Bios Password

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, November 23, 2008

All Over Gmail: Like Stink on a Skunk

Posted on 12:41 PM by Unknown

It’s not the Shine…

If you are a Google Gmail users and unless your ISP has been down, you probably haven’t been able to miss the newest eye-candy rolled out this week to you.

Spice up your inbox with colors and themes – Official Gmail Blog

Google starts rolling out Gmail themes - Download Squad

Gmail: Gmail Updates Its Look, Adds Themes – Lifehacker

Gmail gets pretty, oh so pretty, with new themes – TechBlog

When the dust had settled and I had run through all the offerings with Alvis hanging over my shoulder, we both settled on the “Shiny” theme.

Lavie remains on the fence at the moment.

It’s about keeping safe from stink…

I’ve noted here in the past that I am a bit overprotective when it comes to Web accounts.  I always follow the following procedure when active on a secure website…say for checking my Gmail or doing on-line banking.

  1. Close out my current browsing session.
  2. Open a fresh browsing session window.
  3. Use a pre-saved and inspected bookmark URL to go immediately and directly to the web-account in question I intend to log into.
  4. Log in and conduct my business, remaining only on the host site or any cross-linked pages only.
  5. When done with my secure session, I log out.
  6. I delete both my cache files as well as any saved form data.
  7. I shut down my browsing session window.

From there I open a fresh session and begin my general web-surfing again.

I know it is a drag to do that, but this is a key layer in trying to avoid any page-exploits or XSS shenanigans.  And as tied as I am to my Gmail account (a weakness in itself) I must disciple myself in not remaining logged in to my Gmail/Google sessions when I go browsing across the web.

Check your Gmail Filters…Regularly!

Case in point, I’ve now had to add an 8th step to the list above:

  • Check my Gmail “filters” to ensure they are mine and mine alone.

One of the blogs I follow is MakeUseOf.  It always has great freeware and how-to tips.

Recently they were hacked and lost their domain.

I encourage you to read the great details of their post-attack assessment.

BREAKING: New Gmail Security Flaw. More Domains Get Stolen! - MakeUseOf.com

What became clear is that Gmail was one key factor in the subterfuge.

How the attack actually was implemented is still a matter of some discussion; is it a new non-disclosed Gmail flaw? It is a variant of an existing one? Maybe none of the above?

One very interesting (and disturbing) angle can be found in this awesome Gmail Security Flaw Proof of Concept post from Brandon at Geek Condition blog.

Regardless of your interest in any of these things I believe Brandon makes one very clear and important point for ALL Gmail users to follow:

What you should do if you have a Gmail Account?

Check your filters and make sure that nothing seems out of the ordinary. If you’re using Firefox, you can download an extension called NoScript which helps to prevent you from becoming a victim of one of these attacks. Overall, though, be cautious.

To check your Gmail filter rules, log into your Gmail account and select “Settings” 

Filters1

Then select “Filters”

Filters2

And now examine your Filters closely to make sure they are what you have set and expect. 

Filters3

If not then delete any ones that shouldn’t belong, change your Gmail password immediately, and start the damage assessment and mitigation process depending on what you find.

The end-result of this attack, however it occurs, is that the user is completely unaware that important and critical emails are being deleted and/or routed to the hacker/exploiter without the owner even being aware.  They continue to log into and use their Gmail account, blissfully unaware of all the traffic and danger speeding in and back out of their account. (This of course assumes the Gmail owner hasn’t completely lost the keys to their Gmail account and the violator broke into their account and actually changed the password on them.  In that case, things get even worse!)

So check those email/Gmail filters, and check them often!

Related posts and perspectives:

I’m sure there will be more on this story and “exploit” as security folks dig deeper.  So stay tuned for details.  In the meantime, the following might not be as effective as tomato-juice, but might be a good place to continue from.

Using filters – Gmail Help Center

Stealing Domains via GMail - Sûnnet Beskerming

Malicious Setting Up of Filters in Gmail? – Google Blogoscoped

Hacking Security Researchers -  - Sûnnet Beskerming

Be safe.

