Comments on: Google Account Consolidation – Real World Security Concerns – An Involuntary Case Study

By: Winooski

Winooski — Thu, 17 Jan 2008 17:32:23 +0000

What a frightening story! I’m happy to hear that it was resolved, though sorry to hear it took a not-insignificant amount of effort.

What really caught my eye, though, is the fact that this story is appearing at the same time as Yahoo! announcing that it’s joining the OpenID initiative (see http://searchengineland.com/080117-082924.php ). If ever there was evidence that a universal login is not a good idea, Carsten’s “case study” is it.

By: CarstenCumbrowski

CarstenCumbrowski — Wed, 16 Jan 2008 04:57:51 +0000

Hi Oliver,

that Google is not a figurehead when it comes to customer service is known and I also have to give them credit that they realized it themselves and work on improving on that.

Customer service is one thing and security another though. Those things should probably not even be handled by the same department.

The reporting of a security breach to customer service should raise a red flag and trigger the involvement of the security department and taken very serious. Time works for the attacker who was able to break into the system.

Not responding to such threats is irresponsible.

To make a real-life comparison, an ill response like demonstrated in my case in case of a 911 call that reports that a robbery is currently in process could result into people getting hurt or killed, not to mention that it is harder to find the robber, after the fact than it is while the robbery is still in progress.

By: Oliver Taco

Oliver Taco — Wed, 16 Jan 2008 04:17:32 +0000

I’m amazed you found a human being. I have NEVER had such bad support for paid services as I have at google.

Ok, Sears, once, on a fridge rebate.

But that is not very good company, is it?

-OT