tajddin Posted May 6, 2005 Share Posted May 6, 2005 (edited) I just logged into Neowin and notice that I had logged in as several neowin users. Every time I refreshed the page, the username changed, and I could access any portion of the site. I was able to access their control panels and possibly even post (I did so to make sure that this was a security issue.) It is still happening and I apologize if that has already been posted. Edit: This is a major Google Web Accelerator security issue: http://news.zdnet.co.uk/internet/security/...39197327,00.htm "I went to the Futuremark forums and noticed that I'm logged in as someone I don't know. Great, I've used Google's Web Accelerator for a couple of hours, visited lots of sites where I'm logged in. Now I wonder how many people used my cache. I understand it's a beta, sure, but something like that is totally unacceptable." Edit 2: Someone please modify the title of this thread. At the time of its posting, I hadn't realized it was a Google issue. (MOD EDIT: changed the title now, hope that helps... DB) Edited May 6, 2005 by dbfriends Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/ Share on other sites More sharing options...
insurektion Posted May 6, 2005 Share Posted May 6, 2005 wtf you must be special. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880028 Share on other sites More sharing options...
bukowski Posted May 6, 2005 Share Posted May 6, 2005 lol, :unsure: oh, i checked vice kings recent posts and the last one was earlier today :unsure: Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880030 Share on other sites More sharing options...
Tomi Posted May 6, 2005 Share Posted May 6, 2005 Odd. Maybe you somehow got their session ids? Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880031 Share on other sites More sharing options...
tajddin Posted May 6, 2005 Author Share Posted May 6, 2005 What's extremely odd is that it's still hapenning. I did not post, I only checked their control panels to make sure I wasn't imagining this. Their skins and settings are all present. It's extremely odd. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880036 Share on other sites More sharing options...
John Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 You logged in with your credentials, right? Very odd :blink: Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880041 Share on other sites More sharing options...
tajddin Posted May 6, 2005 Author Share Posted May 6, 2005 I just realized: Could it be because of Google's Web Accelerator? Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880044 Share on other sites More sharing options...
tajddin Posted May 6, 2005 Author Share Posted May 6, 2005 This is a major issue, it seems: http://news.zdnet.co.uk/internet/security/...39197327,00.htm Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880054 Share on other sites More sharing options...
mAcOdIn Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 Wow it shares your cookies? I can't believe that idea got off the ground. It should have been more like Red Swoosh or something where just pictures and pages we're cached, caching cookies and sharing them is insane. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880062 Share on other sites More sharing options...
HoochieMamma Posted May 6, 2005 Share Posted May 6, 2005 WOW :omg: Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880073 Share on other sites More sharing options...
mistical Posted May 6, 2005 Share Posted May 6, 2005 I just realized: Could it be because of Google's Web Accelerator? It is because of it. I'd highly recommend people stay away from this tool. I love Google but I don't like this tool at all, it's useless really and don't like what they are doing with it. This is a major issue, it seems:http://news.zdnet.co.uk/internet/security/...39197327,00.htm Here's SlashDot's discussion, http://slashdot.org/article.pl?sid=05/05/0...&tid=217&tid=95 and also SomethingAwful, which I do not visit but got passed the link also has an article on Google's Web Accelerator that's a pretty good read, believe the links though are banned here on the forum though. So look for yourself if you want to read it. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880074 Share on other sites More sharing options...
Joseph B Posted May 6, 2005 Share Posted May 6, 2005 Oh **** o.o... Thats a pretty big issue! :blink: :blink: :blink: Umm... Admins? Mods?! Someone? :cry: Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880075 Share on other sites More sharing options...
insanekiwi Posted May 6, 2005 Share Posted May 6, 2005 wow. thanks for lettign me know. i dont want anyone to use my cookies. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880078 Share on other sites More sharing options...
