URGENT - Gmail and Gazeta.pl security threat!

[Paweł Komarnicki]

Hello,

I've noticed, that there is on HUGE security issue in Gmail. Let me
explain:

If you have gazeta.pl mail account (like me) and later you've made a
gmail account, a message sent to ni...@gmail.com will also get to
ni...@gazeta.pl (gazeta.pl has switched to gmail system this year)

So, let's imagine this situation. In 2004 you got mail account
swe...@gazeta.pl, and in 2007 somebody got swe...@gmail.com (so this
is the same nick), messages adressed to swe...@gazeta.pl go to
gazeta.pl account, but these one adressed to swe...@gmail.com go to
gmail AND gazeta.pl accounts! So now you got somebody's else messages.
Can't imagine how dangerous is that! :/

Please repair it, because this is very weird and dangerous (and very
nasty security flaw) and can cause several legal problems (in case you
get messages of some perverts or pedophiles)

PS: if you got gmail.com account first and THEN gazeta.pl account,
this problem doesn't happen.

Please Google if you'd like to verify what I say, please contact me on
pawel.ko...@gmail.com (I'll also get message to
pawel.ko...@gazeta.pl as well :P)

[Fuzzy Logic]

The only way that a message sent to a Gmail address would also get to
gazeta.pl is if it is autoforwarded from Gmail (a user-set option), or
if gazeta.pl is pulling mail from Gmail (another user-set option).
Neither will happen automatically. Someone must make an explicit
settings change to their own account for it to occur.

Fuzzy

--
Latin: Dum spiro spero.
English: While I breathe, I hope.

[Andrew Ingraham]

> The only way that a message sent to a Gmail address would also get to
> gazeta.pl is if it is autoforwarded from Gmail (a user-set option), or
> if gazeta.pl is pulling mail from Gmail (another user-set option).
> Neither will happen automatically. Someone must make an explicit
> settings change to their own account for it to occur.

Well, it's also possible that gazeta.pl and Gmail made an agreement where
Gmail automatically forwards to the former gazeta.pl account, with no user
interaction, maybe even hidden from the user to control.

I've heard about more than one ISP that has cashed in on Gmail and has them
handle the email for their customers. I wouldn't be surprised to find that
Gmail has some special "hooks" to handle those situations.

ISPs change hands and merge from time to time, and when they do, if they
transfer their accounts over, they usually check for conflicts and do
something to prevent an actual conflict, perhaps by changing the name of one
of them. Do you know that this didn't happen with some accounts, or are you
just guessing that it could?

Also note that this is a Gmail user's group, and none of us is Google. If
you want someone at Google to know about this, you have to do it some other
way.

Andy

[Paweł Komarnicki]

The problem is I can't explain why this happens, there are no CC:, BCC
and other things like that... So don't try to explain it this way :/

Also I couldn't find any way to contact google directly, there are no
adresses in gmail help :/

[Ryan Morehart]

You can find the CC and BCC boxes by clicking the "Add Cc" and "Add
Bcc" links underneath the normal To box.

Ryan

[Paweł Komarnicki]

LOL people i'm not so stupid, I checked twice if there are no cc and
bcc records :D OK, EOT because you can't do anything anyway, thanks
for your responds

On 26 Lip, 13:41, "Ryan Morehart" <moreh...@gmail.com> wrote:
> You can find the CC and BCC boxes by clicking the "Add Cc" and "Add
> Bcc" links underneath the normal To box.
>
> Ryan
>

[Ryan Morehart]

Ha, my bad. Thought this was the guy who was trying to figure out how
to do BCCs. :)

Ryan

2008/7/26 Paweł Komarnicki <kom...@gmail.com>:

[bkennelly]

When you look at the raw headers, which account appears in the
'Delivered-To' header?