The spam buzz on Google Buzz

Feb. 11, 2010

This morning I logged into Gmail to check my mail. Before I could read my messages, I was invited (along with most or all Gmail users) to join Google Buzz, which was rolled out on Tuesday. This is a new social networking tool that Google has created that seems to be part-Facebook, part-Twitter, part-Gmail and part-MySpace. With no time to spend at the moment looking into exactly what Google Buzz was, I hit OK to get through to my email and was notified that Google automatically networked me with 7 people. I just now had time to look back at it and apparently it networked me with some friends who were also Gmail users. Apparently they can see my profile photo (not my smiling face, by the way, but a photo of me flipping an 18-foot raft in a Grand Canyon rapid last summer) and post updates which I see.

Google Buzz -- automatic followers could mean spam attacks

What drew me back to look closer at Google Buzz was this blog post from Mike Geide, a researcher from cloud-computing security firm Zscaler, where Mike details a potential plan of attack on Google Buzz by spammers. Geide points out the wide-open default settings that do little to protect users' privacy. He concludes that:

As a spammer, one could create a network of Gmail accounts connected to Buzz and follow a large number of users, follow their followers, etc. Harvest user names / alias names for those being followed, and do best guess attempts at guessing their email address and start sending test messages. Once a successful guess has occurred, the email address will then be exposed in the Buzz interface validating that the email address exists and is tied to that user.

Mike, thanks for the warning on this, and to Google: Wake up and fix this buzzing privacy issue!


Sponsored Recommendations

Pye-Barker Fire & Safety acquires AMSconnect in Palm Desert, California

This deal marks Pye-Barker's first location in the Coachella Valley region of southern California, enhancing the company's full-service capabilities in the state.

Clearspeed partners with GSOF to combat insider threats with tech

Clearspeed has a long-standing advisory role with GSOF and with the partnership will support the due diligence process for screening new members of the Foundation.

Enea launches Qosmos Threat Detection SDK

The Qosmos Threat Detection SDK was built out of direct feedback and collaboration with customers as a result of a growing need identified in the market.

QuSecure’s quantum-resilient SaaS now available via GSA Multiple Award schedule

This strategic move enhances QuSecure’s commitment to delivering advanced cybersecurity technologies to federal government agencies and the broader public sector.