Security Flaw with Gmail
- 7
- Add a Comment
A recently discovered security flaw within Gmail explains how spammers are able to personalize their spam; with almost no work.Here’s a cute vulnerability in the gmail system that comes from the strong tie-ins between gmail, the google calendar and all the other services.
How to do it:
- Go to the ’share this calendar’ tab
- Enter the email address in the ‘person’ box
- Click ‘add person’ and ’save’
- When you return to this screen you will see the first and last name along with the gmail address
Way to go Google. This is a pretty big screw up on your part, and something that makes me fairly angry. I get at least five emails a day from Viagra spammers who all seem to know my name. At least now I know where they got it from.
Thanks Google; please fix this,
Justin
7 Comments
Carole
July 16th, 2008
at 2:56am
Thanks for the info; now I know why I get several spams after almost every time I go onto gmail.
I hope that the Google people are paying attention and will fix this flaw.
I do use an app, which allows me to prevent spam from getting onto my computer, but the less spam, the better!
Scott
July 16th, 2008
at 5:12am
If Google were a paid service, I’d say that you have a valid point.
Scott
July 16th, 2008
at 5:15am
I should clarify.. if Google were a paid service, I’d say that you have a right to bitch.
D Lowrey
July 16th, 2008
at 6:18am
Funny thing about Gmail is that I get a very small fraction of the spam that comes pouring in on Yahoo. I can count on 1 hand the amount of spam I get on Gmail…compared to the open dam that calls itself Yahoo.
Josh M
July 16th, 2008
at 7:02am
I wouldn’t call this a security flaw, it’s a feature that you just don’t like. Calendar users probably like it. You can’t make everyone happy. I agree with Scott. It’s a free service - you get what you pay for. Honestly, I really don’t care if someone wants to go through that trouble to get my full name. So what if they can send me personalized spam. It all goes into my gmail spam folder anyway. Like D Lowrey mentioned, gmail has excellent spam filters. Out of the 2000+ spam emails I get a month, MAYBE 1 or 2 make it to my inbox. Much better than any other email system I’ve ever used. If you don’t like this -feature-, why put your real name on your gmail account info anyway? Just use a random name - or your dogs name or something that friends will recognize. My dog loves reading about Avirga pill sales pitches. Really gets his tail wagging.
Rob
July 16th, 2008
at 9:06am
So think about it. To take advantage of it, they have to already have your address.
Spammers work on mass quantities. For a spammer to go this process in any significant number of addresses would send up a huge red flag in google’s systems. It seems like way too much trouble to go to to get a name to match an address you already have.
And Carole, if you think that just checking your email triggers spam just because someone can figure out what your name is when they already have your email address…
Jon
July 17th, 2008
at 11:35am
I’m confused - when I type in the email address of someone I know has a calendar, I don’t get their name. I am just told that I don’t ahve access to their calendar and I am given the option of sending a reqest.
What am I missing?