|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
12-25-2007, 10:35 PM
|
#1 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Did the GMail backdoor cause the ePass break-ins?
Saw this thread about the guy losing his domain because of Google's security problems with GMail... http://www.gofuckyourself.com/showthread.php?t=794845
I think a possible relation to the ePass hacks deserves it's own thread. So those of you who had money stolen out of your ePass account, did you at the time have a GMail email address listed at ePass? If so, prior to October 1st all you had to do was visit the website of a scammer while logged into GMail in another window. The security flaw allowed the scammers to set up your GMail account to forward certain emails to them. Emails such as "i forgot my password" requests. |
|
|
|
12-25-2007, 11:05 PM
|
#2 |
|
Damn Right I Kiss Ass!
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,420
|
No.. This dipshit used Internet cafes in India of all places and didn't expect the owners or other clients to install key loggers and other shit.
|
|
|
|
|
12-26-2007, 12:01 AM
|
#3 | |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Quote:
This is the third major CSRF security flaw at GMail this year alone. The first was fixed early in the year and allowed your contact list to be seen by anyone: http://www.cyber-knowledge.net/blog/...ist-hijacking/ Then shortly later more flaws were found that allowed access to all sorts of things: http://blogoscoped.com/archive/2007-01-12-n73.html The third known flaw is the one we are discussing now: http://searchsecurity.techtarget.com...274261,00.html Considering Google's spotty record on CSRF issues, it seems as if the only protection is to either log out before accessing any other website or just stop using GMail entirely right now for anything serious. We can only speculate on how safe their system currently is or if these flaws will continue to surface in 2008. |
|
|
|
|
|
12-26-2007, 12:07 AM
|
#4 |
|
Let slip the dogs of war.
Industry Role:
Join Date: Jan 2003
Location: Bermuda
Posts: 17,263
|
Damn google has to be really careful, soon Minusonebit will get on them and then they're done for.
__________________
. |
|
|
|
|
12-26-2007, 12:09 AM
|
#5 |
|
Confirmed User
Industry Role:
Join Date: Sep 2007
Location: Los Angeles
Posts: 2,706
|
gmail is new, hotmail and yahoo all had their fair share of exploits
__________________
www.SwiftNode.com |
|
|
|
|
12-26-2007, 12:34 AM
|
#6 |
|
Confirmed User
Join Date: Jan 2006
Location: Canada
Posts: 5,025
|
The ePass break-ins happened because a traffic seller had an unprotected, unencrypted list of his customer's usernames and passwords on his site.
The link got out and it just so happens that loads of dumbass webmasters used the same username/password combo for the traffic site as they did on ePassporte.
__________________
|
|
|
|
