What is Digg?Warning: The Content in this Article May be Inaccurate
Readers have reported that this story contains information that may not be accurate.174 Comments
- inactive, on 11/22/2008, -11/+295I'm starting to think that Kimberrliehotgrl22 isn't going to show me her pics, even after I gave her my gmail pw...
- jbus, on 11/22/2008, -20/+295I don't see any proof that this is a gmail issue.
- inactive, on 11/22/2008, -17/+129Wait a minute.. So what's the security flaw? Oh, you mean didn't find one? Then why the ***** is it titled this!?
That's a half-assed investigation if I ever saw one, and is far from adequate enough to start throwing around accusations of vulnerabilities... But.. the guy has TWO firewalls (and probably a moat)! It must have been an outside factor because this guy obviously knows his ***** about security.
I bet they both lived in the northern hemisphere, too.. but that doesn't mean the northern hemisphere has security vulnerabilities. - arizonagroove, on 11/22/2008, -7/+109BREAKING! Starting story titles with BREAKING! makes you look like a jerk.
- inactive, on 11/22/2008, -8/+82I bet they all used QWERTY keyboards, too! Get the word out! QWERTY keyboards are behind 99.9% of all hacks!
My point is, as the more ubiquitous things get, the less viable the are for use in correlation. A HUGE amount of people use Gmail and a HUGE amount of people use GoDaddy for domain registrations.. and a HUGE amount of people use QWERTY keyboards. - GeeksAreSexy, on 11/22/2008, -3/+66In all cases, it seems like the attacker used a technique to inject code to add some filters and an email redirect inside the victim's gmail account. If you read the article, you'll see that all the victims have kept access to their account after the domain was snatched away.
- below413, on 11/22/2008, -3/+55You can't hack me I have Norton!
- Skysurfer27, on 11/22/2008, -12/+57Buried as sensationalist B.S.
- Aupajo, on 11/22/2008, -13/+53*Thread Hijack*
Please RTFA before Digging. This should stay OFF the homepage until there's any credible evidence that there's any exploit at play here, before people start panicking or getting the wrong idea.
There is nothing in the article that proves anything other than about a half-dozen email accounts were obtained with malicious intent. This happens ALL THE TIME. There's any number of ways someone could have exploited other sites to obtain their password, for instance.
There's no credible evidence that Gmail has anything to do with this, nor that it has an exploit. It's just one thing (of many) that the victims share in common. How they've tied this to Gmail is laughable.
Don't start a panic ***** over anecdotal, unproven evidence. - iJump, on 11/22/2008, -2/+39Correlation != Causation
- esengulov, on 11/22/2008, -13/+44Indeed there is no hard evidence that it's a Gmail issue, BUT Gmail IS a common factor in all 3 cases. The way hack was carried out also seems very similar to how it happened in the past with David Airey, so I presume there is an exploit in Gmail.
- SupaFlyTNT, on 11/22/2008, -5/+34Dude uses 2 firewalls...im questioning his credibility with that statement alone.
- eigenweasel, on 11/22/2008, -1/+26It appears that verbs are being stolen, too.
- richeemxx, on 11/22/2008, -3/+28Gmail is a common factor, as is GoDaddy. Its hard to tell how those would be related but I could see a possible phishing scheme. Its interesting that someone would steal away the domains but not lock out either of the accounts.
- ManuelF, on 11/22/2008, -2/+26Here is another thread about same attacker :
http://www.namepros.com/domain-name-discussion/528 ...
He used that ip when he parked domain 75.127.117.18
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
NetRange: 75.127.64.0 - 75.127.127.255
CIDR: 75.127.64.0/18
NetName: GNAXNET
NetHandle: NET-75-127-64-0-1
Parent: NET-75-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
Comment:
RegDate: 2007-06-18
Updated: 2008-01-14 - colonelxc, on 11/22/2008, -2/+24Until a gmail flaw is confirmed (and actually, do this regardless), make sure your gmail is always encrypted (settings->"always use https"). It is trivial to steal someone's webmail cookie without full encryption turned on (if they are in a position to sniff the traffic, like say at a coffee shop).
- DigitalisAkujin, on 11/22/2008, -3/+24Show me proof that it's Google's fault and not yours. 99% of these things happen because of the user.
Personally I like eNom (http://www.enom.com/).
