Jump to content


Photo

Gmail Users Read

Sorry if this is already up, but better safe than sorry

25 replies to this topic

#1 CyberPunkGunner

CyberPunkGunner

    Member

  • Members
  • 79 posts
  • Location:New York City

Posted 20 August 2008 - 05:27 PM

There is a tool being released by a reverse engineer in two weeks that
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe.

http://it.slashdot.o...433206&from=rss

excerpt:
A tool that automatically steals IDs of non-encrypted sessions and
breaks into Google Mail accounts has been presented at the Defcon
hackers' conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users
to permanently switch on SSL and use it for every action involving
Gmail, and not only, authentication. Users who did not turn it on now
have a serious reason to do so as Mike Perry, the reverse engineer
from San Francisco who developed the tool is planning to release it in
two weeks.


To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.
  • 0
You were born a winner
You were the fastest sperm.

#2 Spartan 117

Spartan 117

    Member

  • Members
  • 72 posts
  • Location:TWIN CITIES

Posted 20 August 2008 - 05:30 PM

GEEEZ thank you for sharing!!. I use gmail, wait so this tool will let people hack into your account and read your emails or something?
  • 0
The enrichment center reminds you that the weighted companion cube cannot speak. In the event that it does speak, we urge you to disregard it's advice.

#3 g-force

g-force

    Member

  • Members
  • 345 posts

Posted 20 August 2008 - 05:32 PM

GEEEZ thank you for sharing!!. I use gmail, wait so this tool will let people hack into your account and read your emails or something?

No probably more like send out bad messages and use your account to spam people.
  • 0
QUOTE(Carbon @ Jul 28 2008, 03:25 AM) View Post

My god, you actually built it. To that, all I can say is, "bravo".

Chubbs

#4 NerfCrazy

NerfCrazy

    Member

  • Members
  • 497 posts
  • Location:Minnesota, 55422

Posted 20 August 2008 - 06:09 PM

GEEEZ thank you for sharing!!. I use gmail, wait so this tool will let people hack into your account and read your emails or something?

No probably more like send out bad messages and use your account to spam people.


That and steal personal information such as an address some one emailed you.
  • 0

#5 Galaxy613

Galaxy613

    Member

  • Members
  • 999 posts
  • Location:USA, Woodbridge, VA

Posted 20 August 2008 - 06:31 PM

Thanks for sharing, I just changed my bookmark and changed that setting. B)
  • 0
[Former Caretaker of the Guru Mk2]

#6 Aimless

Aimless

    Member

  • Members
  • 169 posts

Posted 20 August 2008 - 10:16 PM

Thanks for the heads up.
  • 0
It makes the world go round.

#7 Blacksunshine

Blacksunshine

    Member

  • Members
  • 948 posts
  • Location:WA

Posted 21 August 2008 - 03:45 AM

Great info. Good looking out. But I thought as soon as you logged in it automatically put you in HTTPS mode. I will have to look more closely when I next log in. But yes to those that are wondering if someone has access to your email they can send your passwords from your online banking and Ebay and paypal and other important sites and have full access to your important data. And possibly access to your financial accounts.
  • 0
Forgive my spelling and grammar. I post from my cell phone a lot. Sometimes when I'm on the can at work.

#8 VACC

VACC

    Vacc is Legend

  • Founders
  • 3,265 posts
  • Location:New York
  • State:New York
  • Country:United States

Posted 21 August 2008 - 06:54 AM

NOT MY G-LIFE!!!!!!

Thanks for the heads up. It's very much appreciated.
  • 0

#9 Talio

Talio

    Not your mother

  • Contributors
  • 2,781 posts

Posted 21 August 2008 - 10:33 AM

Done. Thank you sir.

Talio.
  • 0
New posts on my blog, check it out. - Click on the ad too, cause I get money per click. Give back to the Admin team for once!

#10 nerfsharpie6

nerfsharpie6

    Member

  • Members
  • 326 posts
  • Location:New Jersey

Posted 21 August 2008 - 11:12 AM

Thanks for the heads-up.

The whole point of and encrypted or "secure" server is to provide basic security for people who don't want an open area connection to be eavesdropped on (port listening). They can be cracked, hacked and broken down by people who know what they are doing. Its just to provide temporary security for temporary connections to their secure network or server. I personally encrypt all files in and out of my computer to prevent a third party from snagging information.

