Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Social flaws / vulnerabilities in 'Last account activity' on Gmail
From: AaRoNg11 <aarong11 () gmail com>
Date: Sat, 20 Sep 2008 21:47:55 +0100

If the job was that sensitive of a job, do you really think they'd be using
gmail to send important information?

On Sat, Sep 20, 2008 at 7:00 PM, n3td3v <xploitable () gmail com> wrote:

On Sat, Sep 20, 2008 at 6:36 PM,  <redb0ne () hush com> wrote:
No, not time to "scrap this feature".


Yes time to scrap this feature, its pointless. Once they are in the
account, they have gotten what they wanted, they don't care if a fake
IP address is left in the 'Last account activity' list.

The only thing the 'Last account activity' list feature really does is
reveal the victims IP addresses.

Someone who has broken into a Gmail account, the last thing they care
about is being reported to Google!

People think hackers just want to sit stealth and read emails, thats
not always true, usually they are after one specific thing, or in this
case a list of IP addresses, they don't care if the victim changes the
password after seeing a fake IP address in the 'Last account activity'
list. They've already gotten what they came for and left.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
Aaron Goulden
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]