• Home

CodingExperiments.com

Linux, PHP, and the blogosphere

Search

Category:

  • Apple Inc.
  • Apps
  • Facts
  • Fun
  • Google
  • Ideas
  • Internet
  • Linux
  • Microsoft
  • PHP
  • Programming
  • Rants
  • Security
  • Uncategorized
  • web 2.0

Archives:

  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007

Pages

  • About
    • The Authors
  • Commenting your code
  • How to Write Papers with Groff
  • ModCMS Anti-Spam Component Set
  • ModCMS Technical Specifications
  • Regular Expressions Guessing Game
  • Saving code directly to a web server
  • The (Almost) Perfect PHP 404 Page

Meta:

  • RSS
  • Comments RSS

Awesomeness tracker

CodingExperiments at Blogged View blog authority
Free Page Rank Tool

The Danger of Web Apps; How a Bug in Gmail Locked up My Account

December 18th, 2008 by Rishabh Mishra

I haven’t been too excited about web apps. Sure, I use Gmail, Google Docs, Google Reader, and various other online tools, but I’m rather cautious about their use.

So, I log into my super secret mail URL, as I use Google Apps for Your Domain to check my email. I see that I’ve been sent an email from a friend containing a Word document.

To view the file, I click the View as HTML link that Gmail displays next to the attachment. In a new tab, the HTML rendition of the Word document is supposed to appear, but it doesn’t.

Not discouraged, I click Download Original Attachment, not knowing what is to come.

Click on the image to view it full-size

Yes, Google says that my account is now locked. Although I have planned for such a lockdown, Google denying my access to the account shocked me. Fortunately, the account was unlocked in a few minutes.

I repeated the test three times (not wanting to test it further due to Google possibly getting suspicious), and my account was locked down each time I tested it. I conclude that it is a bug within Gmail that set off the alarms, causing my account to be temporarily locked up.

The lesson? Depending on web applications to keep data secure or accessible is dangerous.

The sad part is that my story isn’t unique; many people have faced similar problems with a variety of web applications.

Remember, friends don’t let friends use web applications unsafely.


Posted in Google, Security, web 2.0 |

  • jokeyxero
    I would think this same kind of thing could happen with desktop mail, except instead of being locked out (which is easily reconciled usually) a bug could stop it from functioning at all until a patch is released. I agree we need to be careful on cloud dependence but I'm not convinced this is a good argument for caution.
  • Rishabh Mishra (possible248)
    Ooh. Didn't think about that.

    Regarding the same thing happening with desktop mail, but are you talking about a bug affecting the mail server or client?
  • jokeyxero
    If it is the server then it is out of your hands, just like with web mail, if the client you might be able to avoid it.
  • Rishabh Mishra (possible248)
    Right, but with webmail, a bug in code that wouldn't otherwise affect the server (such as viewing a Word document with a built-in viewer) can affect the server.

    So, the same sort of lack of reliability I talked about in the blog post could happen with desktop mail, but there is a greater chance of it happening with webmail.

    There are also greater consequences when webmail goes down, compared to desktop mail. With desktop mail, you typically have old messages downloaded to your computer, in case you need them for reference. With pure webmail (assuming it isn't backed up locally), even the existing mail vanishes.
blog comments powered by Disqus