Yikes!

Posted on January 1, 2007 by acb

There is a very simple bit of javascript which will steal and display your entire Gmail contact list if you run it when are logged into Gmail. I have just tested it here, and got back a list of 103 names. I had no idea there were so many people with whom I had corresponded from that address; nor why Richard Dawkins appears on it twice. But Google had better fix the hole damn quick.

This entry was posted in nördig. Bookmark the permalink.

2 Responses to Yikes!

  1. rr says:
    January 1, 2007 at 10:28 pm

    Don’t worry, your little gbook is safe – they fixed it already 🙂

  2. Rupert says:
    January 2, 2007 at 2:07 am

    They only kinda fixed it. The problem’s still there, but existing hacks won’t work.

    I’m now badly dependent on Gmail. It needs better security, stronger authentication and some form of optional encryption. But it’s just so much nicer than the alternatives (I have to use Exchange at work, even though I’ve managed to ditch Outlook for Evolution, and it’s horrible), and the web services model is so compelling, that I can’t bring myself to leave.

    R

Comments are closed.