Comments on: Google GMail E-mail Hijack Technique http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ Information Security Think Tank Mon, 12 Dec 2011 19:56:03 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Gmail touché par une très inquiétante faille 0-day — SecurityVibes Magazine http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-129781 Gmail touché par une très inquiétante faille 0-day — SecurityVibes Magazine Fri, 25 Mar 2011 14:36:41 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-129781 [...] dires. La publication de quelques bribes d’explications et diverses captures d’écran sur gnucitizen.org en disent cependant long sur les risques potentiels encourus par les [...] [...] dires. La publication de quelques bribes d’explications et diverses captures d’écran sur gnucitizen.org en disent cependant long sur les risques potentiels encourus par les [...]

]]> By: La preuve que la sécurité est un échec | Linux-backtrack.com http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-129726 La preuve que la sécurité est un échec | Linux-backtrack.com Wed, 16 Feb 2011 18:38:27 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-129726 [...] sécurité de mes fournisseurs de messagerie (Free, Gmail, etc.). Autant dire pas grand-chose non plus, même si j’utilise de fausses réponses aux [...] [...] sécurité de mes fournisseurs de messagerie (Free, Gmail, etc.). Autant dire pas grand-chose non plus, même si j’utilise de fausses réponses aux [...]

]]> By: Hosting Industry Watch » Google’s Gmail Privacy and Security Policies http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-129724 Hosting Industry Watch » Google’s Gmail Privacy and Security Policies Mon, 14 Feb 2011 19:33:58 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-129724 [...] information by offering a number of industry-leading protections.” Nevertheless, Gmail has been hijacked on numerous occasions, which has led to data theft, data loss, and domain name [...] [...] information by offering a number of industry-leading protections.” Nevertheless, Gmail has been hijacked on numerous occasions, which has led to data theft, data loss, and domain name [...]

]]> By: Internet Industry Watch » Google’s Gmail Privacy and Security Policies http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-129723 Internet Industry Watch » Google’s Gmail Privacy and Security Policies Mon, 14 Feb 2011 19:27:02 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-129723 [...] information by offering a number of industry-leading protections.” Nevertheless, Gmail has been hijacked on numerous occasions, which has led to data theft, data loss, and domain name [...] [...] information by offering a number of industry-leading protections.” Nevertheless, Gmail has been hijacked on numerous occasions, which has led to data theft, data loss, and domain name [...]

]]> By: Ethical Hacking Forum http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-129248 Ethical Hacking Forum Thu, 28 Oct 2010 07:46:41 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-129248 Phishing - Phishing is by far the most used and easiest method. The attacker simply sets up a page that looks exactly like the real email login page and tricks people into entering their login information. Update: Check out the new post on how to create your own phishing page here. Phishing – Phishing is by far the most used and easiest method. The attacker simply sets up a page that looks exactly like the real email login page and tricks people into entering their login information.

Update: Check out the new post on how to create your own phishing page here.

]]> By: video videolar http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128659 video videolar Thu, 15 Jul 2010 22:13:08 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128659 Nicolae, refers can be spoofed, not to mention that you can configure your browser not to send them at all. Therefore, CSRF protection based on refers only is not a solution. The only solution is to implement random tokens per request and store their values within the form you want to check for a CSRF condition. This works and this is what the Google folks tried to do, although their implementation was seriously flawed. Nicolae, refers can be spoofed, not to mention that you can configure your browser not to send them at all. Therefore, CSRF protection based on refers only is not a solution. The only solution is to implement random tokens per request and store their values within the form you want to check for a CSRF condition. This works and this is what the Google folks tried to do, although their implementation was seriously flawed.

]]> By: Janet http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128640 Janet Sun, 11 Jul 2010 05:52:41 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128640 wow i didnt know that was possible! wow i didnt know that was possible!

]]> By: gmaildeki büyük hata! http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128583 gmaildeki büyük hata! Tue, 22 Jun 2010 16:54:03 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128583 [...] içerisinde tekrar hesabınıza girmeye çalışın. Hacklendiğini Anlatan İngilizce Kaynağa burdan ulasabilirsiniz. Gmail’deki Açığın Kapandığını Anlatan Kaynağa ise buradan [...] [...] içerisinde tekrar hesabınıza girmeye çalışın. Hacklendiğini Anlatan İngilizce Kaynağa burdan ulasabilirsiniz. Gmail’deki Açığın Kapandığını Anlatan Kaynağa ise buradan [...]

]]> By: John Woodz http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128573 John Woodz Mon, 21 Jun 2010 05:30:43 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128573 Was once hacked by watever means i dont know but all contact addresses in my account were being send an email using my gmail account by some hacker perporting to be me.! since am a general mind i stopped using gmail was the best i kuld do i hav no idea about java scripting or watever technical terms u talkn here bt i just wana be safe do i doubt technogy en go stone age ! Was once hacked by watever means i dont know but all contact addresses in my account were being send an email using my gmail account by some hacker perporting to be me.! since am a general mind i stopped using gmail was the best i kuld do i hav no idea about java scripting or watever technical terms u talkn here bt i just wana be safe do i doubt technogy en go stone age !

]]> By: web security trends 2010 | From Information to Intelligence http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128541 web security trends 2010 | From Information to Intelligence Sun, 06 Jun 2010 18:56:27 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128541 [...] Another long lasting example that emphases that knowledge is essential to web security is CSRF attacks: Even 4 years after the media put this kind of attack under the spotlight there is still people wondering if it is really dangerous.  If you still don’t believe that it is dangerous, ask the people who had their Gmail account backdoored. [...] [...] Another long lasting example that emphases that knowledge is essential to web security is CSRF attacks: Even 4 years after the media put this kind of attack under the spotlight there is still people wondering if it is really dangerous.  If you still don’t believe that it is dangerous, ask the people who had their Gmail account backdoored. [...]

