Voices count

Posted by Jake Good
on Oct 18, 04

No, this is not going to be a political rant about how one should vote for anyone butBush ;) But... it does have some relevance

So I started reviewing software products the last month or so... and somehow they gotthe attention of their authors...

Resharper(Jetbrains)
DotNetToolPack
CopySourceAsHTML
to name a few... each one having the author comment and/or contact me to discuss myreview further (which is awesome!)

But just recently,I posted about the GoogleFS Drive andbrought up a possible concern, the best part.. is that my little voice has been heardonce again...

Here's an excerpt from the email to which my email addressed. I wanted to clear upthings that I thought were vulnerabilities, but actually aren't.

************************************************************************************************

Subject:
Svar: question
From:
"Bjarke Viksøe"
Date:
Mon, 18 Oct 2004 09:42:44 +0200
To:
<jake@whoisjake.com>

Hi,

The same thing that stops you from doing this using a regular mail -Google's spam filters & virus checks.
My software doesn't do anything that you can't do with the web-interface.
Also note that you cannot directly launch an application from my tool, you must make aconsious choice
to copy'n'paste the program to the desktop and launch it there - incidently the samerestrictions that
apply for most e-mail virus-threads.

bjarke


>>>>>> Jake Good <jake@whoisjake.com> 16-10-2004 01:06:28>>>

What stops me from sending an EXE with a correctly formatted subject to
another person's gmail account.. have it put into archive and then
showing up in their drive? I tested it and it worked perfectly. Kind of
scary

Jake
http://www.whoisjake.com/blog

************************************************************************************************

I still think there is an ethics decision here that might trigger a feature update tothe tool:

What if I sent child pornography to someone's gmail account, having it automaticallyplaced on an unsuspectful innocent person's hard drive?

Feature:
You could implement a client generated key andinclude that in the body of the email. It's not a complete fix, but if its generated bythe client tool, the attacker would have to figure out the algorithm or intercept theemail. This feature would help reduce the risk... IMHO.

Comments

Leave a response

Comment