 Google Can Send Spam, Gmail can be used as a Spam Bazooka |
|
|
|
|
  |
 May 13 2008, 03:07 PM
Post
#1
|
|
|
Member [Level 2]  Group: [HOSTED] Posts: 89 Joined: 22-April 08 From: Harare, Zimbabwe Member No.: 61,160  |
For those who are so loyal to Page and Brin that they can't let go of their Gmail accounts. I've got some news for you.
QUOTE INSERT, the Information Security Research Team, has sucessfully created a proof of concept exploiting the “trust hierarchy” that exists between mail service providers. Taking advantage of the way Gmail forwards messages, the team was able to send 4000 messages in a short period of time from a single account without any countermeasures taken by Google. Using Google as an open email relay is highly desierable for spammers because Gmail is trusted by most email providers — making messages sent though Gmail immune to most spam filtering. Since the messages are delivered by Google’s own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable by crafting a proof of concept attack that allowed us to send forged email messages unrestrictedly through Google’s server infrastructure. There has been no official comment by Google on this matter yet, but I’m hoping the problem will be resolved in short order. The vulnerability isn’t as serious as past ones that exposed contact lists, or let attackers steal cookies, but that shouldn’t stop it from being high priority. I got this info from Garet Rogers' blog titled Gmail can be used as a spam bazooka |
 |
 
|
|
May 13 2008, 05:49 PM
Post
#2
|
|
|
Member [Level 2] Group: [HOSTED] Posts: 89 Joined: 22-April 08 From: Harare, Zimbabwe Member No.: 61,160 |
Hey Thanx for that advice. Is it just good practice or it's one of the rules of these forums.
Could that be the reason why one of my posts titled "Carefour sensorship- Google or China" was deleted? Could it be because someone is going around the net getting rid of such info? |
|
|
|
|
May 13 2008, 06:26 PM
Post
#3
|
|
|
Define:EVIL PROGRAMMER (ē'vəl prō'grăm'ər)- n. An organism that converts caffeine into evil software. Group: [HOSTED] Posts: 975 Joined: 25-September 05 From: The dungeon deep below the foundation of trap17 Member No.: 12,251 |
I don't know what much can be done without limiting legitimate users of gmail. I suppose there can be a limit to how much gmail will actually forward but if they set that limit too low, then legitimate users who may just need this feature would be affected. Too high and it won't do too much good. Many people would have already received the spam.
QUOTE(kudmus @ May 13 2008, 10:49 AM)  Hey Thanx for that advice. Is it just good practice or it's one of the rules of these forums. Could that be the reason why one of my posts titled "Carefour sensorship- Google or China" was deleted? Could it be because someone is going around the net getting rid of such info? If you understand anything about how the internet works you'd know that it is impossible for anybody to be "internet police" and "go around the net and deleting stuff". The only real action that could be taken against your website is finding and exploiting vulnerabilities in your server or code, or i suppose if your server was located in a country with no so free speech they could have a warrant to actually take your server away but this doesn't apply to trap17. Your topic was most likely deleted because it was breaking one of the forum rules. |
|
|
|
|
Similar Topics
|
Lo-Fi Version | Time is now: 26th July 2008 - 02:55 PM |