News about domain hijackings came to light in the last weeks. The commonality was that all victims were using Google Mail as the primary email address of their websites. Yesterday a proof of concept for a Gmail security flaw was posted at the Geek Condition blog which explains how the attacker was able to hijack the domain names.
The attacker basically set filters in Gmail to forward emails from the domain registrar to another email account. To ensure that the account owner would not notice the mails they were set to be deleted afterwards.
Most domain registrars offer web forms that can be used to retrieve account information. Godaddy for instance provides web forms to retrieve the username and reset the password of an account. They do send out emails to the primary email account. Those emails are however forwarded and deleted so that they can only be accessed by the attacker.
The two emails will contain the account’s username and a new password which can be used to log into the account and initiate a domain transfer to another registrar.
The exploit makes use of a specially prepared website to steal the Google Mail cookie from the user to set the filter in an hidden iframe. This is why the account owners were never logged out of their account by the attacker. He never had physical access to the account. But the filter was enough to hijack the domains.
Gmail users should regularly check their Filters to make sure that none exist that have not been added by them. A better solution would be to retrieve the emails from a desktop email client like Thunderbird or Microsoft Outlook instead.No word yet from the Google Mail team about the vulnerability.
Related posts:
Google Mail Account Security TipsWhy you should always log off Gmail
Use Mail Goggles to Avoid Sending Embarassing Mail
Connect Evolution to Google mail and calendar
Thunderbird Tip: Import and Export Mail Filters
Gmail Increases Email Security With Phishing Protection
Gmail Enables Mail And Contact Import For All Gmail Accounts
Gmail Website Down ? Get your mails anyway
4 Responses to “New Google Mail Security Vulnerability Emerges”
Trackbacks/Pingbacks
-
[...] The exploit for Gmail hacking was posted some time ago, as covered at GHacks.Net [...]
This is really scary news for Gmail users ,now neither email accounts are safe nor Domains .
Great ;] Don’t trust anyone in the web :)
You should let people know that there are several websites that are normally filtered out for deletion by Gmail. Those are safe to leave. Anyone reading this would run to check their GMail filter settings and delete those and be innundated with spam.