Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Gmail Bug could Forward E-mails to Undesirable Destinations

Google's security system is not stopping hackers too well for a bug in Gmail could let an attacker successfully forward all e-mail messages along with their attachments to a different e-mail address.

UK-based researcher Petko Petkov, who tests penetration possibilities into Web vulnerabilities, disclosed the Gmail flaw on September 25, 2007. PCWorld published this in news on September 26, 2007. Petkov has earned recognition lately when in the 2nd and 3rd weeks of September, 2007, he posted information for the public describing critical zero-day flaws in Adobe Systems Inc.'s PDF (Portable Document Format), Microsoft Corp's Windows Media Player, and Apple Inc.'s QuickTime.

Regarding the Gmail bug, Petkov refused to give details about the flaw. He said attackers could use the filtering feature of Gmail to manipulate the bug. To start with, the attacker would require his victim to open a malicious Website while having his Gmail account on. Petkov called the next stages of the perpetration by the malicious site a "multipart/form-date POST". The malware-laden site would give special HTML command with which files could be uploaded to any of the Gmail program interfaces and then insert a bogus filter into the victim's filter list.

Petkov posted multiple screenshots on a site named Gnucitizen.org to illustrate a specimen of the attack. He warned that even if Google released a patch, the flaw would not be fixed. As long as the bogus filter remains, it would still be possible to forward messages to other addresses. SCMagazine reported this on September 26, 2007.

On September 25, 2007, SCMagazine published that Petkov entreated other researchers not to reveal the details of the flaw till Google repairs it. According to him, the vulnerability on the Gnucitizen blog was extremely nasty.

Google regards its user information security very seriously and it was on the job of developing a patch for the recent vulnerability, said the Mountain View, a California-based search giant. SCMagazine reported this.

The attack uses the cross-site request forgery technique. It had caused trouble for Google earlier too. This year too, Google encountered a similar vulnerability, which exposed Gmail contact lists to security risks.

Related article: Gmail Users at the Mercy of Firefox Exploit

ยป SPAMfighter News - 09-10-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next