Derek Kessler of PreCentral.net just disclosed some very interesting information on their blog.

Apparently, putting his Palm Pre, which so happens to have a Touchstone back cover, caused his MacBook Pro to go into sleep mode.  This is because Apple’s mechanism for sleep mode is initiated by magnets; so when Derek’s Pre hit the right palm rest of his MacBook – it turned off.

So this is just a reiterated warning from me, an owner of a Pre, to be careful where to place this little puppy.  Magnets do not play nice with computer electronics.  Until it is determined how strong these magnets are, refrain from placing the phone (Pre) anywhere near your computer.

Here is Derek’s explanation:

As you know, the Touchstone charger and associated induction back use built-in magnets to align and secure the Pre to the charger. The magnets on the charging “puck” are the more powerful of the sets, but those in the Pre’s back could be strong enough to cause problems if inadvertently placed. I write this post because this morning after I was awakened by my Pre’s daily alarm, I grabbed the phone, killed the alarm, grumbled on the way to my computer (a MacBook Pro that crunches numbers through the night), and then set the Pre on the right palm-rest area (no pun intended) of the laptop. To my bemusement, the computer immediately went into sleep mode. So I pushed the power button on the laptop, it turned back on, and after a second went back to standby. “This is odd,” I said to my empty living room, so I turned it on again. And it turned off again.

Oh wait – that’s right, the MacBook uses a magnet to activate sleep mode.  Whoops.  Although the magnets on the Touchstone battery door are fairly weak (far too weak to disrupt a hard drive, one hopes), I imagine that it’s possible that they could disrupt other bits and bobs in a way similar to what happened to my MacBook.

The first thing that comes to mind is credit cards and access/ID cards. Every credit card and most state/federal/corporate ID’s have a magnetic strip across the back that can be disrupted by magnetism. Thankfully, since these cards’ magnetic strips only need to be written once, they are what’s called high-coercivity strips and are thus not very coercive to magnetic interference (as tested by Mythbusters). But hotel room key cards are a different story; they use low-coercivity strips to allow easy and quick rewriting for new customers, and are thus prone to failure in the face of magnetism. You or somebody you know has had a hotel key card stop working and the only explanation you (and the front desk) could conjure was that your cell phone had killed it. Most cell phones don’t even have magnets and yet are capable of causing wanton key card destruction, let alone the low-but-powerful-enough magnets in the Touchstone back.

So I believe I have found a security hole in Google’s login systems, and why they need to unlink usernames with YouTube accounts, or they need to at least address this issue.  I’ll be brief.

Say you have a Google Account.  Say your other friend has a Google Account.  These two accounts are independent of each other, as in they have different User Names and Passwords.  Now, say that one of you, lets say here that its you, who creates a YouTube account to share with me.

This is a very common circumstance.  I have about 3 different accounts in YouTube that I share with other people, it makes it convenient to maintain the account, especially if its a busy one.

So here is the security hole: if I log into this ‘Shared” YouTube account, all I need to do is head on over to Gmail and waalaa! I’m now in your Gmail.  I have full access, and I can poke around all you want, without you knowing except for that little IP log at the bottom of the Gmail window.  I could do some real damage  and snooping.

This is a serious issue, please unlink the accounts.  Email is rarely shared, YouTube accounts are.

UPDATE: This is the response from Google about this issue.  Apparently these accounts were linked, and this is just the nature of the Google Accounts system.  I agree with the security team, there is no large risk, but this is still a problem in my opinion.

From Google:

Thank you for the clarification, and for helping me figure out the
nature of the problem.

As you noted, the user in fact disclosed his Google account password
to you, along with an “alias” on YouTube. This alias serves simply as
a nickname for his canonical account with Google, and the password
could be readily used to access services such as Google Mail or Google
Docs without the need to rely on YouTube at all.

Although the fact you gained access to all Google services by logging
in via YouTube with this alias may sound somewhat counterituitive to
people less accustomed to a variety of Google services, I believe
there is no security risk. As noted, you could have used the same
password, and his canonical account name, to simply log in at:

https://www.google.com/accounts/Login

…to gain access to the same services. Canonical account names are
not a secret, and could be easily discovered, e.g. through the YouTube
UI itself.

Now, it goes without saying that sharing your password with other
parties is usually not a good idea, for a number of reasons; if this
can’t be avoided, we would recommend creating a separate Google
account for this purpose.

My Short Rebuttal:

Absolutely Sir, I will add to my blog post now.  I have to say though, that it would not be a bad idea to give Google Account’s access permissions.  This would also prevent something confusing like this from happening.  The basic fact is, while your correct there is no large security risk, this user (my friend) had no intention, nor any indication (according to him) that he was allowing me to access his Gmail without his explicit consent.  Just something to consider…

I would like to praise Google right now, for their quick response time, and detail centered approach.  This encounter with them was exciting in its short life span.  Onward…