Blog: Gmail

I came across an interesting feature of Gmail the other day.  Apparently you can add a little something extra to your e-mail address to better help your mail filters or just track who is selling your e-mail address.  To use this feature, simply add a '+string' to the 'username' portion of your address.  For example, if your e-mail address was bob@gmail.com, you could track your messages from Amazon.com by using bob+amazon@gmail.com in all your Amazon communication.  This would make it really easy to apply mail filters no matter what the sending address is (since some sending addresses can be pretty crazy).  Another nice "feature" is being able to track who is selling your e-mail address… though you still might not have much recourse.  If you'd like another variation that still delivers to your gmail Inbox, you can also use the domain googlemail.com.  Not sure why you'd want to, but to each his own.


 

G-Archiver, a shareware application used to backup Gmail accounts, was reported to be storing usernames and passwords. [more]

Jeff Atwood reports that he received the following "hair-raising tale" from Dustin Brooks via e-mail:

"I was looking for a way to back up my gmail account to a local drive. I've accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I'll give it a try.
It didn't really have the functionality I was looking for, but being a programmer myself I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned.
I opened up a browser and logged in to gmail using his account information. It still worked.
Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine. I decided to go ahead and blast every email to the deleted folder and then empty it. I may have accidentally changed the password and security question to something I don't remember as well, whoops, my bad. I also contacted google to erase this account as I didn't see a way to delete it myself."

For more details, visit http://www.codinghorror.com/blog/archives/001072.html or http://www.informationweek.com/news/showArticle.jhtml?articleID=206902839

This is a perfect example of why end users need to be very conscious of what they install, and why companies need to have adequate policies and procedures related to the installation and use of software.  As we have said in our company before, "Paranoia is not necessarily a bad thing"