Thursday, December 4, 2008

Is it google's security hole?

Free Image Hosting at www.ImageShack.us

This morning, I've seen a big surprise of Google account. Actually I was signed in with my google account lynnseck@gmail.com and was exploring around my sites and features. A few minutes later, I was invited to Google Friend Connect application to use as a site owner. So i was trying to put that code in my site. Surprisingly! my account was automatically redirected to someone's account as aktsandar@gmail.com and been to his site www.soethura.org. I was so surprised and amazed in stunned, then I checked if I can manage everything at his site, the result is YES! So I dropped a few comments in his home page and then logged out. I dont know how it was happened. Any can explain me that, means it is google security hole, or I accidentially hacked someone site, or my account was hacked?


ဒီေန့ ထူးထူးဆန္းဆန္း တစ္ခုေတြ့တယ္။ ေတာှေတာှေလး ထူးဆန္းတယ္ ေျပာရမလားပဲ။ ဂူဂယ္လ္ဆိုက္ကို သံုးေနရင္း က်ြန္ေတာှ အလိုလို အျခားတစ္ေယာက္ရဲ့ အေကာင့္ထဲကို ေရာက္သြားတယ္။ အေကာင့္က aktsandar@gmail.com ဒါနဲ့ သူ့ရဲ့ root ကိုျကည့္လိုက္ေတာ့ Soethura.Org ဆိုတဲ့ ဝဘ္ဆိုဒ္တစ္ခုကို ဖြင့္ထားတယ္။ က်ြန္ေတာှ့အေကာင့္နဲ့ မဟုတ္ဘဲ သူ့အေကာင့္နဲ့ ဝင္သြားတာေနာှ။ သူ့ဆိုဒ္ထဲမွာ က်ြန္ေတာှ ျကိုက္တာ လုပ္လို့ရေနတယ္။ ဒါနဲ့ က်ြန္ေတာှ သူ့ကို သတိေပးတဲ့စာေလး ေရးျပီး ျပန္ထြက္လာခဲ့တယ္။ ေတာှေတာှေလး ထူးဆန္းတယ္။ 


Updated (1)

Yes it must be google's big security hole. But I m not the first one to whom it was happened: I found out a case which was quite similar with me, perhaps I didnt touch anything at dns. I think its vulnerability is in either Google Site or Google Friend Connect; the new one! See here 

http://blogoscoped.com/archive/2007-01-12-n73.html [link]

They said fixed, but now you see how? :)
http://blogoscoped.com/archive/2007-01-14-n21.html [link]

I've already reported to Google Security Team and waiting for their reply.



Update (2) 

Sorry for my mistake: the correct link is 


PS. I forgot to put a big smile (:)) at last! Just wanna remind you all, dont believe on net, and dont put every secrets on net or electronic devices. me tooo (again :))


No response to “Is it google's security hole?”

 
© 2009 NYI LYNN SECK 18+ DEN. All Rights Reserved | Powered by Blogger
Design by psdvibe | Bloggerized By LawnyDesignz