Google, WTF?

General 22 Comments

After some investigation I found the most probable reason of the break-in into my gmail account, which caused the spam message to be broadcasted to my entire gmail address book.

GMail performs login using https. Then (bah!) it redirects to http! All further interactions are done in insecure mode – unless the original address you typed in your browser started with https (or you change it manually and explicitly in the address line). Awesome, isn’t it? For details, see for example here.

So, I guess when I read my gmail using some occational free hotspot in the city (thanks to my n800), there was some “man in the middle” attack. It is not a big deal for minimally educated script kiddie – once http stream is not encoded and all cookies are there…

I definitely blame myself for being so lame and not knowing that bad fact about GMail (and not being paranoid enough to check the security of the connection when I have to). But I am deeply disappointed that GMail is so unsecure by default – and that information is not printed with big red letters on top of the page.

I guess there might be some people around who are still not aware of that shameful detail about GMail – so I am warning them.

Apologies

General 1 Comment

My GMail account got broken today – the spam message got sent to my entire abook. I sincerely apologize to everyone who got that spam. I will try to find out how it could happen… Deeply sorry.

Nokia: like if you hadn’t enough complains yet

maemo No Comments

With all due respect, Nokia totally blew it, with new firmware. Servers are DDOSed. People complain, share the files using own hostings, they use torrents (why would Nokia not establish own torrent?). And new exciting canola2 release does not improve the situation either… The new firmware rocks, I must admit. The IT organization is poor, that’s a very sad fact.

WMF handling, various apps and libs

General No Comments

I guess, a number of people would find this report interesting and insightful…

Releases: rush hour

g-a, g-c-c, libgnomekbd No Comments

Yesterday, there was a “tarballs due” date for 2.21.4. A day before I realized that wonderful layout printing code (kindly contributed by Ed Catmur, all my gratitude and respect) should be shared – it does not belong to g-c-c but should be generalized in libgnomekbd. So, yesterday night, an hour before the deadline, libgnomekbd 2.21.4.1 was released (there was libgnomekbd 2.21.4 a week ago) – with one new function in API. Now, both g-c-c and g-a in svn depend on libgnomekbd 2.21.4.1 (the last .1 is essential, hehe!). In return, they both offer layout printing functionality, isn’t it nice?