Gmail accounts hacked via unpatched hole

Discussion in 'malware problems & news' started by axial, Apr 24, 2009.

Thread Status:
Not open for further replies.
  1. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    http://windowssecrets.com/comp/090423#story1

     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It appears that some social engineering comes into play:

    Proof of concept released for Google Gmail CSRF flaw
    http://www.securecomputing.net.au/News/138947,proof-of-concept-released-for-google-gmail-csrf-flaw.aspx

    OAuth Security Advisory
    http://oauth.net/advisories/2009-1


    ----
    rich
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    The reason why i use nothing but HTTPS secure connection for my GMail (and any settings within Google features/settings).
    If it doesn't connect in a secure way, i'm not going to use it until it does.
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Google is like a big security hole that is also the reason why several proxy providers generally block google.

    Fact is at the point you connect you are exposed to security risks and all-seeing-eye,
    nowadays there is no possibility to really avoid this and this is wanted by governments.

    HTTPs is one chance to avoid control of secret services and internet mafia but insufficient because you would need enduring encrypted lanes from point a to point b. Too much is intercepted and smuggled between a and b or between your browser and a usual webside like google. They simply attach their virus traffic usually you won´t see that until you take a look.
     
    Last edited: Apr 25, 2009
  5. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    SystemJunkie and RejZoR, apologies if I'm not understanding you, but could you confirm that you're both making the distinction between use of Google as a search engine vs. Google's GMail?
     
Loading...
Thread Status:
Not open for further replies.