They are pretty cheap, and provide an excellent API/interface. It's all around good stuff compared to the AOL like bloatness of GoDaddy. - inactive, on 11/22/2008, -3/+20Oh.. I guess I lost your info. Sorry.
- Aupajo, on 11/22/2008, -1/+17As opposed to discovering their passwords using any number of means? I'm staying sceptical.
- laserdog, on 11/22/2008, -5/+21This article makes Occam cry.
- cyssero, on 04/18/2009, -2/+16Have to agree, the 2 firewalls bit sounded completely stupid. Maybe he's referring to a application firewall and a hardware one? Hopefully. Not that either do very much against any serious threat, but that would make more sense (software and inbuilt rules/blocking at physical level).
- lolwaffle, on 11/22/2008, -6/+19Off topic, but I think that website really needs to up the quality on the export settings for their logo. It's pixelated like hell.
- richeemxx, on 11/22/2008, -2/+15After checking more details it would seem that this might be related to that old cross-site scripting vulnerability that was found and supposedly fixed last year. The addition of filters to the accounts in question would be exactly what that exploit did. The hijacker could have simply added filters for whichever registrar in question and sent himself the reset info
- gbhall, on 11/22/2008, -0/+12Anyway people, I would still like to see this guy get caught!
- Cglass, on 11/22/2008, -6/+17No Gmail problem here, probably just got a trojan or was phished somewhere else with some crappy mod you downloaded.
- AManWithNoName, on 11/22/2008, -0/+10There isn't PROOF, not yet, but in each incident, the cracker made it into the Gmail account, and added filters to it. Gmail is involved in some way, and the most obvious way is that they broke into the Gmail, and found a password or something to help them crack the domain.
Like I said, it's not proof, but it is something, and it's better that they go public with this information now before it's too late. - socokoolaid, on 11/22/2008, -4/+14Ok. For all of you that didn't read the whole article or comprehend what happened, I'm going to lay it out for you. This is not a security flaw in GMail, per say, but a fundamental issue caused by leaving your email, or other account, opened while surfing the web. This is in the same ball park as XSS (Cross site scripting), session hi-jacking, and cookie stealing.
As an adept commenter posted earlier : http://en.wikipedia.org/wiki/Cross-site_request_fo ...
To put it simply, while you are logged into a site, your computer has authority to your account, not just that web page your logged into. If you go surfing the net, any site you go to could potentially have a request on it's page, or create a many request using a client side script embedded on it's page, that automates anything you could do with your logged in account without requiring something the script/request doesn't know. Like without requiring you to submit your password again.
Additionally, if you choose "Remember Me" when you log on, your log on credentials/session are typically saved in a cookie. Every site you visit has access to all your cookies. Although this type of action usually requires a client side script (JavaScript, Flash, etc), a malicious site could grab your cookie. It could then automatically use it's contents to preform similar actions on your account, or send it back to the hacker. It could then be used to steal your session or crack your password.
The moral of the story: Don't leave any important site logged in while you surf untrusted web sites. Use FlashBlock and NoScript. Use 'Clear Private data when I close my browser', set it to clear cookies, passwords, and all. After doing something important, explicitly click 'Log Off', then close your browser, before doing anything else. - geoboy, on 11/22/2008, -0/+9Or just use a .png image instead. I hate when people export simple graphics as .jpg images.
- davin510, on 11/22/2008, -3/+12Chill out. While i agree that there isn't any proof that gmail was responsible for the breaches in the article, I do appreciate the author's attempt to bring light to a sketchy situation and attempt to get to the bottom of a scam.
People seem to forget that google is a faceless organization (can you name one person that works day-to-day on gmail security?) and as such, does not have incentive to investigate every single security complaint. So even if there is a serious security hole in gmail, they may not have the motivation to find it because people like you blindly follow and support whatever they do, even if it's at the detriment of the end-user.
So what does this article accomplish? Well it puplicizes a possible flaw in gmail security and get's google to, hopefully, search for it (haha get it, cause it's a search company). They either find that gmail is not at fault, or find a serious security hole and fixes it. Scenerio A, nothing changes to your beloved gmail. Scenerio B, gmail is improved and your email is now more secure.