--Claus V.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Gmail, Google, security | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Finally! Time to Post! New material list
    After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule a...
  • Oscar watch Linkpost
    Alvis and Lavie are watching the Oscars tonight and I’m along for the ride. I wasn’t able to come even close to getting out some of the pos...
  • New Year’s Day - First Post 2011
    Same day I came out with my first post after a long drought, I fell upon this article Blogging Seems To Have Peaked, Says Pew Report over a...
  • Utility Gumbo
    There’s a lot in this pot.  Probably something everyone can find to enjoy. I’m serving it up tonight out of the back of the truck on the s...
  • iodd : Multi-boot madness!
    Like many computer technicians and responders, I seem to always have at hand a collection of bootable media; CD’s, DVD’s, USB-HDD’s, flash m...
  • Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found
    A few weeks ago a new release of Ubuntu came out. Naturally that meant it was update time! I have been getting pretty good at this now so ...
  • Interesting Malware in Email Attempt - URL Scanner Links
    Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used t...
  • Windows 8 Linkage: A Bit Behind the Ball
    CC attribution: behind the eight ball by Ed Schipul on flickr . OK. Confession time. I’m more than a bit exhausted this weekend. Besides a...
  • Lego MiniFig Extravaganza
    picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “l...
  • This Week in Security and Forensics: Beware the cake!
    Cube Party! image used with permission from John Walker at "rockpapershotgun.com" Yeah, the cake is a Portal thing.  Let’s d...

Categories

  • Active Directory
  • anti-virus software
  • Apple
  • architecture
  • art
  • AVG
  • Blogger
  • blogging
  • books
  • boot-cd's
  • browsers
  • cars
  • cell-phones
  • cheat sheets
  • Chrome/Chromium
  • command-line interface
  • cooking
  • crafts
  • crazy
  • curmudgeon
  • DHC
  • Dr. Who
  • E-P1
  • Education
  • family
  • Firefox
  • firewalls
  • For the Gentleman
  • forensics
  • Gmail
  • Google
  • graphics
  • hacks
  • hardware
  • humor
  • hurricanes
  • imagex
  • Internet Explorer
  • iOS
  • iPhone
  • iPod
  • iTunes
  • Kindle
  • Learning
  • Link Fest
  • Linux
  • malware tools
  • Microsoft
  • movies
  • music
  • networking
  • NewsFox
  • NFAT
  • Nook
  • Opera
  • organization
  • PDF's
  • photography
  • politics
  • PowerShell
  • recipes
  • Remote Support
  • RSS
  • science
  • Scripting
  • search engines
  • security
  • Shuttle SFF
  • software
  • Texana
  • Thunderbird
  • troubleshooting
  • TrueCrypt
  • tutorials
  • utilities
  • VBscript
  • video
  • Virtual PC
  • virtualization
  • viruses
  • Vista
  • Vista mods
  • wallpapers
  • Win FE
  • Win PE
  • Win RE
  • Windows 7
  • Windows 8
  • Windows Home Server
  • Windows Live Writer
  • Windows Phone
  • writing
  • XP
  • XP mods
  • Xplico

Blog Archive

  • ►  2013 (83)
    • ►  November (8)
    • ►  October (8)
    • ►  September (14)
    • ►  August (6)
    • ►  July (10)
    • ►  June (10)
    • ►  April (11)
    • ►  March (6)
    • ►  February (7)
    • ►  January (3)
  • ►  2012 (96)
    • ►  December (8)
    • ►  November (4)
    • ►  October (9)
    • ►  September (8)
    • ►  August (12)
    • ►  July (4)
    • ►  June (3)
    • ►  May (7)
    • ►  April (13)
    • ►  March (3)
    • ►  February (5)
    • ►  January (20)
  • ►  2011 (41)
    • ►  December (8)
    • ►  November (7)
    • ►  September (4)
    • ►  August (4)
    • ►  July (2)
    • ►  June (6)
    • ►  March (5)
    • ►  February (1)
    • ►  January (4)
  • ►  2010 (69)
    • ►  December (1)
    • ►  October (3)
    • ►  September (2)
    • ►  August (13)
    • ►  July (17)
    • ►  June (3)
    • ►  May (3)
    • ►  April (3)
    • ►  March (11)
    • ►  February (1)
    • ►  January (12)
  • ►  2009 (177)
    • ►  December (20)
    • ►  November (11)
    • ►  October (7)
    • ►  September (7)
    • ►  August (21)
    • ►  July (17)
    • ►  June (7)
    • ►  May (18)
    • ►  April (9)
    • ►  March (17)
    • ►  February (23)
    • ►  January (20)
  • ▼  2008 (35)
    • ►  December (23)
    • ▼  November (12)
      • Security and Forensics Roundup: Heavy Version
      • Windows Registry Tricks and some Processing Treats
      • Three Quick Bits
      • All Over Gmail: Like Stink on a Skunk
      • Microsoft Link Dump: Load #4
      • Firefox 3.1b2 Watch
      • Absent today, on to “Morro”; MS’s coming free AV tool
      • Linkfest – Nov. 16, 2008
      • Browser Bullets
      • Windows 7 News Roundup #3
      • Security Simmerings…chunky style goodness
      • Saturday Diversions
Powered by Blogger.

About Me

Unknown
View my complete profile