership position on the frontier of modern personal privacy invasion.

I for one am hopeful that G has assigned its brainpower to addressing the privacy issues raised... If any company can demonstrate a good technological solution that preserves privacy it would be Google, and the world would most certainly benefit from that leadership.


 7:39 pm on Apr 29, 2004 (gmt 0)


Actually it's a very correct statement. Again I'm confused by your response though, how can you consider my posts in the other forum contradictory to this one? In some posts I said EXACTLY the same thing word for word.

I defend Google's right to run their system the way they want and that no government or other organization should have the right to tell them what to do.

I cannot understand how you could POSSIBLY have confused that. Why are you still posting anyway? If you're going to insult me, PAY ATTENTION to what I'm saying and base your insults on something I said - not something you imagined or didn't read thoroughly.


 4:39 am on Apr 30, 2004 (gmt 0)

digitalv its hard to answer your question specifically!

There are lots of agendas in here and the questions are multiple if we read these threads.

They quickly start to boil down to:

encryption1 (from one language into the mediums)
transmission (into medium)
medium - noise interference distraction speed time
reception1 (from medium)
encryption2 (into my language)
meaning (derived from the above)

And that was the start of the process from the first idea at G perhaps or perhaps from rather before that.

Sorry thats all I think I need to say at this stage.

hth and all the best to you



 4:20 pm on Apr 30, 2004 (gmt 0)

I cannot understand how you could POSSIBLY have confused that. Why are you still posting anyway? If you're going to insult me, PAY ATTENTION to what I'm saying and base your insults on something I said - not something you imagined or didn't read thoroughly.

I was referring to your mention that we can say whatever we want on the Internet (which implies that we enjoy our free speech rights) while you argue elsewhere that Gmail is not a privacy violation (when it infringes on our rigths to privacy, which inhibits our ability to utilize any free speech rights we may have).

Don't worry if you don't understand this. I won't be ofended if you do not reply.


 6:23 pm on Apr 30, 2004 (gmt 0)

paybacksa I do think I know what you are trying to say. And that is not to send an offence or intend any to digitalv.

I hope digitalv you do not take any offence from the last, or this message.

Perhaps I Mark_A might ask one question of you digitalv at this point?

It does not seem much to ask.
The least I could do.
A moment of your time.

Do either of these last comments offend you?

Please answer only yes or no.

It is a closed question, there can be only two answers as I think you know.



 11:04 pm on Apr 30, 2004 (gmt 0)


No, I'm not offended at all... and even if I thought your posts were a slam or an insult it wouldn't bother me anyway, it's just a forum :P

Payback, I see what you're trying to say - I just don't agree with it. Whether something is private or not does not inhibit your right to free speech. By definition, "free speech" means you don't NEED to make your statements private - you can make them publicly.

Free speech grants you the right to say what you want publicly OR privately. Even if I were to agree that GMail violates privacy laws (which I don't - but lets say I did), I don't see why you think making private information public infringes on free speech. It may infringe on your right to privacy - when that right is applicable - but it doesn't infringe on your right to free speech.

The thought of what you say potentially going public may change whether you WANT to say it or not, but it doesn't revoke the RIGHT to say it that free speech grants you.

This 38 message thread spans 2 pages: 38 ( [1] 2 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / Google / Google Gmail Advertising
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved