New Google Mail Security Vulnerability Emerges - gHacks Tech News

New Google Mail Security Vulnerability Emerges

News about domain hijackings came to light in the last weeks. The commonality was that all victims were using Google Mail as the primary email address of their websites. Yesterday a proof of concept for a Gmail security flaw was posted at the Geek Condition blog which explains how the attacker was able to hijack the domain names.

The attacker basically set filters in Gmail to forward emails from the domain registrar to another email account. To ensure that the account owner would not notice the mails they were set to be deleted afterwards.

Most domain registrars offer web forms that can be used to retrieve account information. Godaddy for instance provides web forms to retrieve the username and reset the password of an account. They do send out emails to the primary email account. Those emails are however forwarded and deleted so that they can only be accessed by the attacker.

The two emails will contain the account's username and a new password which can be used to log into the account and initiate a domain transfer to another registrar.

The exploit makes use of a specially prepared website to steal the Google Mail cookie from the user to set the filter in an hidden iframe. This is why the account owners were never logged out of their account by the attacker. He never had physical access to the account. But the filter was enough to hijack the domains.

Gmail users should regularly check their Filters to make sure that none exist that have not been added by them. A better solution would be to retrieve the emails from a desktop email client like Thunderbird or Microsoft Outlook instead.No word yet from the Google Mail team about the vulnerability.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. venkat said on November 25, 2008 at 8:08 am
    Reply

    This is really scary news for Gmail users ,now neither email accounts are safe nor Domains .

  2. Thinker said on November 25, 2008 at 2:29 pm
    Reply

    Great ;] Don’t trust anyone in the web :)

  3. GRTerrero said on November 26, 2008 at 2:47 pm
    Reply

    You should let people know that there are several websites that are normally filtered out for deletion by Gmail. Those are safe to leave. Anyone reading this would run to check their GMail filter settings and delete those and be innundated with spam.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.