Of course, I don't really expect you to fully appreciate this article until you remove google's throbbing ***** outta your mouth. - MissingFeature, on 06/11/2009, -1/+10More details about how the vulnerability is exploited, if Aibek's guess is right
http://en.wikipedia.org/wiki/Cross-site_request_fo ... - colonelxc, on 11/22/2008, -1/+10I think on digg it would be a much more unusual thing to find people who didn't have themselves, or have friends that had both gmail accounts and websites.
- migcmc03, on 11/22/2008, -11/+19WHAT?! UNREAL!!! craziness people!
- mitch37, on 11/22/2008, -7/+14THREE PEOPLE GET THEIR PASSWORDS STOLEN. HENCE GMAIL IS FLAWED.
- dogson, on 11/22/2008, -4/+11Everybody panic, start the fear machine.
- shotgunefx, on 11/22/2008, -1/+8Agreed, BUT, Google could do some stuff to reassure our peace of mind regardless of this particular instance. I would LOVE to see the Account Activity log have more then 5 measly entries. If someone did hack someone's account, even by the own person's stupidity or some other vector, if you didn't notice it right away, it's lost (at least to the user).
Since I went to sleep and woke up, just by having the window open, it's already filled the log with my same session, just sitting here and being open. I personally would love to be able to occasionally peruse it and look for anomalies, but I'm that type of guy. - rancidpony, on 11/22/2008, -1/+7Maybe the hack takes advantage of a gmail browser plugin? You are already logged in via the plugin & can perform certain operations through your ID. No password changes required. This could happen in either firefox or IE.
http://tech.slashdot.org/article.pl?sid=08/11/21/2 ...
This is speculation, but I feel it is one avenue that should not be ignored. Especially considering his claim that the activities involved Google APIs. - peterdangit, on 11/22/2008, -2/+8127.0.0.1
- livejamie, on 11/22/2008, -2/+8GMail could fix this by simply asking you to confirm password when setting a filter that deals with an external email address.
Or maybe even having a notification the first time a filter is used that deals with an external message. Something unobtrusive like the notification that themes were here in that yellow box at the top - tha'd be nice even for peace of mind for myself.
This notification could be disabled with a user's password as well - if it's a filter you're intending to run. - socokoolaid, on 11/22/2008, -1/+6PEBKAC vulnerability. Problem Exists Between Keyboard And Chair.
- Hurricane, on 11/22/2008, -2/+7LMAO @ DMZ reference.
OMG - socokoolaid, on 11/22/2008, -2/+7RTFA
- AlxRymnd914, on 11/22/2008, -2/+6Don't be a Pussy! It looks legit.
- otros, on 11/22/2008, -0/+4@n0vember: the use for filters, if you have the password, is to hide the domain steal. If you take notice, the filters specify to skip the inbox, so the real user doesn't get the godaddy emails, etc.
- blackhorus, on 11/22/2008, -0/+4http://www.gnucitizen.org/blog/google-gmail-e-mail ...
..Link states that vulnerability was fixed before 28 September 2007....is there another hijack technique ? - qwuinc, on 11/22/2008, -0/+4That's what the article speculates. Time to check your filters again and start using NoScript.
- courtewing, on 11/22/2008, -1/+5It seems to me that google can easily fix this problem by simply allowing users to lock their filters and only allow them to unlock them for editing if the user's password is re-entered? It's not at all uncommon for sites to have similar double-layers of security for modifying any "sensitive" account settings.
- toomuchpete, on 11/22/2008, -2/+6That's what this guy guesses, but we don't have any other evidence to support that theory. We don't see URLs of sites that do it, example code, or anything else that would serve as proof. We have some people who lost their domains and happen to use gmail.
Yes, the people retained control of their account, but that hardly means anything. If you were putting together a 2 month plan to steal someone's domain, you wouldn't lock them out of their email -- that's a good way to get exposed before your plan is done.
We also don't know if this guy has stolen the domains of people not using gmail. Absence of evidence, however, is not evidence of absence. - ihaveasteak, on 11/22/2008, -2/+6You obviously forgot that there are no girls on the internet
- Blandyman, on 11/22/2008, -3/+7GIVE ME YOUR IP ADDRESS I'LL HACK YOU!
- Optimalspin, on 11/22/2008, -0/+4Very thorough reporting.
I'll make sure not to be logged into ANYTHING when I visit unfamiliar websites. Something tells me that this POST injection scheme could work on any number of websites to do similar things.
Cheers! -
Show 51 - 100 of 178 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is