]]> By: Edward http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128401 Edward Thu, 25 Mar 2010 07:12:09 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128401 2 points. 1. the perp could create the filter temporarily then delete it & repeat etc. how would one know it have ever been there? 2. i just discovered gmail messages can be 'deleted forever' so one may never know what emails have been sent/received. this is not a good idea from Gmail. all historic entries should be traceable from the logs. 2 points.

1. the perp could create the filter temporarily then delete it & repeat etc. how would one know it have ever been there?
2. i just discovered gmail messages can be ‘deleted forever’ so one may never know what emails have been sent/received. this is not a good idea from Gmail. all historic entries should be traceable from the logs.

]]> By: 随心博客 » Blog Archive » CSRF—跨站攻击与防御 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128213 随心博客 » Blog Archive » CSRF—跨站攻击与防御 Mon, 08 Mar 2010 15:39:03 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128213 [...] Google GMail E-mail Hijack Technique, http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ [2] XSS POST Forwarder, http://whiteacid.org/misc/xss_post_forwarder.php [3] CSRF [...] [...] Google GMail E-mail Hijack Technique, http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ [2] XSS POST Forwarder, http://whiteacid.org/misc/xss_post_forwarder.php [3] CSRF [...]

]]> By: Consejos para proteger tu dominio « clipping de internet http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128083 Consejos para proteger tu dominio « clipping de internet Thu, 07 Jan 2010 00:41:49 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128083 [...] de algún sujeto sin escrúpulos. Tal vez el caso mas paradigmático sea el de tonterias.com donde un fallo en Gmail hizo posible que cayera en manos de de quien no [...] [...] de algún sujeto sin escrúpulos. Tal vez el caso mas paradigmático sea el de tonterias.com donde un fallo en Gmail hizo posible que cayera en manos de de quien no [...]

]]> By: А Ñ‚Ñ‹ уверен в безопасности своего gmail? « GCoda http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-128061 А Ñ‚Ñ‹ уверен в безопасности своего gmail? « GCoda Sat, 19 Dec 2009 13:57:42 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-128061 [...] и davidairey езе рекомендую почитать о том как можно было увести ящик на google mail Добавь ссылку к [...] [...] и davidairey езе рекомендую почитать о том как можно было увести ящик на google mail Добавь ссылку к [...]

]]> By: tiesto http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-127843 tiesto Tue, 15 Sep 2009 04:37:27 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-127843 Love You Gmail :p Love You Gmail :p

]]> By: How to Find if Someone is Spying your Gmail Account | Technobuz http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-127664 How to Find if Someone is Spying your Gmail Account | Technobuz Sat, 01 Aug 2009 06:23:00 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-127664 [...] See about the bug/flaw here:Google GMail E-mail Hijack Technique [...] [...] See about the bug/flaw here:Google GMail E-mail Hijack Technique [...]

]]> By: Los agujeros de Google | Geekotic http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-127499 Los agujeros de Google | Geekotic Wed, 17 Jun 2009 22:14:44 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-127499 [...] exploits y agujeros de seguridad que esta sufriendo Google actualmente. Desde un bug de Gmail que permite el reenvío de emails que cumplan determinadas condiciones al atacante hasta uno relacionado con el sistema de encuestas [...] [...] exploits y agujeros de seguridad que esta sufriendo Google actualmente. Desde un bug de Gmail que permite el reenvío de emails que cumplan determinadas condiciones al atacante hasta uno relacionado con el sistema de encuestas [...]

]]> By: rmadeat http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-127467 rmadeat Thu, 11 Jun 2009 15:33:36 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-127467 Quote : Wow, lifesavers, you guys totally rock. My problem is that I think I have a total data stream process on me - from gmail, devart, facebook, google searching - everything. May also have got into or are trying to get into my ISP email. My complete digital footprint seems to have been uplifted and is being taunted back to me on various bogus sites found through combining my various identity markers in google searches. Quote :

Wow, lifesavers, you guys totally rock. My problem is that I think I have a total data stream process on me – from gmail, devart, facebook, google searching – everything. May also have got into or are trying to get into my ISP email. My complete digital footprint seems to have been uplifted and is being taunted back to me on various bogus sites found through combining my various identity markers in google searches.

]]> By: Backdoor Into Gmail « memoirs on a rainy day http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-126225 Backdoor Into Gmail « memoirs on a rainy day Tue, 03 Mar 2009 01:31:32 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-126225 [...] Published March 3, 2009 asides , technology Tags: asides, Gmail, technology There was a backdoor into Gmail. It’s been [...] [...] Published March 3, 2009 asides , technology Tags: asides, Gmail, technology There was a backdoor into Gmail. It’s been [...]

]]> By: Jay http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/comment-page-3/#comment-125946 Jay Fri, 13 Feb 2009 02:50:33 +0000 http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique#comment-125946 Wow, lifesavers, you guys totally rock. My problem is that I think I have a total data stream process on me - from gmail, devart, facebook, google searching - everything. May also have got into or are trying to get into my ISP email. My complete digital footprint seems to have been uplifted and is being taunted back to me on various bogus sites found through combining my various identity markers in google searches. Wow, lifesavers, you guys totally rock. My problem is that I think I have a total data stream process on me – from gmail, devart, facebook, google searching – everything. May also have got into or are trying to get into my ISP email. My complete digital footprint seems to have been uplifted and is being taunted back to me on various bogus sites found through combining my various identity markers in google searches.

]]>