| This 38 message thread spans 2 pages: < < 38 ( 1  ) || |
|GMail security flaw...|
Blogger finds security flaw in GMail, but its not unique...
| 1:19 pm on Apr 27, 2004 (gmt 0)|
Very interesting. I hope they fix this. Apparently if you click the lost password screen and can correctly answer the "security question" (which the user picks) this happens:
|...I'm immediately presented with the option of resetting the password. Input a new password twice, click submit and voilą: I'm in charge of another person's account. |
The author points out that if users were to simply choose a more obscure security question, one that is impossible to find out, then this flaw would be erased. But he criticizes google for allowing a password reset without first sending out an email.
Just checked, and email@example.com's security question is "What is Google's most important property, besides search, in 2008". Guess they got the memo eh?
Read more here: [bradlands.com ]
| 12:04 am on May 1, 2004 (gmt 0)|
I'm sorry, I don't understand... This crap has what to do with security flaws in web-based email?
| 12:05 am on May 1, 2004 (gmt 0)|
Read Message #12 where I answered this question earlier... that's how we got on this subject.
| 12:28 am on May 1, 2004 (gmt 0)|
Yes, I've gone through the whole thread and still fail to see how talk of Democrats/Republicans screwing up America, government regulation and all the other pap specifically relates to security flaws in the password-resetting "feature" of major web-based email providers.
I want to read about security - or lack therefore - in Gmail, not about Al Gore being the father of the Internet.
Since I'm off-topic and have stepped in it, might as well get knee-deep: digitalv, you stike me as one of those folk who feels that their point becomes more valid the more & louder they yell. But, to your credit, you at least (now) recognize that there's more to the world than America - on the behalf of roughly 6 billion people, thanks.
Two off-topic posts from me is two too many... I'm gone.
| 5:30 am on May 1, 2004 (gmt 0)|
Balam I personally do think digitalv paybacksa and myself now each understand the pertiance, relevance and topicality of this specific debate to Gmail potential security flaws.
In our discussions we have nearly reached one.
That is not to say that we agree totally or to say that we are of completely like mind.
It is to say probably that we have reached a similar point at this stage.
That you have not yet reached the same point balam does not make the fact that we have reached it any less or more valid.
If you were to walk the same steps as we have taken to get to where we are, you would be likely to arrive at the same place. I think you should simply accept that, for not to is to say with some certainty that we three are simple and stupid and you are our superior.
I hope that helps and tried to avoid political reference because that seemed to be a dimension which you felt mildly irritated at in your last post.
| 7:06 pm on May 1, 2004 (gmt 0)|
|Since I'm off-topic and have stepped in it, might as well get knee-deep: digitalv, you stike me as one of those folk who feels that their point becomes more valid the more & louder they yell. But, to your credit, you at least (now) recognize that there's more to the world than America - on the behalf of roughly 6 billion people, thanks. |
What is it with you people? Have you actually read MY posts or just the responses from other people who also haven't been reading? I've been saying ALL ALONG how the United States government should NOT have the right to legislate or control the Internet. How can you take such a simple statement and twist it around any other way?
OF COURSE there is more to the world than America - that's my point, stupid.
| 1:42 pm on May 3, 2004 (gmt 0)|
balam - I can see how you'd get that from this flamewa^H^H^H.. err.. thread and I personally blame digtalv ( jab jab :P ) for hijacking the thread around message number 8 where seemingly out of nowhere he started talking about politics and its relation to Gmail.
Its only now that I realize why digitalv "went there"-- He brought up politics right after talking about how Gmail is being "singled out" by the weblogger who brought up this "security flaw". I'm guessing he feels that the US politicians who are making noise about gmail are also singling out gmail and thats where we arrive at the political discussion.
Its there, you just have to squint a bit to see it. Personally I was confused as well until I read between the lines.
Digitalv did I get it right?
| 3:18 pm on May 3, 2004 (gmt 0)|
Yeah, that's about right :)
Every time I read another Google/GMail slam it ticks me off, especially when Google is taking heat for doing the same things EVERY other provider out there is doing, which was the case in this thread. I brought up the politics issue because it's statements like this that make internet-ignorant politicians cry "We have to do something!" to get their name in the paper and look like a hero to the common man. Crap like that not only hurts the U.S. Companies and Citizens the legislation rules over, but the rest of the world too.
Technically, the U.S. Government DOES have the "right" to legislate Google, since Google is a U.S. Based company, and the rest of the world would just have to deal with that. But I happen to be one American who thinks our government SHOULDN'T exercise that right here. Even if Google DESERVED IT. The best way to put a company out of business is to stop giving them money. Letting the government step in doesn't let anything good happen, it tells the government that we are too weak as citizens to decide things for ourselves. That's not the message I want to send.
| 6:25 pm on May 4, 2004 (gmt 0)|
|The best way to put a company out of business is to stop giving them money. Letting the government step in doesn't let anything good happen, it tells the government that we are too weak as citizens to decide things for ourselves. That's not the message I want to send. |
If Google didn't provide something that people want, they wouldn't be in business. If Gmail flops and becomes a liability instead of an asset, it will go the way of the Dodo. People are smart enough to decide weather or not to use a service.
As for the security hole, come on. If someone is dumb enough to use an easy question, it's their own fault if their account is compromised. Security of your email account should not be legislated. The more government intrudes, the worse a product will be.
For my security questions, I like to use:
"Name of 7th grade homeroom teacher and the bumper number of your army vehicle."
If someone wants in bad enough to spend the time cracking that, I'm flattered!
| This 38 message thread spans 2 pages: < < 38 ( 1  ) |