Related
Internal Links
External Links
- Haochi Chen Googlified blog post about flaw
- Garett Rogers' ZDNet Googling Google blog post
- Ionut Alex Chitu's Google Operating System blog post
- Digg link post
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Google Inc. on Tuesday said vulnerabilities in its software had been fixed and criticized their revelation online over the holiday weekend.
Bloggers who write about the internet search giant had reported security holes that would allow a specially crafted website to obtain the Gmail contact lists of users who have logged into the free e-mail service or other services such as Blogger that require people to sign into their Google accounts.
People could also gain access to the contact lists by copying and pasting a piece of computer code into a web browser.
The flaw could have enabled an attacker to send malicious messages that contain viruses or other malware to people on an exposed contact list.
Google had repaired the identified problems by Monday afternoon — a little more than a day after receiving reports about them, Heather Adkins, Google's security manager, said in a written statement e-mailed on her behalf to CBC News Online.
"We were first notified that this issue affected Google Video and fixed it within a few hours," Adkins' statement said, adding that the company later received word that the problem was more widespread.
"The problem with the other products was resolved within 24 hours of the second report. To our knowledge, no one exploited the vulnerability and no users were impacted."
Google Video is the online video sharing service that the company built before buying popular competitor YouTube Inc. on Oct. 9, 2006.
Teen exposed flaw
Adkins' statement included remarks that were critical of the manner in which the security hole was brought to light.
"We strongly encourage anyone who is interested in researching and reporting security issues to follow responsible disclosure practices including giving vendors ample time to respond to reports," the e-mail read.
"Responsible disclosure allows companies like Google to keep users safe by fixing vulnerabilities and resolving security concerns before they are brought to the attention of the bad guys."
The vulnerability was discovered by 16-year-old Haochi Chen of Columbus, Ohio, who reported it on his Googlified blog on Dec. 30.
Chen told CBC News Online on Tuesday that he agreed with Google that care should be exercised when disclosing security holes.
"I think they're right," Chen said.
Asked whether he would do anything differently, he said, "I would wait for a couple of days" more before publishing news of a vulnerability.
But he insisted that the manner in which he exposed the problem was legitimate. "There's nothing wrong with it."
'This feature could be dangerous'
Chen stated in his blog that he discovered the problem after tinkering with an undocumented feature of the Google Video service that lets users e-mail videos to people in their Gmail contact list.
The e-mail feature was reported the same day by Ionut Alex Chitu, who describes himself as a Romanian student who runs the Google Operating System blog.
"This feature could be dangerous," Chen wrote about the contact list problem on Dec. 30.
The next morning he followed up with a comment on his original post, stating, "It is very dangerous. I just confirmed with a few other people. I have also notified the Google Security team."
According to another post by Chen on Jan. 1, Google responded to his alert some 30 hours after he reported the flaw to them — only after word of the vulnerability had spread through a post to the popular social networking news site Digg.
Chen told CBC News Online on Tuesday evening that he had not received any further communications from Google.
In late December, the company also had a problem related to its Gmail free e-mail service, in which users' stored messages and even their entire accounts were irretrievably deleted.
Share Tools
Top News Headlines
- SpaceX capsule nears space station for historic docking
- The privately bankrolled Dragon capsule approaches the International Space Station for a historic docking after sailing through a practice rendezvous the day before. more »
- Conservatives move again to have robocalls suits tossed
- The Conservative Party has filed a second motion to dismiss the robocalls lawsuits filed by the left-leaning Council of Canadians, calling council chairperson Maude Barlow a "virulent critic" of Prime Minister Stephen Harper who has "orchestrated" the litigation. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
- Reclaiming the dead on Mt. Everest
- The difficulty, danger and expense of removing the bodies of climbers who died in Mount Everest's "death zone" mean most of the dead remain on the mountain as a stark reminder to other climbers of the risks. more »
Latest Technology & Science News Headlines
- Facebook unveils camera app for iPhone
- Facebook unveiled a photo-sharing application on Thursday that allows users to take pictures on their mobile device and post them directly to their Facebook accounts. more »
- Neil Armstrong grants rare interview to accountants organization
- Legendary astronaut Neil Armstrong, who was the first person to walk on the moon, has surprised the media establishment by granting a rare and comprehensive interview to an unexpected interviewer: the Certified Practicing Accountants of Australia. more »
- 'Safe' stem cell discovery unveiled in Calgary
- Scientists in Calgary say they have discovered a way to create stem cells by the millions more quickly and safely than ever before. more »
- Canadian Hurricane Centre predicts 9 to 15 storms in 2012
- The early arrival of a tropical storm off the U.S. east coast does not mean Eastern Canada should brace for a particularly active hurricane season, Canadian forecasters said Thursday. more »
Bob McDonald's Blog
Underground lab may solve cosmic mystery May. 18, 2012 4:22 PM A new astronomical observatory opened this week - one more than 2 kilometres below the ground in Sudbury, Ont. - that may finally answer the mystery of Dark Matter in the universe. SNOLAB will attempt to capture the elusive Dark Matter particles as they pass right through the Earth.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 24, 2012 10:14 AM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Reclaiming the dead on Mt. Everest
- Workers' EI history to affect claim under new rules
- New mom among dead in Aylmer triple stabbing
- Gatineau police to question suspect in multiple homicides
- Conservatives move again to have robocalls suits tossed
- Quebec faces mounting pressure amid student crisis
- Suspect arrested in decades old N.Y. missing boy case
- Teens share bullying tales in confession booth
- B.C. man fined $6,000 for feeding 'pot bears'
