The programmers, part of a community site dedicated to the Unix-like FreeBSD operating system, found that an improperly formatted address allowed Gmail users to retrieve the message body of the last HTML-formatted e-mail processed by the server.
"The result is a compromise of the privacy of communications over Gmail," the two programmers stated in their write-up of the problem. "Message content and address information are easily--if somewhat randomly--available to unintended recipients."
Google acknowledged the problem Wednesday and said it had been fixed. It is unclear how long the glitch lasted.
The problem became apparent when an e-mail message sent by the programmers left off a ">" from the end of a recipient's address. The result: Google's server sent back seemingly random information that the hackers realised was information from someone else's e-mail message.
Google acknowledged the problem and had fixed it by the end of the day, a source at the company said Wednesday. Since the problem originated in the application on the company's servers, the fix immediately plugged the leak for all users, the source said.
The search giant has increasingly had to deal with security flaws because its popularity has security researchers looking more closely at the firm's products. Worms have used Google's search engine to find potentially vulnerable hosts on the Internet, and flaws in the company's desktop search program left computers that ran the software open to attack.
Google's free e-mail bet, Gmail, was launched last April and has quickly gained a large following. While the system is technically still in beta, many users have begun to rely on it.
However, because most of Google's services run on the company's own servers rather than on software installed on users' systems, fixes for security problems can be deployed quickly.
"While the system is technically still in beta"
Technically?! It is STILL is beta!
That is an appaulling way to weasel out of the fact that the system is STILL in beta while trying to raise FUD about GMail.
You of course ran an article on spammers using the hotmail system via problems with the outlook express interface. Or the huge number of phishers reaping hotmail usernames and p****words. Or the security hole in hotmail that allowed you access to any hotmail mailbox by simply knowing their username. Or the javascript that could relay hotmail user's p****word. Or the way a Microsoft activeX object embedding in a hotmail msg gave you access to the recipient's computer. Or the HTML + TIME + hotmail + IE made it easy to automatically run malicious scripts in hotmail.
etc ... etc ... etc
GMail is still in beta. Microsoft is loosing market share.