Subscribe by EmailTo blog or not to blog, that is the question
July 18, 2008 by Mark O'Neill |By Mark O’Neill
Contributing Writer, [GAS]
It dismays me sometimes when I see some bloggers and the stuff they write. Only this morning, I was looking at someone’s blog and he was talking about a security hole that he had discovered in Gmail. He had found a vulnerability where he could see everyone’s Gmail address, which is obviously a spammer’s wet dream.
Now in this case, the responsible course of action would be to not go into specific detail on his blog but to instead say “I’m going to contact Gmail now” and then do so. He could contact Google, tell them what he has found, and help them plug the hole. He would then earn serious brownie points with Google and maybe feel good about himself in the process.
But does he do this? Of course not. Instead, he gleefully details step by step what he has found and he details in process how you can find it too. By doing so, he has put at risk every Gmail account out there and the only people who will be happy with this jerk today will be the spammers. To add insult to injury, his blog is hosted on Google’s Blogspot!
This topic is especially timely today because a while back, I helped out AVG Anti-Virus. I wrote a story about AVG 2008 on Make Use Of and they emailed me afterward to say thanks. Shortly after that, the AVG program on my computer went a bit crazy and I emailed them to complain. There were a few minor problems with their database and we worked together to get it fixed. They were appreciative that I got in touch and everything was finally resolved to everyone’s satisfaction.
Now my point is it would have been very easy to get on my blog, on Make Use Of or here on Geeks Are Sexy, after AVG started malfunctioning and tell the whole world that AVG now sucked, that their program sucked, etc. But instead I decided to help them. I chose to let them know what the problem was and to help them fix a product that I love very much. I recognized that AVG had a one-off unintentional problem which was probably easily fixable and that blogging about it was stupid and wasn’t going to achieve anything.
Just like this jerk should have done today. If he loves Gmail as much as I do, he should have realized that blogging about the Gmail security hole was stupid and immature. He should have contacted Gmail right away and said “I love Gmail as much as you do, let’s get this problem fixed ASAP before the spammers find it”.
AVG were so appreciative of my help that this morning, I received a gift from them. The package included a USB mouse and a 2 GB USB stick. So you see, good deeds do go rewarded. Instead of bragging or complaining about problems or vulnerabilities, how about stepping up and helping the company concerned?
I often get the impression that bloggers are looked upon as the bad guys by companies. Some companies have told me that some bloggers have hinted to them “give me some free stuff or I’ll write bad things about you on my blog”. This kind of unethical behavior appalls me and if I can help just a little bit to make bloggers look good by occasionally helping out companies like AVG, then I can go to bed each night feeling like I’ve achieved something with my day.
You Might Also Like:
- [GAS] Nominated as Top Tech Blog for 2007
- Rotate your blog ads with UBD Block Ad
- Monday morning links serving: The October 29th edition
- Help your blog visitors “push up” their browsers
There was a minor snafu using the service with IE, and I shot an email pointing that out. The LinkBunch people replied back the next day, thanking me for bringing it to their attention. This enabled them to quickly fix the glitch. In return, my “alert” was cited in their blog, and I even received a nice linkback to my site in the process.
This kind of cooperation seems more in the spirit of open-source.
Cheers.
I may be wrong but if this is the post that I’m thinking of and I remember correctly who wrote it, it has been removed from his blog. Of course my memory may fail me.
I don’t think it is irresponsible of me to criticise someone who publicises to the whole world how to find a security hole in Gmail which lets you see everyone’s email address. I’ve just checked and the page is still up and running.
Now that is a very irresponsible thing to do. I hope enough people gently point this out to the person in question so he can buy a clue for the future.
Data points, Barbara
With full disclosure, people are informed and can make plans to mitigate against risk, the company has more incentive to fix the problem rather than cover it up, and third parties have the information to need to provide fixes in case the responsible parties don’t respond quick enough.
The dude did the right thing.
Telling google about the security breach would be pointless because big companies don’t listen to little people’s complaints. They can’t read every single piece of mail they get from their millions of users.