Gmail is not 100% Safe! And we have got proof

Posted on Sunday, June 01, 2008 by Arun Basil Lal

Gmail is fast, but we just found out how insecure it is. The standard Gmail loads into a java applet which gives Gmail all the so called, cool features. Each time you open a mail, Gmail creates an executable file named ‘mail.google.com’ in the Internet Explorer Cache (usually in Temporary Internet Files folder). This file cannot run on windows, if you try opening it you get an error message:

We opened the file in the best ever hacking tool, Notepad. As expected we got a scramble of text. Some lines of the text looked like html code, so we thought of opening the file in Internet Explorer. For this we saved the text file as ‘mail.html’ and opened it in Internet Explorer hoping to find some effect of the html. The result was negative. Then we opened the file in Microsoft FrontPage and switched the view to HTML (refer image)


In the HTML view, the text was organized and comprehensive. And we got the answer. Gmail is not 100% safe. We could make out the mails that we had previously opened on our computer from the html. Here is an example:

Original Mail:

HOW TO DETECT A 2-WAY MIRROR?
When we visit toilets, bathrooms, hotel rooms, changing rooms, etc. How many of you know for sure that the seemingly ordinary mirror hanging on the wall is a real mirror, or actually a 2-way mirror i.e., they can see you, but you can’t see them. There have been many cases of people installing 2-way mirrors in female changing rooms or bathroom or bedrooms. It is very difficult to positively identify the surface by looking at it. So, how do we determine with any amount of certainty what type of mirror we are looking at?
CONDUCT THIS SIMPLE TEST: Place the tip of your fingernail against the reflective surface and if there is a GAP between your fingernail and the image of the nail, then it is a GENUINE mirror. However, if your fingernail DIRECTLY TOUCHES the image of your nail, then BEWARE; IT IS A 2-WAY MIRROR! (There is someone seeing you from other side). So remember, every time you see a mirror, do the fingernail test. It doesn’t cost you anything. It is simple to do.
The reason there is a gap on a real mirror, is because the silver is on the back of the mirror UNDER the glass. Whereas with a two-way mirror, the silver is on the surface. Keep it in mind! Make sure and check every time you enter in hotel rooms. May be someone is making a film on you.

Ladies: Share this with your friends.
Men: Share this with your sisters, wives, daughters, friends, colleagues, etc. Pass this message to all Ur friends in the Contacts

Take care.......
luv
GTM

The Scramble we found from Cache:

