Gmail’s G-Archiver Reveals Security Issues With Google
As Michael Arrington reported on TechCrunch yesterday, it turns out that G-Archiver, a third-party app for Gmail that lets you back up your Gmail to your hard drive, was taking Gmail usernames and passwords and sending them back to the creator’s mailbox. So when you signed up and plugged in your Gmail info for the app, it was not secure.
Arrington brings up the best point about this problem: since Gmail provides a gateway to Google’s other features, such as Google Docs and Google Apps, giving third-party developers access to your email credentials is a recipe for disaster on Google. All of the information is a password guess (or a phishing scam) away.
This is why many believe Microsoft Exchange and Sharepoint will continue to hold their market share over Google.
Google argues that by using SecureID for authentification, the problem can be avoided, but they will need to make this the industry standard over all ranges of companies before the problems can be fully eliminated. As Arrington says, many smaller companies aren’t using SecureID and are therefore at risk.
Another point made is that Google will hand over information stored on their servers to authorities, even if you are not contacted. They will also not fight legally on you behalf if you don’t want to hand over the info– unlike what one may do if information was stored on their own server. Google will give it away, and you won’t have a chance to fight it in court before you hand it over. Another thing to think about.
Technorati Tags: google, gmail, g-archiver, secureid
