Google is rolling out a patch on their servers to fix the Google calendar and contacts sidejacking issue we talked about in a recent Sunday editorial. This will require no user action, and even your carrier won't be able to stop it so they can put Bing on it first.
To review: there is a bug (that was fixed in Gingerbread) that lets an attacker have potential access to your Google calendar, contacts, and Picasa account if you log in on an unsecure Wifi network. Because there are about a gazillion phones affected, and many of them will never see Gingerbread, the server-side fix is welcomed.
We don't know the exact details of the fix, but a statement by Google says:
Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.
We still say the bug should have never made it out to users in the first place, but a speedy resolution is always good. Just don't forget about Picasa while you're playing in the server code, Google.
- Filed under: