In a news release today, Google anounced that it has fixed the GMail security flaw discovered by HBX Networks last week, which potentially allowed users to access the login information of other users. HBX Networks stated that they discovered the flaw when some of its memebers sent themselves a test newsletter, prior to sending it to subscribers. The HBX site also reports :
“Gmail messages are vulnerable to interception. An attacker has only to transmit malformed test messages to himself, and information left over in memory, from previous messages, destined for other people, will appear with the test messages in the attacker’s inbox. Sometimes, this information could include usernames and passwords.”
As a GMail user I am pleased that Google has addressed this issue, however in the last 24hrs. I have for the first time experienced multiple failures and crashes when attempting to use the service. It would appear that Google may have implemented a series of attachment filters as well, as I have been unable to send any file attachments which contain executable content, or non-standard file extensions.