x404.co.uk
http://www.x404.co.uk/forum/

How Gmail is insecure
http://www.x404.co.uk/forum/viewtopic.php?f=3&t=13073
Page 1 of 1

Author:  paulzolo [ Fri Mar 18, 2011 12:16 pm ]
Post subject:  How Gmail is insecure

Here’s one. You know I’ve been getting odd emails to my gmail account. Well, it seems that as well as

user.name@gmail.com
and
username@gmail.com

being the same, so is

username@googlemail.com

With that bit of information to hand, I wondered why I got an email from an online store giving me a username & password and thanking me for signing up. Here’s the rub - I visit the site, log in and I now have the person’s

Name (naturally, it’s the same as mine)
Address
Phone number

and order history. He’s spent €259 euros on some Microsoft 2007 exam stuff. :?

I am wondering if I should phone him and talk to him about this as all kind of crap from that site will no doubt be coming my way. Obviously, I can’t email him as it’s coming to me. The site I am looking at is crap and keeps getting its HTTP:// and HTTPS:// mixed up. :shock:

EDIT: tried calling him, but I just got his answer machine

Author:  pcernie [ Fri Mar 18, 2011 12:38 pm ]
Post subject:  Re: How Gmail is insecure

Google are heading for a massive FAIL with that one, aren't they? :shock:

Author:  Linux_User [ Fri Mar 18, 2011 12:40 pm ]
Post subject:  Re: How Gmail is insecure

Have you contacted Google about this? Can't say I've ever received someone else's e-mails myself.

EDIT: This is interesting:

http://mail.google.com/support/bin/answ ... wer=10313#

Author:  paulzolo [ Fri Mar 18, 2011 1:04 pm ]
Post subject:  Re: How Gmail is insecure

Linux_User wrote:
Have you contacted Google about this? Can't say I've ever received someone else's e-mails myself.

EDIT: This is interesting:

http://mail.google.com/support/bin/answ ... wer=10313#


I have posted on their forum. I guess someone may notice it. It appears that it could be something to do with the transition from googlemail.com to gmail.com in the UK. Punters may remember that Gmail could not be used in the UK for trademark reasons. Those have been resolved, and Google is now getting everyone to be on the gmail.com domain.

You can see the FAIL and the hurt from where you are. I’ve just logged into my Google account using the googlemail.com email address and my password. :shock:
So even if there WAS a notice on his GoogleMail.com account web page to flip the switch to Gmail.com (and use a different user name because mine is already taken), then he’s missed that boat (probably because he’s using a mail client rather than a browser).

It’s a mess.

I have emailed the website concerned to tell them the problem. Maybe they can get hold of him and explain the situation. I’m arsed if I’m going to chase him over this.

Author:  paulzolo [ Fri Mar 18, 2011 10:29 pm ]
Post subject:  Re: How Gmail is insecure

UPDATE

1 - I heard back from the online shop from where the email was sent. They’ve spoken to the other person and have shored up his account. Hopefully that’s the job done.

2 - As far as the whole googlemail.com / gmail.com confusion is concerned, there seems to be differing opinions of Google’s forums about this. There are numerous posts from people who have started to get other people’s emails. The arguments seem circular, but I find it hard to believe that it is as cut and dry as those offering the solutions seem to thing. There are people who have, like me, who have gmail.com accounts who have been getting emails from people on googlemail.com accounts who share a user name. People are getting all kinds of things - personal emails, family photos, job offers. Those responding say that a gmail account = a Googlemail account, you can’t share user names (googlemail is an alias for gmail) and that erroneous emails are due to typos. However, this seems not to wash others who are convinced that people have been running separate accounts with the same username, BUT problems started when Google started migrating Googlemail users to Gmail.

Clearly this is all speculation on the part of the forum members, as there seems not to have been any input from a Google staffer who could look at this and give a response. I am not as convinced by the typo problem as those on the forums are - otherwise would I not be getting poorly targeted emails to my other email accounts? Apart from spam, I’d say not. Yet with Gmail I’ve had lots of erroneous non-spam emails.

Author:  EddArmitage [ Fri Mar 18, 2011 10:54 pm ]
Post subject:  Re: How Gmail is insecure

There should only ever be one account, regardless of whether it's @googlemail or @gmail. My account works fully with my.name@gmail, my.name@googlemail, my.name+anythingthehellIwant@either. My account is just the my.name bit. I presume it's just someone forgotten the my.name bit of their account? I know in the past my dad has received something his.name when someone meant to send it to his.initial.name (and even sent it to both accounts).

Author:  paulzolo [ Sat Mar 19, 2011 7:31 pm ]
Post subject:  Re: How Gmail is insecure

EddArmitage wrote:
There should only ever be one account, regardless of whether it's @googlemail or @gmail. My account works fully with my.name@gmail, my.name@googlemail, my.name+anythingthehellIwant@either. My account is just the my.name bit. I presume it's just someone forgotten the my.name bit of their account? I know in the past my dad has received something his.name when someone meant to send it to his.initial.name (and even sent it to both accounts).


Could be a typo or forgetfulness. If that is true, then I would expect more mistaken deliveries to one of my other domains. However, this is not the case. It]s just Gmail.

So, either there are problems with gmail/googlemail OR there are more idiots using Gmail. Either way, one day I’ll get payment card details via Gmail.

Author:  finlay666 [ Sun Mar 20, 2011 5:03 pm ]
Post subject:  Re: How Gmail is insecure

EddArmitage wrote:
There should only ever be one account, regardless of whether it's @googlemail or @gmail. My account works fully with my.name@gmail, my.name@googlemail, my.name+anythingthehellIwant@either. My account is just the my.name bit.


Actually it's myname, .s and any trailing +foo is disregarded :)
EddArmitage
Edd.Armitage
E.d.d.A.r.m.i.t.a.g.e
E.d.d.A.r.m.i.t.a.g.e+x404

all redirect to the same account as gmail.com or googlemail.com

Author:  EddArmitage [ Sun Mar 20, 2011 7:24 pm ]
Post subject:  Re: How Gmail is insecure

finlay666 wrote:
EddArmitage wrote:
There should only ever be one account, regardless of whether it's @googlemail or @gmail. My account works fully with my.name@gmail, my.name@googlemail, my.name+anythingthehellIwant@either. My account is just the my.name bit.


Actually it's myname, .s and any trailing +foo is disregarded :)
EddArmitage
Edd.Armitage
E.d.d.A.r.m.i.t.a.g.e
E.d.d.A.r.m.i.t.a.g.e+x404

all redirect to the same account as gmail.com or googlemail.com

Sorry, yes, I forgot the .s were stripped too.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/