gHacks technology news » gmail security

Google Mail Account Security Tips

Martin — Thu, 29 Oct 2009 16:02:32 +0000

The official Gmail blog has published five security tips to improve the security of a Gmail account. Email security should be one of the top priorities for a number of reasons but especially because other accounts are usually associated with an email account. Just think of all the websites and services that require users to signup with an email address. If an attacker gets access to an email account it would theoretically be possible to request new passwords for those accounts leaving those accounts wide open to the attacker as well. Other options include sending out spam and phishing emails to the contact list or strangers.

Most email users should already be familiar with the tips offered at the Gmail blog. Here are the five tips posted at the website:

Remember to sign out
Be careful about sending certain sensitive information via email
Enable “Always use HTTPS.”
Be wary of unexpected attachments.
Make sure your account recovery information is up-to-date

Two of the five tips (being suspicious of attachments and careful about sending out information) are valid for all email accounts no matter where they are hosted and whether they are accessed from a website or desktop email software. These programs on the other hand make the tips one and three unnecessary. The email recovery tip on the other hand makes sense for all Gmail users. Gmail offers an option to add another email address to the account which can be used to retrieve Gmail login information or retake an account after it has been hacked by an attacker.

Do you think those tips are sufficient to protect email accounts or would you add other tips to the list?

Tags: Email, gmail, gmail login, gmail security, google-mail

Gmail Increases Email Security With Phishing Protection

Martin — Tue, 14 Jul 2009 09:37:08 +0000

Phishing is still one of the biggest security threats that users face on the Internet. It basically means that criminals are sending emails to users that make them believe they are coming from an email sender that they can trust. Most phishing emails pose as emails from financial organizations like PayPal or banks and ask the user to enter user data which will then be “phished” and used to remove money from the user’s account. There are other forms of phishing including the very popular account phishing where attackers try to take over accounts on sites like eBay or games like World of Warcraft.

A new widget has been recently added to Gmail labs that increases email security by offering phishing protection for the two services PayPal and eBay. Emails send by these two services are authenticated by the widget and an authentication icon is displayed in the Gmail interface so that the user can see at first glance that the emails are coming from the original source.

The main advantage of this added layer of phishing protection is that emails that claim to be from either PayPal or eBay but are not will now be deleted before they reach the user’s email account meaning that they will not appear in the spam folder either. Google is hoping to add additional services in the future to increase the reach of the additional email security layer.

Users can add the new phishing protection by logging into their Gmail account, clicking on the Settings link in the top right corner, switching to the Labs tab and enabling the Authentication icon for verified senders widget.

Tags: ebay, Email, email security, gmail, gmail security, paypal, phishing protection

Gmail Sign In

Martin — Fri, 02 Jan 2009 18:45:52 +0000

One of the main questions for privacy and security interested Gmail users is whether they should stay signed in or log out whenever they leave the Gmail website. A Gmail Sign In works for quite some time until the user signs out when leaving the website.

The main problem that privacy interested users have is that Google will recognize them when they use other Google services especially Google Search which can be used to create extensive user profiles. This becomes more difficulty if the user is not signed into a Google service as Google can only rely on cookies or IPs to identify users.

The sign in link is shown in the upper right corner if the user is not signed in a Google service and the mail of the user if the user is still signed in.

There have also been talks about Gmail security vulnerabilities which Google promptly denied. Fact is, there have been several incidents where filters have been set in Gmail accounts of experienced users. Those filters have been used to transfer web domains to other registrars.

Additional Resources:

90 Tools To Make You A Gmail Pro
Gmail Backup
Gmail Mail Notifier

Tags: Email, gmail privacy, gmail security, gmail sign in, gmail sign out, Google, google-mail

New Google Mail Security Vulnerability Emerges

Martin — Mon, 24 Nov 2008 20:33:22 +0000

News about domain hijackings came to light in the last weeks. The commonality was that all victims were using Google Mail as the primary email address of their websites. Yesterday a proof of concept for a Gmail security flaw was posted at the Geek Condition blog which explains how the attacker was able to hijack the domain names.

The attacker basically set filters in Gmail to forward emails from the domain registrar to another email account. To ensure that the account owner would not notice the mails they were set to be deleted afterwards.

Most domain registrars offer web forms that can be used to retrieve account information. Godaddy for instance provides web forms to retrieve the username and reset the password of an account. They do send out emails to the primary email account. Those emails are however forwarded and deleted so that they can only be accessed by the attacker.

The two emails will contain the account’s username and a new password which can be used to log into the account and initiate a domain transfer to another registrar.

The exploit makes use of a specially prepared website to steal the Google Mail cookie from the user to set the filter in an hidden iframe. This is why the account owners were never logged out of their account by the attacker. He never had physical access to the account. But the filter was enough to hijack the domains.

Gmail users should regularly check their Filters to make sure that none exist that have not been added by them. A better solution would be to retrieve the emails from a desktop email client like Thunderbird or Microsoft Outlook instead.No word yet from the Google Mail team about the vulnerability.

Tags: Email, email security, email vulnerability, gmail, gmail security, gmail vulnerability, google-mail, web mail

Tracking Gmail Account Usage

Martin — Thu, 10 Jul 2008 08:41:32 +0000

Google Mail introduced a new feature recently that can be helpful in finding out if someone else has or had access to your Gmail account. The function is a bit hidden in the footer area of Gmail after you log in. Just scroll down to the bottom until you reach the line at the bottom starting with Last account activity.

Gmail provides information about the time of the last login and which IP has been used to login to the account. A Details link is available at the end of the line which opens a popup window with further information.

Activity on this account is the name of the window and it displays the last five activities in a table with information about the access type (pop, mobile, browser), IP of the computer that logged into Gmail and the time.

The page does inform the user on concurrent activity as well and it is possible to sign out all other sessions which can be helpful in numerous cases. The current IP of the user is also displayed in that window making it easier to compare IPs.

This new feature is a great addition to Gmail to increase the security of the system. I would like to see an extensive history though, not only the last five logins but maybe those of the last three months or even year. Users who connect regularly will probably see only connection attempts of the same day in the history.

Tags: Email, gmail, gmail security, Google, google-mail

gHacks technology news » gmail security

Google Mail Account Security Tips

Related posts

Gmail Increases Email Security With Phishing Protection

Related posts

Gmail Sign In

Related posts

New Google Mail Security Vulnerability Emerges

Related posts

Tracking Gmail Account Usage

Related posts