Thread: Why you should always log off Gmail
View Single Post
  #1  
Old 12-28-2007, 12:53 AM
Snuffy's Avatar
Snuffy Snuffy is offline
Elite Members
  
Join Date: Nov 2006
Location: S.W. Kansas
Posts: 2,841
Snuffy is on a distinguished road
Send a message via MSN to Snuffy
Exclamation Why you should always log off Gmail
permalink

Why you should always log off Gmail
Today, December 27, 2007, 9 hours ago | Martin
Let me narrate a story to you. A story of someone who has an Gmail account and a domain registered to his name. This someone checks his Gmail account regularly and visits other sites afterwards. It is so convenient to stay logged in at Gmail in case you want to check again. Maybe Gmail is open all the time in another tab for even further comfort.

While on vacation in India this someone received some very disturbing news from some of his friends telling him that something was wrong with the domain that he was owning. It was not loading his website anymore but redirecting to another website he never heard of before.

He investigated the matter and discovered, that he was no longer the owner of the domain name which happens to be his name dot com. First he thought that the domain might have expired but soon thereafter he discovered that a Gmail hack had been used to change the owner of the domain name.

It works like this. If you stay logged in at Gmail and visit a prepared website afterwards your Gmail filter list can be altered. In this case all mail from the domain provider was forwarded to another mail account and deleted at Gmail. The new password request was forwarded to the hacker who was then able to initiate the domain transfer at the webhoster.

Since all mails regarding the transfer were immediately redirected and deleted the victim had no idea on what was going on. The only possibility would be if he would have logged into the webhosters website and take a look at the tickets that had been created to transfer the domain.

You can read the long version on David Arey’s Website. This hole has been fixed apparently but filters that have been set before can still be in place. If you use Gmail you should check your filters asap and make sure that they have not been altered in any way.

Since this is probably not the last security hole you should make sure that you always log off when you are finished. Another possibility would be to use an email program like Thunderbird instead.

http://www.davidairey.co.uk/StaticPage.html

__________________
The only Stupid Question is the one you failed to Ask!
Beta Tester since Pre Win 95.
Reply With Quote
Sponsored Links
 
Page generated in 0.08536 seconds with 9 queries