In: , , , ,
On: 2007 / 12 / 25
Shorter URL for this post: http://ozh.in/gr

This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability.

Short story: it was (seems it's fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to evilguy@evilhost.com any email containing the word "password" and you're pretty much stealing everything from everyone. Long story: David's experience, or just the technical proof of concept and explanations.

Number one item on your to do list: check your Gmail filters right now and see if there is any suspicious forward you can't remember setting up.

Shorter URL

Want to share or tweet this post? Please use this short URL: http://ozh.in/gr

Metastuff

This entry "Gmail Vulnerability: Has Your Account Been Compromised?" was posted on 25/12/2007 at 11:20 pm and is tagged with , , , ,
Watch this discussion : Comments RSS 2.0.

5 Blablas

  1. David Airey says:

    Thanks so much for helping spread the news.

    It's a set back for me, but I know I can recover in a stronger position than before. Especially with the help of people like you.

    Have a wonderful xmas and an even better new year!

  2. lad madrigal says:

    a really really scary story.

    i'm checking my filters now.

    wishing you a prosperous new year!

    have a nice day ahead!

  3. CiberNite says:

    My Gmail Account has been compromised and hijacked. The person who hijacked my account has gained access to personal information, bank, other accounts… They have threatened my familly.

    I have been trying to contact google and have them shut down or restore the account to myself. I have sent them as much information as they would require. However for over a week now nothing has been done. I am still recieving emails and threats for this other person under my gmail account.

    Pretty sad when other companies such as ebay, paypal where eager to assisst yet i cannot get any response from google security

  4. Jeffery says:

    Someone gained access to my facebook account and deleted information. I changed my password and everything, but is there anything else I can do to find out what hapened or who or what was behind it?

  5. Ozh says:

    Jeffery » Sure: you can cry, pray, revolt, or even ignore everything.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Gravatars: Curious about the little images next to each commenter's name ? Go to Gravatar and sign for a free account
Spam: Various spam plugins may be activated. I'll put pins in a Voodoo doll if you spam me.

Read more ?