google

Saturday, November 29, 2008

Gmail from Google.com Could Be Exploited Aiding the Hacking Of Domains - 26 Nov 08

A recent post on GeekCondition claims that a Gmail vulnerability, that was supposedly repaired actually was not, and your account could potentially be vulnerable to hijacking and malicious attacks.

In December 2007, David Airey was a victim of this exploit when his website was hijacked. Google claimed to have repaired this vulnerability, however it apparently still exists.

It all starts when you are logged into your Gmail account and visit a malicious website. It does not matter whether you have clicked the link via your Gmail account or not, the malicious site is capable of accessing your internal credentials.

Instantaneously and without your knowledge, the malicious site is able to create an automatic filter that diverts your e-mail to a different e-mail account. You can view a detailed description of this at GeekCondition: Gmail Security Flaw Proof of Concept.

Not only can the exploit gain access to your private e-mail, it is also capable of compromising all future e-mails from your account.

In the event that your Gmail details are registered as the contact details for any domain registrations, then your domain can also be hijacked and held to ransom by the use of account recovery and password resetting tools on your host account without your knowledge or permission.

What can you do about this? You can check your e-mail filters and make sure that IMAP is disabled. Don’t use Gmail as your contact e-mail for any information that is sensitive. You should also change the e-mail details on any sensitive accounts you might have. When you register a domain, make sure you upgrade to a private registration. Do not open e-mail links unless you know the individual who sent it.

Another good idea is to encrypt your browser connection, a feature that is actually available on the main settings page in Gmail. Google has not yet commented on the issue. For now, it is up to you to protect yourself.

No comments: