SecurityProNews Directory: A Directory For All Things Security

Hint: Don’t Reveal Your Gmail RSS Feed

Okay, this should be a no-brainer, but just because Gmail offers RSS feeds doesn’t mean you should offer them to the public.

A number of people have done just that, sending their Gmail off to Feedburner and then subscribing in Bloglines, which puts it in the public directory (unless you actually thought to make it private). Among the apparent victims: Andy Rutledge, who likes Bear Grams when he isn’t redesigning company homepages.

I’ve already found out Naveen Joshi’s username (and missed his password by an ellipsis), know that Joe is getting messages from his personal trainer, Joe Grossberg invited himself to Gmail (for multiple accounts, I presume), and that there are nine companies that will refinance. Does Bloglines need to protect these users from themselves, or is it your fault when you make a feed of your email public?

Martin Belam discovered this snafu, and has a lot more to say on it. He also found one guy’s termination letter (ouch!). Maybe someone should email all these people and let them know what happened?

(via Danny Sullivan)

Comments

Tag: ,

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:

Nathan Weinberg
About Nathan Weinberg
Nathan Weinberg writes the popular InsideGoogle blog, offering the latest news and insights about Google and search engines. Visit the InsideGoogle blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>