Every so often little corners of the Web come alive to the tune of the latest security flaw to be discovered in a browser, operating system or in a recent case the entire Internet.
It’s very much in vogue at the moment to point the finger at Microsoft, who are seen as the “establishment” and without getting into a whole debate it’s worth mentioning that sometimes even what people perceive as the “good guys” get it wrong too.
Google are still widely held - albeit probably by mass consumers rather than niche social Internet users - as being a company quite incapable of evil or indeed incompetence, but it’s good to see that, like anyone else they make mistakes too.
The one I is quite a small flaw really, that means anyone with access to Google Calendars can find out the name behind an email address. This isn’t a massive problem if, like the blogger I’ve linked to suggests, you just want to find out who’s taken that mail name you were after, but if you’re a spammer this is potentially pay dirt.
One of the ways spam filters know what’s legit and what’s not is by knowing your own name; information which the spammers don’t have. But by addressing you by your full name which they can now find out through Google Calendars, they increase the likelihood of their messages being read, either because they’ve slipped through the net or because you’ve checked your Junk Mail folder and taken the messages as legit.
This vulnerability has seemingly only just been discovered, however a recent study shows a 27% rise in unwanted email actually originating from Google Mail (Gmail everywhere else but the UK).
I’m not writing this to gloat at another company’s mistake - and let’s be honest, it is just that - but as a reminder that complacency is fraud’s fuel, and if we stop looking for security holes or we assume they aren’t there because the software is open source or the company isn’t evil, is the moment someone else finds that hole and exploits it.
This is Mark Steadman, pushing your paranoia buttons in Birmingham. Now back to the studio.
Delicious
Digg
Facebook
Reddit
StumbleUpon
Subscribe to the blog
David North
Thursday 17th July 2008MIstakes happen even for people with the best will in the World. There is always someone trying to find a way into your system - there is no such thing as a perfectly secure system.
Speaking of evil companies - I still feel Google is the most frightening company at the moment. The amount of power they weild is scary.
Sorry, but comments for this post are now closed.