Major Google Web Accelerator Security Issue

[duerra]

The bug sounds a lot worse than it is. You're not logged in as anybody, it's simply the cached page that you're seeing. You cannot perform actions as the user that you may see:

http://news.com.com/Google+speed+bump+draw..._3-5698447.html

And no - you don't have to worry about your banking information or anything like that being seen by anybody. Banking is always done over HTTPS, and google couldn't see that stuff even if they wanted to.

[nickg78]

Where are the "ill follow Google into hell" fans now? i dont really buy this researchware stuff, spyware with a friendly name.

well Google made a bad bobo, they will fix it but broadband should be fast enough without it, do you really need it? you were fine before it

585884442[/snapback]

I couldn't agree more. :yes:

I was curious to see this so called speed improvement, so I installed it on another computer only for 15 minutes. It said that there was 1 second of speed improvement within 15 minutes of browsing. :woot:

Improvement of 1 second, but all your cookies and personal data exposed to other people. Does it worth? :no:

[duerra]

Read my above post.

[duerra]

Not only that, but if programmers designed their applications properly, there wouldn't be any problems anyway. Google's WA uses standard HTTP headers to determine the status of whether a page can be served from cache or should be retrieved again. If somebody's privacy is somehow exposed, it ultimately *is* a bug that the host application should address by properly sending the Cache-Control HTTP headers, including the last-updated status of the page.

[mooodi]

Oh poop, I saw this one coming :( actually considered installing it, but then relized it didn't mention anything about cookies, so just ignored and moved on.

[temple_treefrog]

Wow, who needs spyware when you can just have Google's Web Accelerator?

585880083[/snapback]

HAHAHA

[emo]

wow, this is nstarting to get out of hand. i uninstalled it right after i heard of this problem.

[duerra]

It really appears that absolutely nobody has read that this isn't as big of an issue as the users in this thread have made it out to be....

[Makeshift Hammer]

Why are people installing this anyway? Do people on broadband really need more speed? I agree that this is a HUGE bug, but come on, these web accelerators never do what they claim.

585882031[/snapback]

Agreed. If, and only IF it speeded things up, the speed would be so negligable that any memory/resources the app used were being wasted. Maybe Google Inc. are testing the waters to see how dumb people really are, and what crap they'll voluntarily install on their systems. :p

[shockz]

It really appears that absolutely nobody has read that this isn't as big of an issue as the users in this thread have made it out to be....

585886386[/snapback]

What do you mean.

I've seen screenshots of peoples PM's being read... via the cache.

This is defiantely a bigger issue then your playing it down to be.

[duerra]

What do I mean? Well, read the link and you'll see.

Nobody's sessions are being stolen.

[shockz]

What do I mean?  Well, read the link and you'll see.

Nobody's sessions are being stolen.

585887066[/snapback]

Their sessions might not be stolen... but I've seen screenshots of cached PM inboxes, with their PM's viewable.

[JMann Veteran]

Oh crud. Is there anyway we can block this thing now? From Neowin's side?

[duerra]

Their sessions might not be stolen... but I've seen screenshots of cached PM inboxes, with their PM's viewable.

585887696[/snapback]

*nod* The programmers should fix their applications, then. It's not Google's fault if web applications aren't following standard HTTP protocols.