Chris: Geek Guy

I have been using Gmail since its early invite-only beta days in 2004. As explained by Google, they were involved in a dispute over the use of the Gmail name in the UK, so they were forced to rebrand the UK service to Google Mail in 2005. Existing UK users were allowed to keep their @gmail.com address (although the logo on the Gmail interface switched to the new Google Mail logo), while any new customers were assigned a @googlemail.com address.

Fast forward to today and it appears that Google have reached a settlement, as they have rebranded back to Gmail in the UK. Effective immediately, new UK users will again be able to sign up for @gmail.com addresses, while existing users will be able to choose whether to switch or to keep their old @googlemail.com addresses. The Google Mail logo will also be phased out and replaced with the Gmail logo.

This doesn’t really mean much in the grand scheme of things, as whether the “official” email address (as displayed in the Gmail user interface and in the From field of all sent emails) is @gmail.com or @googlemail.com, the domains are actually interchangeable, but it’s still a good step forward which will eliminate a lot confusion.

The only country in which the Google Mail brand now exists is Germany, where there is an ongoing dispute between Google and the owners of German company G-Mail. Maybe Google will now look to resolve this and be able to offer Gmail as a truly global brand.

Be the first to comment on this post

When I saw today’s The Register article, “Argos buries unencrypted credit card data in email receipts“, I immediately logged into my Gmail account to see if I had been affected.

It didn’t take me long to find an email receipt from an order placed in April 2009, and was able to see the problem first-hand.

Near the bottom of the email is the wording “We take security of your details seriously. We may send you emails from time to time, but we would never send an email asking for your log on or card details. See online security for further information.” The underlined words point to a page on argos.co.uk via an URL of some 1600 characters – ironically, this is where the problem lies:

http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosStatic
PageSecondLevel?includeName=Security.htm&langId=-1&storeId=1
0001&catalogId=1500001501&returnToURL=PlaceOrderProgressView
?storeId=10001&cardnumber=****************&houseNumber=*&val
idationno=***&readtsandcs=on&availableDeliveryOrder=********
**&LockDelAddressAsBillAddress=false&startmonth=&paymentAddr
essId=*********&javascriptEnabled=true&contactAddressId=****
*****&orderId=**********&creditPlanId=&unavailableDeliveryOr
der=**********&delcity=RUGBY&SCSNum=03&com.ibm.commerce.cont
ext.experiment.ExperimentContext=com.ibm.commerce.context.ex
perimentimpl.ExperimentContextImpl@63656e2a&switchno=&emailT
ype=HTML&vatReq=N&voucherCode=&catalogId=1500001501&creditPl
anShortText=&address2=&address1=**********&delpostcode=*****
**&cardtype=VISAD&FFM2011461168=5&POnumber=&deliveryAddressI
d=*********&langId=-1&startyear=&eccvValidated=Y&paymentName
=MR C BARNES&delHouseNo=&addressId=*********&delcounty=Warwi
ckshire&fromView=DeliveryOnlyPaymentInfo&SECURE_ACTION_RESUL
T=7&postcode=*******&SECURE_ACCEPT_CARD=Y&country=United Kin
gdom&town=RUGBY&endyear=****&isInstantCredit=false&endmonth=
**&issueNo=&nor=0&foundValidBinCardType=valid&address=******
********************&instantCreditOtherCard=true&instantCred
itOrder=N&county=Warwickshire&jspStoreDir=argos&delPostcode=
&continue.y=15&continue.x=108&cardholder=***********&argosIm
pl=1&deladdress2=****************

Obviously I’ve redacted my personal details, but the actual text contains my full unencrypted card number, CVV code, expiry date, name as printed on the card and address – basically all the information needed for an identity theft attack. Not only was the information transmitted in clear-text when the email was sent, but the link provided is a standard insecure HTTP link which, if I were to click it, would once again transmit the information in the clear.

A PC Pro story on the same subject credits the find to reader Tony Graham, whose credit card details had been used fraudulently. While there’s no evidence to link this incident to the Argos breach, my card details were also misused by fraudsters around the time of my Argos order, so this could be more than a coincidence.

My email receipt from a subsequent order made in July last year didn’t seem to expose these details, so presumably the problem had been resolved by then. Nevertheless, I would hope Argos have the decency to contact all customers that may have been affected, making them aware of what has happened and urging them to check their statements carefully.

View all 6 comments or add your own

Thunderbird has the somewhat strange default behaviour of starting replies below the quoted message. Fortunately there is an option to change this, and I’m mentioning it here as it’s a little hidden away and I had trouble finding it myself.

Click Tools (from the menu bar), then Account Settings. Now choose Composition and Addressing which appears under your account name on the left. Underneath Automatically quote the original message when replying (which should be checked) you can then change start my reply below the quote to start my reply above the quote. Easy as that!

Be the first to comment on this post