Gmail Exploit May Aid Domain Hijacking

-
A vulnerability in Gmail that lets the bad guys access and manipulate filters in your Gmail account has once again reared its ugly head according to a recent post on GeekCondition.

The exploit, similar to the one David Airey was a victim of in December 2007 when his site was hijacked, caught our attention thanks to Philipp Lenssen's post this morning over on Blogoscoped. While the general consensus is that Google had fixed the vulnerability, turns out it's still there.

How the Gmail Exploit Works

It begins when you visit a malicious site while logged into Gmail. Whether the link is initiated through your Gmail account or not, the malicious site can access your internal credentials.

The malicious site then, unbeknownst to you, can create an automatic filter that diverts your e-mail to a different e-mail account. Given all this happens on Google's mail servers, you are none the wiser until you look at your filters. A detailed write up about this process is available at GeekCondition: Gmail Security Flaw Proof of Concept.

Along with gaining access to private messages, this exploit once in place compromises all future e-mails in your Gmail account. MakeUseOf points out that if your Gmail details are registered as the contact details for any domain registrations, your domain can be hijacked and held to ransom by the use of account recovery and password resetting tools on your domain host account without your knowledge.

Comments

Post a Comment

Popular posts from this blog

Access Pay sites without payment or authentication

-
Guys, This is to Access pay/registration required sites for free I do not know if this will work with every site on the internet plex. but it worked on many sites for me. All what you need to do, is to make your web browser distinguish itself as Google Bot All of us have seen Google returns search results that lead to sites that require a registeration ?, How googlebot index the site without a registration ? Many sites want their site indexed in google to recieve more hits and thus, make more money with advertisment on their site. Even more interesting is the following question: How do we use this to our advantage ? It is Simple , we need to disguise ourselfs as the googlebot, many sites will let you in without authentication/registration. The parameter we have to change is called the User Agent. The user agent defines the browser and version that you use. For example it would show Internet Explorer as your browser if you are using this one. You need to alter your Browser settings to t
Read more

116 Open Source Application that you can use

-
Below is a list of Open Source application that I used/tried/researched. Please share your experience with us and add your application as well. 3D Animation Editor 1. White_Dune This 3D modeler and animation tool allows users to read, display, and perform low-level editing tasks on VRML97 files. VRML97, which stands for "Virtual Reality Modeling Language," is the current industry standard for displaying 3D animations on the Web. Operating system: Linux/Unix, OS X, Windows. Address Book 2. Rubrica Written using GNOME and GTK+, Rubrica stores contact information as XML data. It can import/export from a variety of formats, including GnomeCard, KAddressbook, Evolution, and csv file format. Operating system: Linux/Unix. Audio Tools 3. Audacity Audacity allows users to record live audio, convert tapes and records to digital formats, or mix pre-existing digital audio tracks. Supported formats include Ogg Vorbis, MP3, and WAV sound files. Operating system: Linux/
Read more

Complete HD Image Backup, Acronis Open Source alternate

-
Image
This Post to complete on Ghost Open Source alternate . It is called SNAP Backup, Snap backup makes a complete backup of your HD to a central server, it support incremental,differential. List Of Features One Click to Perform a Backup Configurable Settings Runs on Most Platforms (Including: Mac OS X, Linux, Solaris, and Windows) Supports Multiple Languages Support all Operating Systems (Linux,Windows , Mac) I may say that is is Aconis Open Source Alternate Screen Shot of the Client is below Link for SNAP Backup Utility h3r3.  .
Read more