Major Google Web Accelerator Security Issue

By tajddin
in Site & Forum Issues

 Share

Recommended Posts

Enthusiast

YaKaLeDo

Posted
Posted

It seems that Google is expecting that every web page that asks for a login and password to be SSL secure.

Which just makes sense.

I understand that most forum software don't use SSL.. I don't know how feasible is that, but maybe they should.

Grand Master

Code.Red

Posted
Posted
  _fOoL_ said:
webaccelerator.google.com/GoogleWebAcceleratorSetup.msi

h4(|<

585881104[/snapback]

?

Also, If you put neowin in the excluded sites, and havent visited neowin when it wasnt excluded, I'm assuming that it won't share my cookies?

Mentor

RootWind

Posted
Posted
  Jugalator said:
Wow, now that's a beta issue if I've ever heard of one! :blink:

Well, this is definitely a slip in their QA procedures.

Their programmers are generally good though. Look at google.com, Gmail, Google Maps, and so on. :)

I'm not sure of what "conspiracy" you're talking about, when it has to do with users logging into forums with another guy's account?

585880380[/snapback]

Well, they have been hiring a boat-load of people in recent months. Might be beginning to fall under the "current structure doesn't fit that many workers" category.

Grand Master

NienorGT

Posted
Posted
  "Google Installer" said:
Google receives and temporarily caches cookie data that your computer sends with webpage requests in order to improve performance.
Ya Ya Ya...

Hope this will be removed...

Collaborator

EddieZ

Posted
Posted

WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

Grand Master

Tim Dorr Veteran

Posted
  • Veteran
Posted
  EddieZ said:
WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

585881200[/snapback]

If it's done on an HTTPS site, then it's not cached at all.

Grand Master

NienorGT

Posted
Posted
  EddieZ said:
WARNING!

Do NOT use any online/electronic/internet banking or credit card purchases with this 'web accellerator'. All the information that is needed tot deduce algorithms and the cardnumbers (including the security numbers) are present in the stored cache.

585881200[/snapback]

WHAT???

Hopefully I don't use that junk...

But i'm sure that Google will be sued for this... I hope so...

Man... even if it's a stupid Beta...

It violate all privacy / security laws...

Proficient

XPGoD

Posted
Posted
  timdorr said:
If it's done on an HTTPS site, then it's not cached at all.

585881227[/snapback]

But some sites... are retarded. UMB Bank has a way you can log in to your account minus all the HTTPS until your staring at your bank info...odd yet true. Hackers usually don't go after the "pot" of info without first getting slivers. Enough slivers presents a whole piece.

Most people for some reason become moronic when creating passwords to things later used for secure purposes/personal use. The odds of getting a forum password, versus that a bank.... As you know, the ideas are endless.

Beings that each time I post, no one posts after, yet reads.... oh well eh?

Grand Master

John Veteran

Posted
  • Veteran
Posted
  oddcrap said:
Doesn't surprise me, as with any new software they're going to be problems.

585881938[/snapback]

This is far more serious than some sort of "bug" that one would expect in pre-release (beta) software. Google decided to have the tool cache cookies. WHY? "For performance reasons". Bull****. There's no reason whatsoever to cache cookies from one machine and spread them to thousands of other machines. The whole concept of a cookie is to store unique information about a user or machine. Google has just made cookies a massive, worldwide security issue with this decision to "cache" (read: share) cookies.

Collaborator

nickg78

Posted
Posted (edited)

Being a beta version isn't an excuse for such problems. Performance reasons isn't an excuse either. I believe they should remove this software from their page, untill they fix it and they remove the cookies remote caching "feature".

Edited by nickg78
Grand Master

Bhav

Posted
Posted
  nickg78 said:
Being a beta version isn't an excuse for such problems. Performance reasons isn't an excuse either. I believe they should remove this software from their page, untill they fix it and they remove the cookies remote caching "feature".

585882185[/snapback]

:yes: agree completely.

Grand Master

Doli

Posted
Posted

Where are the "ill follow Google into hell" fans now? i dont really buy this researchware stuff, spyware with a friendly name.

well Google made a bad bobo, they will fix it but broadband should be fast enough without it, do you really need it? you were fine before it

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.