NEWS: Google's Wi-Fi snoop nabbed passwords and emails
in [Wireless Internet]
|
Prev: NEWS: Cheap Smartphones Will Help Android Overtake the IPhone
Next: NEWS: Google to integrate PDF reader into Chrome (in addition to Flash)
From: John Navas on 18 Jun 2010 20:39 The Wi-Fi traffic collected by Google's world-roving Street View cars included passwords and email, according to a report citing a preliminary study from the French data protection authority. IDG reports that the French National Commission on Computing and Liberty (CNIL) has examined part of the data, after it was turned over by Google. "It's still too early to say what will happen as a result of this investigation," CNIL told IDG. "However, we can already state that [...] Google did indeed record e-mail access passwords [and] extracts of the content of email messages." MORE: <http://www.theregister.co.uk/2010/06/18/google_street_view_cars_wifi_data_includes_emails_and_passwords/>
From: Malcolm Hoar on 18 Jun 2010 21:44 In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: >"However, we can already state that [...] Google did indeed record >e-mail access passwords [and] extracts of the content of email >messages." That's not good but if folks are using cleartext passwords over a wireless connection, they really shouldn't have a "reasonable expectation of privacy". If I were one of those "victims" I'd be more worried about the other folks who may have recorded that info (and not very worried about Google). But, of course, Google represents a much more attractive target for those seeking financial reward for their own stupidity. -- |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Malcolm Hoar "The more I practice, the luckier I get". | | malch(a)malch.com Gary Player. | | http://www.malch.com/ Shpx gur PQN. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: John Navas on 18 Jun 2010 23:14 On Sat, 19 Jun 2010 01:44:26 GMT, in <hvh7dqg3aa002malch(a)news.sonic.net>, malch(a)malch.com (Malcolm Hoar) wrote: >In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: > >>"However, we can already state that [...] Google did indeed record >>e-mail access passwords [and] extracts of the content of email >>messages." > >That's not good but if folks are using cleartext passwords >over a wireless connection, they really shouldn't have a >"reasonable expectation of privacy". I respectfully disagree -- the problem is the fundamentally flawed POP3 protocol that many (most?) ISPs still use -- it shouldn't take a computer science degree to use basic Internet services. Shame on us. -- Best regards, John "We have met the enemy and he is us" -Pogo
From: Malcolm Hoar on 18 Jun 2010 23:45 In article <lbdo16lm1jrk0a7ode5n08i7osqd7lpt4d(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: >>That's not good but if folks are using cleartext passwords >>over a wireless connection, they really shouldn't have a >>"reasonable expectation of privacy". > >I respectfully disagree -- the problem is the fundamentally flawed POP3 >protocol that many (most?) ISPs still use -- it shouldn't take a >computer science degree to use basic Internet services. Shame on us. POP3 is certainly an issue but you can't hang that one on Google. It would be interesting to know the distribution of the captured passwords, by protocol. I'm guessing that they caught more HTTP Basic Authentication passwords than POP3 since most of the inexperienced users (that I know) use webmail versus POP3/SMTP. At least those are "encrypted" with Base64 ;-) -- |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Malcolm Hoar "The more I practice, the luckier I get". | | malch(a)malch.com Gary Player. | | http://www.malch.com/ Shpx gur PQN. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: alexd on 19 Jun 2010 07:53
On 19/06/10 04:14, John Navas wrote: > I respectfully disagree -- the problem is the fundamentally flawed POP3 > protocol that many (most?) ISPs still use -- it shouldn't take a > computer science degree to use basic Internet services. Shame on us. POP3 doesn't necessarily need to be insecure. In fact, both of the POP3 servers I connect to use TLS. One is live.com on port 995 so POP3S, the other is on port 110 but the client and the server negotiate TLS without any intervation on my part. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 12:25:22 up 52 days, 14:55, 1 user, load average: 0.64, 0.31, 0.27 It is better to have been wasted and then sober than to never have been wasted at all |