Blacksunshine: It does put you into HTTPS mode only until you enter your inbox. If you didn't turn it off you get a message asking if you would like to show all insecure items on the page (adverts,scams,spam pics.)
  • 0
We hang our flags and banners of victory off of your dead bodies.

#11 Blacksunshine

Blacksunshine

    Member

  • Members
  • 948 posts
  • Location:WA

Posted 21 August 2008 - 01:11 PM


Blacksunshine: It does put you into HTTPS mode only until you enter your inbox. If you didn't turn it off you get a message asking if you would like to show all insecure items on the page (adverts,scams,spam pics.)


Just logged in and noticed that.
And changed settings so that it always uses HTTPS.
  • 0
Forgive my spelling and grammar. I post from my cell phone a lot. Sometimes when I'm on the can at work.

#12 One Man Clan

One Man Clan

    TOFTS

  • Contributors
  • 2,170 posts
  • State:New Jersey
  • Country:United States

Posted 21 August 2008 - 02:01 PM

Not to highjack the thread, but has anyone else who uses Google for everything and Firefox for browsing seen the Google Redesign add-on for Firefox?

It can be found here: https://addons.mozil...efox/addon/8434

Check it out. It makes gmail and google calendar look much cooler. Just thought I'd mention it here. Also, change your https setting like CPGunner pointed out.
  • 0
I hate you.

#13 keef

keef

    Member

  • Members
  • 1,390 posts
  • Location:Denville, New Jersey

Posted 21 August 2008 - 04:09 PM

Thanks for this, I use google for everything, can't have that get messed up...

OMC- I like the addon, thanks!
  • 0
Timothy M-Lick <3

#14 Thom

Thom

    Member

  • Members
  • 759 posts
  • Location:SUNY Buffalo

Posted 21 August 2008 - 04:37 PM

I'm meh on the redesign. It doesn't seem to improve the interface in a significant way. Nothing wrong with plain skins, though.
  • 0

#15 serpent sniper

serpent sniper

    Member

  • Members
  • 222 posts

Posted 21 August 2008 - 04:52 PM

Thanks for the heads up with the security issues.

OMC, awesome addon. The theme is very similar to my firefox skin, and my IM client's skin. Everything is nice and unified.

More google related thread hijacking:

Anyone else use digsby? It's a cool IM client that can do a lot of stuff. It combines all of your IM services, and can alert you if you get emails or messages on a social networking site. I use it and like it a lot. It keeps me from compulsively checking my gmail accounts and facebook.

It has a couple downsides though, no AIM chatroom support (yet at least) and doesn't work with just any email address. So far they support Gmail, AOL, IMAP, and POP accounts. I can't make it check my campus email (which opens in a web version of outlook), but I'm no email expert.

Just thought I'd share.
  • 0
Animus GmbH My Custom Nerf Props and Paintjobs

#16 Rambo

Rambo

    Fear the Robble...

  • Members
  • 1,807 posts
  • Location:Allentown, PA

Posted 21 August 2008 - 09:12 PM

There is a tool being released by a reverse engineer in two weeks that
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe. To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.


Thanks for the heads up.


Not to highjack the thread, but has anyone else who uses Google for everything and Firefox for browsing seen the Google Redesign add-on for Firefox?


When I saw that I was reminded of Blackle. I figured they put it out, but I don't see any tie to them.

Anyone else use digsby? It's a cool IM client that can do a lot of stuff. It combines all of your IM services, and can alert you if you get emails or messages on a social networking site. I use it and like it a lot. It keeps me from compulsively checking my gmail accounts and facebook.


Aside from social networking messages and emails, I think Trillian Astra will be eons ahead of digsby once it's finally released. Plus, I've tried to install digsby on four machines and it was only successful on one of them. :mellow:
  • 0

#17 Dr Rockzo

Dr Rockzo

    Member

  • Members
  • 94 posts

Posted 21 August 2008 - 10:45 PM

I use gmail, and this is interesting. This reminds me of when Miley Cyrus's gmail account got hacked haha.
  • 0

#18 digitalkid

digitalkid

    Member

  • Members
  • 18 posts
  • Location:Capital Region, NY

Posted 31 August 2008 - 03:17 PM

Ahh, DefCon. A hacker's heaven. Thanks for the heads-up. Now I want to check out that tool, just for curiosity. :D

Even though I don't use Google for everything, just search and Gmail, it's not gonna bother me if I turn on https for Gmail. Might as well.

