A few days back codinghorror reported (
Link) Gmail account hacking backdoor in the popular mail archiving software G-archiver(
Link). This application allows you to download and backup all emails from your gmail account. But apparently the developer included the code to send an email to his email ID with all usernames and passwords.
The following is the screenshot posted by codinghorror.
When I attempted to download the software, I found this note (
Link) and the download seems offline.
Quote:
What happened with G-Archiver?
It has come to our attention that a flaw in the coding of G-Archiver may have revealed customer's Gmail account usernames and passwords.
It is urgent that you remove the current version of G-Archiver from your computer, and change your Gmail account password right away.
What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version.
We sincerely apologize and assure you that this coding mishap was in no way intentional.
We'll be releasing a new version that corrects the flaw in version 1.0. The new version will be available very soon.
|
In order to analyze the code I searched a bit and found a download link here:
http://files.brothersoft.com/e-mail/...iver_58027.zip
Here is what I found:
Interesting isn't it?
Btw. Do Not use any software asking for your online account credentials. Not only Gmail but Orkut, Ebay etc etc.