Google : WebAccelerator

Giblet

They shouldn't release anything that has such stupid problems. Even in Alpha!

Just because they probably didn't know about it, doesn't mean we should all sit down and let GWA it's thing.

So I dunno why you are trying to defend the GWA when it has such a big security hole in it and should be suspended.

And I've also seen the evidence of PM's aswell.

Shrimp

Google are great at thinking of novel ideas.. all of course are going to be in a beta stage for a short while.. give it time, and this will be fixed..

daveirl

This post has been deleted.

Shrimp

how exactly can ppl acess other ppl pm's?

Nietzschean

Giblet wrote:

They shouldn't release anything that has such stupid problems. Even in Alpha!

Software designed to be used by millions of users is very hard to debug before u let anyone test it. and bear in mind this is the TEST phase, if your not comfertable with that then don't use it.

Just because they probably didn't know about it, doesn't mean we should all sit down and let GWA it's thing.

No we tell them and they fix it, sounds like a simple normal proceedure, we didn't all uninstall windows when every security hole was found/exploited now did we?

So I dunno why you are trying to defend the GWA when it has such a big security hole in it and should be suspended.

It should be patched, and as i pointed out in my previous post its not nearly as big a security hole as you are making out.

your inital statement that it involved p2p stuff seems to be completely invalid(privacy agreement has no mention of it either).

And your arguement over PM's seems highly unlikely

Giblet

By checking their own.

Shrimp

sorry? i's lost? can u explain please..

Nietzschean

Giblet wrote:

And I've also seen the evidence of PM's aswell.

Thats a list of PM's, not the PM's themselves, access the PM's would be harder.

you would be relying on the user before you having read the PM and having the right URL still and so on...... I still think the odds of you being able to use it in a malicious fashion to read someone's stuff and post as them is about the same as phpBB screwing up and giving u that access anyway(and it is renounded for its security holes, i didn't see a campain to stop people using that)

Giblet

Unlikely, I just showed you evidence!

Jesus some people are willing to defend anything to the end of the earth. Google know about this, but it seems unlikely they'll do anything soon. And yes, anything that will be snapped up by the masses like GWA will cause major problems with such a security issue. It's not a matter of "proxies do this anyway".

Giblet

Darth Bobo wrote:

Thats a list of PM's, not the PM's themselves, access the PM's would be harder.

you would be relying on the user before you having read the PM and having the right URL still and so on...... I still think the odds of you being able to use it in a malicious fashion to read someone's stuff and post as them is about the same as phpBB screwing up and giving u that access anyway(and it is renounded for its security holes, i didn't see a campain to stop people using that)

So getting a list of PM's is ok? The url would be some simple lookup that would be the same for anyone. And if it used any sort of system to trace PM's it could be easily abused.

radiospan

Shrimp wrote:

sorry? i's lost? can u explain please..

If you go to check your PMs on boards, say, you go to this site: http://www.boards.ie/vbulletin/private.php?

The Google WebAccelerator would then cache this page (with all your private info on it).

Then if somebody else goes to check theirs, (using that same URL), Google WebAccelerator checks it's cache finds the copy of *your* private messages page, and displays it on the other persons PC.

At least I think this is what the problem is. Can't believe Google missed something as obvious as this...

Nietzschean

Giblet wrote:

So getting a list of PM's is ok? The url would be some simple lookup that would be the same for anyone.

Yeah a list of pm's seems harmless enough to me, its not actually google's fault imo, i'd say its phpBB's poor security, it should be expiring the pages so google doesn't cache them anyway. it shouldn't cache personal pages on your local machine(think internet cafe), i think its more google has highlighted a flaw in phpbb than vice versa

Nietzschean

plazzTT wrote:

If you go to check your PMs on boards, say, you go to this site: http://www.boards.ie/vbulletin/private.php?

Have you checked does it happen for boards.ie ? all the examples stated seem to be confiend to phpBB and its crap security

Giblet

boards.us uses phpbb.

zAbbo

shut up paulie

Giblet

no u

daveirl

This post has been deleted.

Nietzschean

Giblet wrote:

boards.us uses phpbb.

well phpbb is known to be crap for security so unless its appearing in a decent BB i think its a phpBB issue not a google one.

Mutant_Fruit

Erm, i wouldn't call it a trivial bug... its quite possible that confidential info COULD leak out due to this "trivial" bug. Fine, at the moment it seems to be just accounts for web forums... but supposing someones paypal info got "cached" and read by someone else because it was in an email in their email address, or in a PM.... not good.

(i don;t know the likelihood of it happening, but if it did.....)

lomb

paypal info wont cache as it would be https.
in any case i have tried it and web pages actually load slower regardless of what it says at the top. saved 1.2 minutes yeah right. i have uninstalled it, the iol cache thing is very good alright.

cregser

I read an article today saying that if this became popular, the hit counts on other websites would decrease because everyone would be d/ling grom Google caches. Therefore decreasing advertising revenues. I wonder if this would effect Googleads

Google gives something like 12-25% of employees time to their own pet projects. So this is probably just some wise-guys work with a small team to help him out. That's probably why security holes passed through. I read a long interesting article about how Google is Microsoft's main competitor. Releasing buggy stuff like this ain't gonna help their (as yet unannounced) cause.

bringitdown

According to its stats I saved a whole 39 seconds on my NTL connection last night....

WoW

Still undecided if I'll use it long term but hey it is an interesting / free / beta from an interesting company.

pencil

Anyone know the UTV Clicksilver proxy address?

I'd email them and ask them my self but, as we all know, that would be a complete waste of time.