I stumbled across a post by a Mark Ghosh, an unhappy orkut user which covers a very basic and age old security flaw within Orkut, a social networking site similar to Facebook / MySpace which is now owned by Google.

Google, one of the largest corporations in the world went through and acquired a whole bunch of online communities and this is all fine. However, should a company of this calibre not be more careful about associating with a website that has such a silly but serious security flaw. A flaw that could probably be resolved within an hour of work. I appreciate that there are probably numerous other issues that the site has…

However, if the security of the site is not given any priority, how can we, as the masses place so much trust into an organisation that we trust to perform our searches, store our emails (GMail), our files(Google Docs) and trawl through our websites to make it searchable and available to the masses?

In all honesty, if Google cannot allocate enough resources to at least fix security issues within its products, perhaps, they should at least shut them down to limit the damage hackers can do to legitimate users.

Sure, if someone falls for a scam and accidentally gives out their password, they end up paying a price but having zero control over being able to resolve it is unacceptable. A user should be able to change their password and know that someone who had your old password can no longer log in…