Veechaar-The Insight:A blog on Web2.0,Technology,Internet

November 26, 2008

Google explanation on security vulnerability in Gmail

Google said phishing emails are responsible for domain hijackings  and they claimed that there is no evidence of a Gmail vulnerability.

According to Google the cause was a phishing scheme  . Google had found out this with the help of affected users. Google  explained the modus operandi –

“Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we’ve seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.”

Reagrding Gmail CSRF bug Google has said that there was a Gamil CSRF bug in september 2007 that they fixed in 24 hours and after that there was no such bug as reported .

Advertisements

3 Comments »

  1. Great Blog! Very helpful information about Gmail security. I learned a lot from it, keep it up!

    Comment by Website Design — November 29, 2008 @ 8:19 am

  2. […] Google explanation on security vulnerability in Gmail « Veechaar … […]

    Pingback by » Security News Roundup: New Vulnerabilities Discovered Right … — December 12, 2008 @ 6:32 pm

  3. […] Google explanation on security vulnerability in Gmail « Veechaar … […]

    Pingback by Weekly Fbi Update on Scams and Scammers. — December 19, 2008 @ 11:45 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: