Gmail Security Flaw Proof of Concept

To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail. Let’s use a current example and assume that I was trying to steal MakeUseOf.com and I already knew it was registered by GoDaddy. Let’s also assume that I knew the owner’s Gmail address. I would want to create a filter like the one in the image above, where all email sent from GoDaddy Support was automatically deleted and forwarded to my email address.

Read more from GeekCondition.com

What’s Travelling on the Wire (part 2)

Besides the “normal” attacks we’ve seen, the longest ones appear to be FTP dictionary-based attacks. These can take up to several minutes or more, as in some cases we’ve seen attacks with 10,000+ passwords.

Aside from the usual passwords (mostly common names/words) we’ve seen birthdates, comic books/movie characters (anyone fancy Batman, Spiderman or Shrek ? :D ), and even Internet browser names as passwords. As a concern for some admins, some of the commonly used passwords like “q1w2e3r4” were in the lists.

Read More from Microsoft® Malware Protection Center