+virtorio MVC Posted May 6, 2005 MVC Share Posted May 6, 2005 Wow, who needs spyware when you can just have Google's Web Accelerator? Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880083 Share on other sites More sharing options...
mAcOdIn Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 What could a mod do though? If it truly shares your cookies, the only way to combat it would be to disable cookies and make you sign in at all times. The issue isn't with Neowin, cookies were designed to store your info for a site on your computer, if your cookie gets shared it's not the sites fault. You need to complain to google, not neowin. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880087 Share on other sites More sharing options...
morficus Posted May 6, 2005 Share Posted May 6, 2005 temporary cookie cacheing.... that does not sound good at all. :no: maybe the 'google conspiracy' is real? Or do they just have poor programers and QA? Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880088 Share on other sites More sharing options...
tajddin Posted May 6, 2005 Author Share Posted May 6, 2005 What could a mod do though? If it truly shares your cookies, the only way to combat it would be to disable cookies and make you sign in at all times.The issue isn't with Neowin, cookies were designed to store your info for a site on your computer, if your cookie gets shared it's not the sites fault. You need to complain to google, not neowin. 585880087[/snapback] I think you need to understand that at the time of the first posting, I did not know it was Google! This should be posted on the front page. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880093 Share on other sites More sharing options...
morficus Posted May 6, 2005 Share Posted May 6, 2005 Wow, who needs spyware when you can just have Google's Web Accelerator? 585880083[/snapback] yeah, more like... "hacking and identity theft made easy" Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880095 Share on other sites More sharing options...
mAcOdIn Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 I think you need to understand that at the time of the first posting, I did not know it was Google!This should be posted on the front page. 585880093[/snapback] I meant that for the guy who posted right before me. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880096 Share on other sites More sharing options...
morficus Posted May 6, 2005 Share Posted May 6, 2005 I think you need to understand that at the time of the first posting, I did not know it was Google!This should be posted on the front page. 585880093[/snapback] Agree :yes: this is a HUGE issue. this info should also be passed on to other forums as an attempt to avoid this stuff from happening. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880099 Share on other sites More sharing options...
morficus Posted May 6, 2005 Share Posted May 6, 2005 the t ittle of this thread (and it's location) needs to be changed. modz?? Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880115 Share on other sites More sharing options...
akaladis Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 Now that shouts for front page news... Haven't tried the Web Accel myself... Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880162 Share on other sites More sharing options...
mAcOdIn Veteran Posted May 6, 2005 Veteran Share Posted May 6, 2005 Considering how big the issue really is, I have a hard time seeing how it was ever greenlighted at all. The interaction between a cookie and web page has been a relative standard for the internet for years, heck I think the idea's over 10 years old, and to make a tool that basically throws that out of the window was downright irresponsible of google. I know it's beta, I know it's not for the mainstream and is basically damn near hidden on thier site but, crap, what was going through thier heads? The person who came up with this idea should never be allowed to work on any network related program ever again, this is the worst judgement I've ever seen a company make on the internet. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880169 Share on other sites More sharing options...
tajddin Posted May 6, 2005 Author Share Posted May 6, 2005 Considering how big the issue really is, I have a hard time seeing how it was ever greenlighted at all.The interaction between a cookie and web page has been a relative standard for the internet for years, heck I think the idea's over 10 years old, and to make a tool that basically throws that out of the window was downright irresponsible of google. I know it's beta, I know it's not for the mainstream and is basically damn near hidden on thier site but, crap, what was going through thier heads? The person who came up with this idea should never be allowed to work on any network related program ever again, this is the worst judgement I've ever seen a company make on the internet. 585880169[/snapback] Very well said. As a software developer myself, I cannot comprehend how such a major issue would afflict a public beta. It's completely unacceptable. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880180 Share on other sites More sharing options...
Vice Posted May 6, 2005 Share Posted May 6, 2005 HOLY COW! I am so glad I never used it. Link to comment https://www.neowin.net/forum/topic/317125-major-google-web-accelerator-security-issue/#findComment-585880181 Share on other sites More sharing options...
Recommended Posts