The Service Desk » Blog Archive » Gmail Security Flaw Proof of Concept

23
Nov

by JeberNo Comments »

Gmail Security Flaw Proof of Concept

Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge.

The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names registered through GoDaddy.

To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail.

Brandon has written an informative article on this exploit over at geekcondition.com.

If you use Gmail, have filters set up and have a domain registered with GoDaddy you should read the full article. Then I’d recommend you immediately change hosts. My dislike of GoDaddy is documented elsewhere.

enjoyed this post? share with others:

This entry was posted on Sunday, November 23rd, 2008 at 3:47 pm and is filed under Information, Security. You can follow any responses to this entry through the RSS 2.0 feed.

Trackback URL

search The Service Desk

follow me on twitter

@BillP Of interest? http://www.cfr.org/publication/22832/internet_governance_in_an_age_of_cyber_insecurity.html
21 hours ago

join me @

Join the forum Join the forum

November 2008
S	M	T	W	T	F	S
		Dec »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Disclaimer

All data and information provided on this site is for informational purposes only. The Service Desk makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site & will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.All information is provided on an as-is basis.

Disclosures regarding products that have been supplied to me in return for a review or reviews for which I have received compensation in any form will be made on a post-by-post basis. Where there is no disclosure you can be assured the review or post is not a result of compensation.

I do the best I can to make sure nothing posted here is factually inaccurate, harmful, dangerous, disturbingly juvenile or riddled with malware.

But you're ultimately responsible for your own security. Scan downloads with your own AV software. Don't attempt procedures that are beyond your comfort level or level of knowledge. Limit your risks. Sometimes it's best to wait before trying a new service or application. Sometimes it's best to turn off the computer and spend some time with your friends. If you have none, get outside and meet some, or even better, go to your local humane society and adopt a new friend.

Sign-up for My Newsletter
Every month you'll be informed, challenged and entertained
Name:
Email:

Your email address will never be shared or sold.
Powered by Optin Form Adder

Sign-up for My Newsletter
Every month you'll be informed, challenged and entertained
Name:
Email:

Your email address will never be shared or sold.
Powered by Optin Form Adder

Gmail Security Flaw Proof of Concept

enjoyed this post? share with others:

leave a comment

search The Service Desk

follow me on twitter

join me @

Analog Timekeeper

Meta

Jeber’s Journal

Security

Categories

Books you may enjoy

Free Software

Use Apture on your site

Archives

Join Me @

My RL shop on Facebook

Me on Facebook

QR Code

Disclaimer