Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Jul 10, 2011

Sneaking into Google+ uninvited

After seing reports on Twitter that "everyone" now was on Google+, and not having received an invite e-mail myself, I had an intense feeling of being left out. So yesterday, I started tinkering.

There's been several ways into Google+, just after the launch the reports were that a Google+ user could share something with you, and you were offered to join Google+ to see the shared content. Along came also the possibility for Google+ users to invite people directly (which led to people selling their invites). To get in line for Google+, you could also sign up at the Google+ website. I had signed up, and turns out I had also been invited by two friends (I was in their circles already), but without receiving a notice from Google. I was curious to find out what was behind the signup screen shown below, so I had to do something!


I figured I'd use Google to find a way in. After all, Google tends to find all the stuff you don't want it to index such as PGP private keys or your customer password database. After five minutes of tinkering with URL's and poking around with various searches on Google, I found a link that let me instantly register for Google+!


Here's a link to the search on Google. I basically needed to figure out the signup url, and then find a valid Google+ invite key. Interestingly, the search results have changed over night, here's today's result:


There's even a hint in today's search result: gpinv=myinvitekeyithink! But unfortunately, none of today's links seem to get the job done. But here's the result from clicking on yesterday's link:


I'll just have to thank Nguyen for inviting me. I have no idea who this is. And I have no idea why a direct invite link on his behalf was searchable in Google. Anyhow, I clicked Join to confirm that I was finally accepted into Google+. Success!


So! What to do now? We should probably try a hangout!

Some final considerations
"Borrowing" the invite from Nguyen was in the grey area, but it was the only way to confirm that a simple Google search would provide me with a shortcut into Google+. Despite him being mentioned on the screen where I joined, I'm not connected to him on Google+ in any way. He's not in any of my circles, I'm not in his. If that was the case I would have reported it to the Google security team immediately.

Other Google+ users also claim to have bypassed the queue, I believe they've used other techniques than the find-a-link-on-Google approach (not sure what they've done).

I have also notified Google about the issue. And now you!

If you stumble upon a security issue in a Google website you should take a moment to read their Google security and product safety webpage and report the issue.

No comments:

Post a Comment

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2015. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts