HBX Networks, a UNIX developers community, has identified a flaw in Google’s GMail systems that could allow GMail users to access other users’ private access information including logon ID and password. Apparently this is accomplished by manipulating the “From” field of an e-mail, which is then sent to another GMail user. Any response to this message, can then be made to reveal the source code of the response including information stored in Google’s secure cache, such as user password.
The HBX Networks group investigated exploitation of the flaw and found that in at least one case they were able to retrieve a complete user ID and Password.
In my opinion Google cannot afford to have its security come under question. It could be much more damaging to their reputation than say Microsoft, who’s customers have come to expect security issues as standard with their products.