Not much of a find, but the firefox4 app for android transmits your google accounts email/password in plain text when receiving an email from the gmail application service. This is viewable with the DOM-inspector add-on, and can also be seen by anyone using wireshark, ettercap, etc.
Still, not much of a (new) risk imo, seeing as you have to already be on the users network to sniff the packets. posted a picture here, as I didnt know where else to: http://img861.imageshack.us/img861/6466/ff4e.png
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
