I read a news story about a Google flaw being fixed, but I guess I must be behind on my news, because I had no idea what the flaw was in the first place. Can you shed some light on this? A:
You've come to the right place! I know many of you use Gmail for your main e-mail program and I know even more of you use Google, so it's very important to know about this particular happening. It's good to know the whole thing is over with, but it still happened and you all should know the details of it. I will first explain what the flaw actually was and then I'll get into how it's now fixed.
The flaw mainly surrounded the Gmail address book feature. There was a security hole that left the address books of Gmail users in a spot for serious risk. Basically, with this flaw, hackers were able to create a malicious Web site that would be able to copy all of the address book entries from Gmail users. During the time when the exploit was in action, as long as a user was signed in to their Gmail account or any other Google service, the attackers could take advantage.
For example, if you are a Gmail user and you were signed in to your account, an attacker could have easily gotten ahold of your entire address book and leak its information out. But, the point is that it wasn't only Gmail that was affected. As long as you were signed in to a Google service, your address book data could have been lifted.
This flaw was discovered by a Google watcher, Haochi Chen. Chen was working on a new feature for Google Video when she noticed the mistake. She was trying to send a video to some of her Gmail contacts when she figured out that the whole address book was opened along with the video and it was visible to others.
Fortunately, Chen relayed the information to Google and they fixed the problem with Google Video very quickly. They discovered next though that the flaw was leaking out into other Google services, which were also fixed within one day. Since Google was able to act so quickly in getting this problem solved, it was stated that no users were actually affected. A security manager for Google said, "To our knowledge, no one exploited the vulnerability and no users were impacted."
Now, the main problem was found within the data interchange format of JavaScript Object Notation, also known as JSON. If that's abused, personal information can be leaked out unintentionally, without anyone ever really knowing about it. Luckily though, Google placed a fix on the problem that ensures JSON cannot be abused again.
All in all, this was a scary flaw to hear about, especially if you're an avid Gmail or Google user, but Google has had to deal with several vulnerabilities in the past and they have never let us down. This occurrence was no different. So, don't be worried about this particular problem any longer. It is fixed and secure now and your address book is no longer at risk. You gotta love that!
~ Erin