Google has fixed a bug in its Web-based e-mail service, Gmail, that allowed users to read the contents of other people's messages.
HBX Networks, a Unix community group, discovered the bug while testing a Perl script intended to automate sending batches of newsletters. Messages sent to the group's own e-mail address contained HTML code in the "Reply To" field, and this code turned out to be the message body of other users' e-mail messages.
The problem appears to be caused by a missing ">" character in the formatting of the "From" fields generated by the group's Perl script. "This, apparently, was enough to get GMail to provide us with some portion of someone else's messages," HBX members wrote in their analysis on Wednesday.
They speculated that the missing character caused Google's application to read other data into this buffer -- a message that had been sent recently, for example. In at least one case, the intercepted e-mail contained username and password information, the group said.
News source:
ieXbeta
Full story:
View Here
Linear Mode
