1. SEJ
  2.  ⋅ 
  3. SEO

Google Video Exposing Private Username & Password Information?

Google Video may be exposing the username and passwords of users who post videos to their MySpace accounts and serving this information over unsecure Internet protocol, with an http URL and not https.

A Google user experienced the security flaw after viewing a video on Google Video and clicking the ‘Email – Blog – Post to Myspace’ option.

Example, go to this Google Video of the Japanese Master of Tetris playing in the 2001 Tetris Championship.

Tetris Grand Championship

Then click ‘Email – Blog – Post to Myspace’

Google Video Post to MySpace

You will then be served this unsecure form which asks for private login information:

Google Video Embed Form

The user posted his experience with this on DigitalPoint forums:

So after clicking I was greeted with the following popup…22&siteindex=3 and immediately noticed that the url of it was http, and not https. An insecure form… So I figured it must be posting the login details to a https url, so I pulled out live headers and this is what I got:

POST /blogpost HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070309 Firefox/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
Cookie: PREF=ID=26c938172fc51030:TM=1178041215:LM=1138046118:S=Bw_pBCzx-opEyR3s; sloc=en_GB
Pragma: no-cache
Cache-Control: no-cache

In a nutshell, according to this user, Google is passing private information which includes MySpace, LiveJournal, Blogger, and TypePad login details over unsecure channels. And since Blogger accounts sometimes use Google Accounts for login, such a flaw could expose a user’s GMail, Google AdWords, Google AdSense, and maybe even Google Checkout information (unless this information is encrypted).

Category SEO
SEJ STAFF Loren Baker Founder at Foundation Digital

Loren Baker is the Founder of SEJ, an Advisor at Alpha Brand Media and runs Foundation Digital, a digital marketing ...

Google Video Exposing Private Username & Password Information?

Subscribe To Our Newsletter.

Conquer your day with daily search marketing news.