Neowin.net - Developer Shipped Backdoor Hack With G-Archiver for GMail

Developer Shipped Backdoor Hack With G-Archiver for GMail

Posted by HappyAndyK on 11 March 2008 - 14:50 · 19 comments & 10029 views

A serious Gmail account hacking backdoor, has been found in the popular Gmail archiving software G-Archiver. This application, in all its innocence, allows you to download and backup all emails from your GMail account. But apparently the developer included the code to send an email to his email ID with all usernames and passwords!

G-Archiver has posted this explanation of what happened: "It is urgent that you remove the current version of G-Archiver from your computer, and change your Gmail account password right away. What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version."

Hopefully, G-Archiver will release a new version very soon.

Link: Details at WinVistaClub.

Hide additional information

About the Author
Full name: Unknown
Forum name: +HappyAndyK
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

(1 reply) #1 Posted by Menge on 11 Mar 2008 - 14:55: "a member", huh? what kind of useful debug information is included in the username and password being used?
sure as hell never installing any version of this

(2 replies) #2 Posted by C_Guy on 11 Mar 2008 - 15:13: This is basically a non-issue since you surrender any concept of privacy when you sign up for a Google service anyway.

#3 Posted by m1h4 on 11 Mar 2008 - 15:26: "What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version."

Yeah right!

#4 Posted by Barry Gurung on 11 Mar 2008 - 16:01: Eh! i never used G Archieve

bad for those who used it for long time

Hope it will be fixed in the coming release
Then it'll be worth a try for me

(2 replies) #5 Posted by GEIST on 11 Mar 2008 - 16:06: Accident or not, I think they're done. If you wanna archive your webmail locally, use a proper client like Outlook or Thunderbird etc., not such crap.

#6 Posted by REM2000 on 11 Mar 2008 - 16:13: The only thing i worried about is that he said that he has asked google to delete the account. I hope that google will delete the account but also block anyone else trying to setup that google account, as im sure it will take a while for people to upgrade to a newer version without the debug code.

#7 Posted by KnightWolf on 11 Mar 2008 - 17:51: lol, cant wait to so the list of changes for the new version..lol

1.updated blah blah
2.new somethin or other
3.removed backdoor hack

#8 Posted by sbauer on 11 Mar 2008 - 18:12: What a bogus excuse. I hope people don't actually believe it. There is no reason to put it in there.

#9 Posted by iascoot on 11 Mar 2008 - 19:07: there was no reason to test anything like that, they are covering up, they got caught.

#10 Posted by +warwagon on 11 Mar 2008 - 20:31: Just use gmail via pop3 on your work machine and have gmail also save a copy of your emails under all mail. Thats what I do. Plus any emails you sent also get saved under sent items on gmail.

#11 Posted by SLeeM@N on 11 Mar 2008 - 20:57: This is why I never use third party program, I archive my email with pop3 that's it.

#12 Posted by Chugworth on 11 Mar 2008 - 21:16: I just use Outlook for keeping a backup copy of my Gmail account, but any good POP3 mail client should do the job.

(1 reply) #13 Posted by McoreD on 11 Mar 2008 - 21:20: Hi, if it is not open-source, how did they figure this thing out?

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top