Friday, 28 November 2008

Gmail Exploit May Aid Domain Hijacking

A vulnerability in Gmail that lets the bad guys access and manipulate filters in your Gmail account has once again reared its ugly head according to a recent post on GeekCondition.

The exploit, similar to the one David Airey was a victim of in December 2007 when his site was hijacked, caught our attention thanks to Philipp Lenssen's post this morning over on Blogoscoped. While the general consensus is that Google had fixed the vulnerability, turns out it's still there.

How the Gmail Exploit Works

It begins when you visit a malicious site while logged into Gmail. Whether the link is initiated through your Gmail account or not, the malicious site can access your internal credentials.

The malicious site then, unbeknownst to you, can create an automatic filter that diverts your e-mail to a different e-mail account. Given all this happens on Google's mail servers, you are none the wiser until you look at your filters. A detailed write up about this process is available at GeekCondition: Gmail Security Flaw Proof of Concept.

Along with gaining access to private messages, this exploit once in place compromises all future e-mails in your Gmail account. MakeUseOf points out that if your Gmail details are registered as the contact details for any domain registrations, your domain can be hijacked and held to ransom by the use of account recovery and password resetting tools on your domain host account without your knowledge.

No comments:

FEEDJIT Live Traffic Feed