Thwomp writes
"It appears that a popular Gmail backup utility, G-Archiver, has been harvesting users' Gmail passwords. This was discovered when a developer named Dustin Brooks took a look at the code using a decompiler. He discovered a Gmail account name and password embedded in the source code. Brooks logged in and found over 1,700 emails all with user account information — with his own at the top. According to a story in Informationweek, he deleted the emails, changed the account password, and notified Google. The creator of G-Archiver has pulled the software, stating that it was debug code and was unintentionally left in the product."
Wednesday, March 12, 2008
G-Archiver Harvesting Google Mail Passwords
This is proof why you shouldn't trust blindly all the software you use =|
Labels:
code analysis,
negative examples,
security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment