Yesterday I spoke about the security of domains names. In both cases it the domain hijackers gained access to the bloggers Gmail account and added some filters to direct their email elsewhere.
GNUCitizen claimed that the hackers used a multipart/form-data POST to gain access to the Gmail account but yesterday Google claimed this wasn’t the case.
Chris Evans from the Google Online Security team said :
With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords.
These fake sites had no affiliation with Google, and the ones we’ve seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.
I’m sure most of you are aware of what Phishing is. Hackers have been very successful using this method with PayPal by sending users to non PayPal sites.
I’m glad that Gmail is secure and that no one can just hijack an account from scratch. The best advice for Google users is to be careful about the links you open and always run your entire session using https.
incorrect! the GNUCitizen articles provides a description of a real vulnerability which was fixed an year ago.
Thanks for clarifying Tom. I was under the impression that it was the same problem (thats the impression I got from madeuseof.com).
This is kinda elusive. I think MakeUseOf posts described owner as security savvy person running antivirus, firewall, etc… I find hard to beleive such person is going to blindly click phishing link and give away login and password.
And why bother with filters if you have password and complete access to account, why not just change password?
Oh well, not first and not last scary story.
I had a couple of poeple ask me about the https:// issue, asking how they do that, maybe it's an idea to let people also know how to do this.
For those who read this, if you use gmail, go to settings, and its on the bottom of that page, there is a "always use https://" box to tick, tick it and the problem should be solved.
Hope it helps those who are a little unsure of how to do it.
Rob
Just came across your blog, you have some very interesting information on it! I wish that every blog I came across was as in depth as yours! Hopefully you keep posting such quality work!
Deflecting all blame yet again. Way to go Microsoft – err – Google – err……….
To
Kevin Muldoon
Thanks for clarifying Tom. I was under the impression that it was the same problem (thats the impression I got from madeuseof.com).
It's not madeuseof.com it's makeuseof.com
Any way thanks for your information….