[[["v","1mq71lcaz8ekj","5259372521f1cec4","41","1","vaknsvbtjz8a"]
,["gn",""]
,["cfs",[]
,[]
]
,["i",100]
,["st",1211373576]
,["qu","32","6745","0","#006633",0,0,0,"0","6.6"]
,["ft","Add a personalized \u003cspan style\u003d\"color:#0000CC;text-decoration:underline;cursor:pointer;cursor:hand;white-space:nowrap\" id\u003d\"prf_g\"\u003e\u003cb\u003esignature\ u003c/b\u003e\u003c/span\u003e to all your outgoing messages. \u0026nbsp; \u003ca style\u003dcolor:#0000CC target\u003d_blank href\u003d\"http://mail.google.com/support/bin/answer.py?ctx\u003d%67mail\u0026hl\u003den\u0026answer\u003d8395\"\u003eLearn more\u003c/a\u003e"]
,["cs","112276a993ec9903","2 way mirror","2 way mirror","",["^i"]
,[]
,0,1,,"112276a993ec9903",[]
,1,"4",0,0]
,["mi",8,1,"112276a993ec9903",0,"0","GTM JS","GTM","4gtmjs@gmail.com",[[]
,[]
,[]
]
,"4/25/07",[]
,[]
,[]
,[]
,"Apr 25, 2007 11:55 AM","2 way mirror","",[]
,1,,,"Wed Apr 25 2007_11:55 AM","On 4/25/07, GTM JS \u003c4gtmjs@gmail.com\u003e wrote:","On 4/25/07, \u003cb class\u003dgmail_sendername\u003eGTM JS\u003c/b\u003e \u0026lt;4gtmjs@gmail.com\u0026gt; wrote:","gmail.com",,,"","",0,,"\u003caab366660 704242325y38b5aab4q2dace5d9177108a0@mail.gmail.com\u003e",1177482336000,,0,"2 way mirror",0]
,["mb","\u003cstrong\u003e\u003c u\u003eHOW TO DETECT A 2-WAY MIRROR?\u003cbr\u003e\u003 c/u\u003e\u003c/strong\u003e\u003cbr\u003eWhen we visit toilets, bathrooms, hotel rooms, changing rooms, etc.,\u003cbr\u003eHow many of you know for sure that the seemingly ordinary mirror\u003cbr\u003ehanging\u003cbr\u003eon the wall is a real mirror, or actually a 2-way mirror \ni.e., they can\u003cbr\u003esee you, but you can\u0026#39;t see them. There have been many cases of people\u003cbr\u003einstalling 2-way mirrors in female changing rooms or bathroom or\u003cbr\ u003ebedrooms. It is very difficult to positively identify the surface by \n\u003cbr\u003ejust\u003cbr\u003elooking at it. So, how do we determine with any amount of certainty\u003cbr\u003ewhat\u003cbr\u003etype of mirror we are looking at?\u003cbr\u003e\u003cbr\ u003e\u003c strong\u003e\u003cu\u003eCONDUCT THIS SIMPLE TEST:\u003cbr\u003e\u003c/u\u003e\u0 03c/strong\u003e\u003cbr\u003ePlace the tip of your fingernail against the reflective surface and if \n\u003cbr\u003ethere is a GAP between your fingernail and the image of the nail, then\u003cbr\u003eit is a GENUINE mirror.\u003cbr\u003e\u003cbr\u003eHowever, if your fingernail DIRECTLY TOUCHES the image of your nail,\u003cbr\u003ethen BEWARE, IT IS A 2-WAY MIRROR! (There is someone seeing you from \n\u003cbr\u003ethe\u003cbr\u003eother side). So remember, every time you see a mirror, do the\u003cbr\u0 03e\u0026quot;fingernail test.\u0026quot; It doesn\u0026#39;t cost you anything. It is simple to do.\u003cbr\u003e\u003cbr\u003eThe reason there is a gap on a real mirror, is because the silver is on \n\u003cbr\u003ethe back of the mirror UNDER the glass.\u003cbr\u003e\u003cbr\u003eWhereas with a two-way mirror, the silver is on the surface. Keep it in\u003cbr\u003emind! Make sure and check every time you enter in hotel rooms. May be\u003cbr\u003esomeone is making a film on you. \n\u003cbr\u003e\u003cbr\u003eLadies: Share this with your friends.\u003cbr\u003eMen: Share this with your sisters, wives, daughters, friends,\u003cbr\u003ecolleagues, etc.\u003cbr\u003ePass this message to all Ur friends in the Contacts Take care.......n\u003cbr\u003edo test\u003cbr\u003eit....\n\u003cbr\u00 3e\u003cbr\u003e\ u003cstrong\u003eluv GTM\u003c/strong\u003e\u003cbr\u003e\n",0]
,["ce"]],"0"]

See for yourself, the whole of the mail is in the cache. We tried with many such files. We found lot of mails in bits and pieces along with a bunch of email addresses. Now that’s solid proof.

If you are someone who uses public computers or shares a computer with someone, it would be good for your privacy if you clear the cache after logging out of Gmail every time. Some public computers do not give access to the cache, in that case use the ‘Basic html view’ available in Gmail. We recommend Firefox to use Gmail. It does not have this problem of privacy.

And for the Google guys: Time has come to solve this Privacy issue.

2 Responses to "Gmail is not 100% Safe! And we have got proof":

Anonymous says:

Hey...its called caching. the webpage is cached locally for speedy retrieval. the file appears as an application because it is a .com

basically its just the mail that you have read being cached locally. nothing much to worry about.

Arun Basil Lal says:

@ Anonymous

Hey.. I know what is caching and I had been using .com files for years.

Well the problem is that, many websites send you the usernames and passwords by direct emal. So someone who checks your cache might find one. Also I wouldnt love if someone else reads my emails. I think Gmail should take action to remove such files after each session