G-Archiver Steals Gmail Identities

Blog site Coding Horror recently recounted a security breach involving G-Archiver, a shareware Gmail backup utility that had been made available on many sites, including Cnet.com's popular download.com.

In an e-mail message to Coding Horror blogger Jeff Atwood, programmer Dustin Brooks described how he reverse-engineered G-Archiver after trying it out. He discovered that "apparent creator" John Terry had both hard-coded his own username and password for his Gmail account into the source code and coded the software to receive an e-mail with the user name and password for anybody else who used the utility to back up their Gmail data.

Atwood then logged into Terry's account using the information he'd uncovered and deleted a total of 1,777 e-mails with account information, including his own. Then he changed the password and security question to disable Terry's access and requested--as the logged-in John Terry--that Google delete the account.

Since publication of Brooks' discovery, the programmer has become a white hat hero to the hundreds of people who have posted comments to Atwood's original post. While Cnet has removed the utility from Download.com, G-Archiver is still available at a number of other download sites.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing digital brain above a chessboard with data charts and flowcharts

    Why AI Strategy Matters (and Why Not Having One Is Risky)

    If your institution hasn't started developing an AI strategy, you are likely putting yourself and your stakeholders at risk, particularly when it comes to ethical use, responsible pedagogical and data practices, and innovative exploration.

  • laptop screen with a video play icon, surrounded by parts of notebooks, pens, and a water bottle on a student desk

    New AI Tool Generates Video Explanations Based on Course Materials

    AI-powered studying and learning platform Studyfetch has launched Imagine Explainers, a new video creator that utilizes artificial intelligence to generate 10- to 60-minute explainer videos for any topic.

  • cloud and circuit patterns with AI stamp

    Cloud Management Startup Launches Infrastructure Intelligence Tool

    A new AI-powered infrastructure intelligence tool from cloud management startup env0 aims to turn the fog of sprawling, enterprise-scale deployments into crisp, queryable insight, minus the spreadsheets, scripts, and late-night Slack threads.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.