TweakTown
Tech content trusted by users in North America and around the world
5,922 Reviews & Articles | 38,162 News Posts

Gmail Flaw still there despite patching

Has allowed for personal domains to be stollen

| Posted: Nov 25, 2008 2:18 pm

A new security exploit has been uncovered in Google's Gmail that could be a problem for many domain owners.

 

In an article over at Geekcondition.com they explain that a filter can be forced on unsuspecting Gmail users that can forward certain emails to a remote user. This flaw in Gmail was reputedly fixed by Google but appears to still be active and open.

 

According to the Geekcondition article this flaw has been used to take over domains setup on GoDaddy.com

 

Read more over at TG Daily here.

 

Gmail Flaw still there despite patching

Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge.

 

The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names registered through GoDaddy.

 

To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail. Let's use a current example and assume that I was trying to steal MakeUseOf.com and I already knew it was registered by GoDaddy. Let's also assume that I knew the owner's Gmail address. I would want to create a filter like the one in the image above, where all email sent from GoDaddy Support was automatically deleted and forwarded to my email address.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases