Major Google Web Accelerator Security Issue

[YaKaLeDo]

It seems that Google is expecting that every web page that asks for a login and password to be SSL secure.

Which just makes sense.

I understand that most forum software don't use SSL.. I don't know how feasible is that, but maybe they should.

[NinjaGinger]

I tried this software, read about the issues, removed it, switched on this morning and all my cookies seem to have gone. Im now having to enter username and passwords on all my sites, including this 1. :blink:

[+chorpeac MVC]

Nope don't use this. Sometimes stupid things happen.

[JMann Veteran]

I saw the new tool yesterday, and thought wow, looks good. Read up about it and found about the bug. Closed the Google Toolbar webpage. Damn, thats quite a problem. :/

[BoundToEarth]

I'm glad I didn't use it :D

[psychoticDEMENTO]

My cookies are being stoeled?! OH TEH NOES!

[Guolung]

The Inquirer has a piece about this, including a link on how to block it.

check:

http://www.theinquirer.net/?article=23051

[Code.Red]

Does Google know? Has anyone talked to them, have they responded? Thats a pretty big flaw, especially a big gaping one for google.

[_fOoL_]

webaccelerator.google.com/GoogleWebAcceleratorSetup.msi

h4(|<

[Code.Red]

webaccelerator.google.com/GoogleWebAcceleratorSetup.msi

h4(|<

585881104[/snapback]

?

Also, If you put neowin in the excluded sites, and havent visited neowin when it wasnt excluded, I'm assuming that it won't share my cookies?

[RootWind]

Wow, now that's a beta issue if I've ever heard of one! :blink:

Well, this is definitely a slip in their QA procedures.

Their programmers are generally good though. Look at google.com, Gmail, Google Maps, and so on. :)

I'm not sure of what "conspiracy" you're talking about, when it has to do with users logging into forums with another guy's account?

585880380[/snapback]

Well, they have been hiring a boat-load of people in recent months. Might be beginning to fall under the "current structure doesn't fit that many workers" category.

[NienorGT]

Google receives and temporarily caches cookie data that your computer sends with webpage requests in order to improve performance.

Ya Ya Ya...

Hope this will be removed...

[EddieZ]

WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

[Tim Dorr Veteran]

WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

585881200[/snapback]

If it's done on an HTTPS site, then it's not cached at all.

[NienorGT]

WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

585881200[/snapback]

WHAT???

Hopefully I don't use that junk...

But i'm sure that Google will be sued for this... I hope so...

Man... even if it's a stupid Beta...

It violate all privacy / security laws...

[kombolcha]

runs ccleaner*

uninstalls gwa*

[sn00pie]

I installed it yesterday, but then I couldn't access the internet because the Web Accelerators proxy was having some problems, so I un-installed it right away.

That's a phreak thing coming from Google. :wacko:

[oddcrap]

Doesn't surprise me, as with any new software they're going to be problems.

[XPGoD]

If it's done on an HTTPS site, then it's not cached at all.

585881227[/snapback]

But some sites... are retarded. UMB Bank has a way you can log in to your account minus all the HTTPS until your staring at your bank info...odd yet true. Hackers usually don't go after the "pot" of info without first getting slivers. Enough slivers presents a whole piece.

Most people for some reason become moronic when creating passwords to things later used for secure purposes/personal use. The odds of getting a forum password, versus that a bank.... As you know, the ideas are endless.

Beings that each time I post, no one posts after, yet reads.... oh well eh?

[sdb815]

Why are people installing this anyway? Do people on broadband really need more speed? I agree that this is a HUGE bug, but come on, these web accelerators never do what they claim.

[John Veteran]

Doesn't surprise me, as with any new software they're going to be problems.

585881938[/snapback]

This is far more serious than some sort of "bug" that one would expect in pre-release (beta) software. Google decided to have the tool cache cookies. WHY? "For performance reasons". Bull****. There's no reason whatsoever to cache cookies from one machine and spread them to thousands of other machines. The whole concept of a cookie is to store unique information about a user or machine. Google has just made cookies a massive, worldwide security issue with this decision to "cache" (read: share) cookies.

[nickg78]

Being a beta version isn't an excuse for such problems. Performance reasons isn't an excuse either. I believe they should remove this software from their page, untill they fix it and they remove the cookies remote caching "feature".

Edited May 6, 2005 by nickg78

[Bhav]

Being a beta version isn't an excuse for such problems. Performance reasons isn't an excuse either. I believe they should remove this software from their page, untill they fix it and they remove the cookies remote caching "feature".

585882185[/snapback]

:yes: agree completely.

[ember]

damn, thank god ive uninstalled it :ninja: this is pretty serious if you ask me, someone being able to login with your account and all.. :unsure:

[Doli]

Where are the "ill follow Google into hell" fans now? i dont really buy this researchware stuff, spyware with a friendly name.

well Google made a bad bobo, they will fix it but broadband should be fast enough without it, do you really need it? you were fine before it