Results 1 to 3 of 3

Thread: Gmail accounts compromised via unpatched hole

  1. #1
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Unhappy Gmail accounts compromised via unpatched hole

    "Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch.

    There are steps you can take to reduce the risk of using a webmail account, but it appears that the usual tricks won't solve the Gmail problem until Google fixes the software.

    The weakness that researchers say afflicts Gmail, a free e-mail service hosted by Google, belongs to a class of attacks known as cross-site request forgery (CSRF, pronounced "sea surf").

    Besides Gmail, CSRF holes affecting YouTube, Netflix, and NYTimes.com have also been found and repaired in the past. CSRF attacks use security flaws in cookies, password requests, and other interactive Web components to intercept communications between your browser and a Web site's server.

    The first report of the Gmail problem within security circles was written by Vicente Aguilera Díaz of Internet Security Auditors (ISA) on July 30, 2007. The next day, ISA issued an alert and included a proof of concept illustrating how the exploit could be used to change a Gmail account password.

    After more than a year during which, according to ISA, Google was repeatedly contacted privately about the problem researchers publicly released a detailed description of the exploit on March 3, 2009, according to a Secure Computing article.
    ....."




    more:

    Gmail accounts hacked via unpatched hole

    --
    advice: log in to your Gmail account via HTTPS, it will be difficult that crackers may steal your password or other personal data
    Last edited by leofelix; 24th April 2009 at 03:45.

  2. #2
    nitinagarwal1988's Avatar
    nitinagarwal1988 is offline Microsoft MVP
    Join Date
    Jan 2009
    Location
    Pilani, India
    Posts
    1,570

    Default

    i use hotmail, i think it is the most secure web based email service, whats google is doing in this case??

  3. #3
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    I have moved all my email to live.com because I do not trust google now and if I am honest when looking the Live application are great now and seem to be getting better all the time. I also think it is very secure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22