Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Fwd: Comments on: Google powers up users' Gmail security arsenal
From: n3td3v <xploitable () gmail com>
Date: Tue, 8 Jul 2008 19:46:29 +0100

---------- Forwarded message ----------
From: newsgroup <newsgroupnewsgroup () googlemail com>
Date: Tue, Jul 8, 2008 at 7:31 PM
Subject: Comments on: Google powers up users' Gmail security arsenal
To: n3td3v () googlegroups com

by n3td3v  July 8, 2008 11:23 AM


Not all users with access to your Gmail account want to change the
password, they want to read emails stealthily and thats all. Raising
suspicion by letting the victim know you're there isn't something they
want to do.

If they kicked you out and changed the password they wouldn't be able
to read your emails anymore, hence why they don't kick you out and
change the password.

You've got to remember why people break into web mail accounts in the
first place, its not to steal your account, its to read emails and
gather intelligence.

However, this feature is pointless in the sense of detecting if the
government is snooping, as the government monitor your Gmail account
in different ways.

This feature is only going to detect low-level snooping by bedroom
teens, criminals and stalkers.

The end game is, the government are still reading your web emails and
won't show up on this system.

It is a stupid feature in the sense its giving gullible Gmail users a
false sense of security in that, if they see no rogue IP addresses
logging into their Gmail account, that they think no one is snooping
and reading their emails, that isn't the case.

This system won't detect government snooping, the government simply
send a national security letter to Google Mail and they are granted
full access to backend visualisation stats, graphs and other neat
features to watch everything thats going on with your Gmail account.

You can probably bet this system purposely ignores known government
addresses anyway in an agreement between the government and Google, so
yeah completely misleading system this is.

All the best,



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]