G-Archiver steals your passwords (and CUBOCC)

It's IT Blogwatch: in which we ponder the risks of downloading random shareware. Not to mention a spooky Japanese viral...

Dustin Brooks worries:

I was looking for a way to back up my gmail account to a local drive. I've accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I'll give it a try ... What I came across was quite shocking ... I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned. more

Philipp Lenssen has sage advice:

Brooks, who reverse-engineered the software and found the creator’s user name and password, was shocked to see 1,777 such messages with user credentials when logging in to John’s account. He then went ahead and deleted all these messages, changed John’s password, and contacted Google support ... If these reports are true, it’s another lesson that in general it’s bad advice to provide your Google account credentials to any other place than google.com as seen in your browser address bar – not in desktop apps, not on other domains, not on new windows popping up claiming to be google.com etc.. more

Jeremy Wagstaff is cautious:

This is indeed scary, although it's possible that the person behind it wasn't collecting the passwords for nefarious purposes ... it's intriguing to take a look at how legitimate this one program appears, and how little those websites helping in its distribution have vetted it. I found copies at Download.com (owned by CNET), despite a commenter pointing out it steals passwords, Shareware Junkies, BrotherSoft, Softpedia, ZDNet, Download3000, FreedownloadsCenter, the excellently named Safe Install and Filedudes. more

Michael Arrington wonders what to think:

These users should have known better than to type their email credentials into a third party service, so sympathy levels are at a minimum. But there is a much bigger problem to consider. Gmail is the entry point into a vast array of Google office services - including Google Docs and Google Apps. Those services allow users to share documents with others. If one user’s email credential become compromised, all of those sensitive documents become available to the bad guys, too. So if a single user’s credentials become known, the business they work for is at risk ... [However] Google Apps allows authentication mechanisms that require more than just a password. more

Alex Brie learns from others' mistakes:

Holy ****! I think this is the most devious phishing method I ever saw - convince poor suckers to download and even pay for your phishing spyware. I’m not using G-Archiver but have input my passwords in many other programs, trusting them to do what they claim. Such a story makes me quite a bit more paranoid. more

Russ Mate is "absolutely horrified":

MateMedia is a legitimate company and we are absolutely horrified that this has occurred. We have removed from our websites all links to the software, and will be requesting any download sites that are hosting the software to remove it immediately. We are in the process of notifying our customers, and we're investigating this matter with our software development team. more

But Rushi "DevilsEnigma" Vishavadia speaks plainly:

This is highly unethical behavior ... John Terry ... is pure scum and needs to be dealt with. more

And finally...

• Weird, hypnotic, bizarre [hat tip: Idiot Toys, which may not be safe for work]
• More of this malarkey
  

Buffer overflow:

• Standards Blog: An OOXML BRM Resource Page
• Paul McNamara: Zaibatsu: The Ted Williams of Digg notches No. 3,000 ... and he hits .400, too
• Roland Piquepaille:UK government sponsoring computer games?
• TUAW: Macworld posts "Mac snobbery?" video
• Sizlopedia: 10 Most Useful Adobe AIR Applications
• Kristen Nicole: When an Interview with Zuckerberg turns into a Revolt

Other Computerworld bloggers:

• Seth Weintraub: Apple takes well-aimed jabs at RIM/Blackberry
• Robert L. Mitchell: iPhone frozen out in Minneapolis
• Mike Elgan: Amazon: What are you hiding?
• Mike Elgan: Great gadget ruined by form factor
• David DeJean: Why Web standards in IE 8? It's done so well without them
• Mark Hall: White House CIO even less credible
• Douglas Schweitzer: Spammers conviction stands
• Angela Gunn: Trademark troll experiences epic fail
• Shark Tank: Now you see it, now you don't
• Shark Bait: Wizard of Oz

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You too can pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• SDK and Exchange for iPhone (and not mush-room left)
• Steve Jobs hates Flash (and Ada luvs Chaz)
• Office Live Workspace ready for beta testing (and WoMP)