Thanks for posting this!
  • 0
A problem has been detected and you have been shot down.

DOOMSAYER.EXE

FATAL_EXCEPTION_ERROR_CAUSED_BY_A_SHOT_AT_POINT_BLANK_RANGE

If this is the first time you've seen this Stop Error screen, count to 15 and respawn. If this screen appears again, you're dead. Get out of the field.

#19 Killzor

Killzor

    Member

  • Members
  • 25 posts
  • Location:Evanston, IL

Posted 31 August 2008 - 07:38 PM

Thanks dude. I probably never would've noticed that without you pointing it out.
  • 0
CDO, it's OCD but put in alphabetical order, like everything should be

#20 AssassinNF

AssassinNF

    Member

  • Members
  • 904 posts

Posted 31 August 2008 - 10:13 PM

There is a tool being released by a reverse engineer in two weeks that
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe.

http://it.slashdot.o...433206&from=rss

excerpt:
A tool that automatically steals IDs of non-encrypted sessions and
breaks into Google Mail accounts has been presented at the Defcon
hackers' conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users
to permanently switch on SSL and use it for every action involving
Gmail, and not only, authentication. Users who did not turn it on now
have a serious reason to do so as Mike Perry, the reverse engineer
from San Francisco who developed the tool is planning to release it in
two weeks.


To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.


Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?

I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.

Thanks for the heads-up.
  • 0

Probably dead by now, or something.


#21 Aimless

Aimless

    Member

  • Members
  • 169 posts

Posted 31 August 2008 - 11:02 PM

As long as he claims that it was just an experiment and not for doing illegal things he'll be fine.

Edited by Aimless, 31 August 2008 - 11:03 PM.

  • 0
It makes the world go round.

#22 nerfsharpie6

nerfsharpie6

    Member

  • Members
  • 326 posts
  • Location:New Jersey

Posted 01 September 2008 - 12:28 PM

Hacking by any sense of the word is not illegal. Its when the hacker steals personal information for unlawful gains does it then become illegal. Conventions like defcon, are legal gatherings of like minded people to discuss their hobby, or even job. The media has slandered, and dirtied the word, to twist it to their meaning to scare people. The real definition of a "hacker" is a person who believes in the free trade of all media. Its only when some one steals something from a computer do they become the bad guy.
  • 0
We hang our flags and banners of victory off of your dead bodies.

#23 boisie

boisie

    Member

  • Members
  • 303 posts
  • Location:Bitch, I'm from Cleveland

Posted 01 September 2008 - 04:20 PM

Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?

I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.

Thanks for the heads-up.

Are you a retard? Hacking is in no means illegal. Until you steal information, you are on legal turf. People even get paid to hack into networks, for security measures. I'm now going to refer you to HackaDay.com and have your search for Defcon. Also, check out Hackthissite.org. Very fun little site.

Also, the creator is not the one to arrest. The skiddies are.

Edited by boisie, 01 September 2008 - 04:22 PM.

  • 0
QUOTE(One Man Clan) View Post
You understand what you just did posting a picture of 4 girls on a message board chock full of nerdy virgins, right?
QUOTE(Foamfoot) View Post
Maybe if we download Ubuntu Christian edition, God will help us install it.

#24 AssassinNF

AssassinNF

    Member

  • Members
  • 904 posts

Posted 01 September 2008 - 06:46 PM


Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?

I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.

Thanks for the heads-up.

Hacking is in no means illegal. Until you steal information, you are on legal turf. People even get paid to hack into networks, for security measures. I'm now going to refer you to HackaDay.com and have your search for Defcon. Also, check out Hackthissite.org. Very fun little site.

Also, the creator is not the one to arrest. The skiddies are.


He's created something specifically for the purpose of stealing information. I know he can't really be arrested or anything, but I still think it's bullshit.

I never said hacking was illegal. I said hacking specifically for the purpose of allowing others to steal information should be illegal.
  • 0

Probably dead by now, or something.


#25 analogkid

analogkid

    Member

  • Members
  • 425 posts
  • Location:12304
  • State:New York
  • Country:United States

Posted 01 September 2008 - 08:54 PM

By releasing this tool, not only is he allowing internet criminals steal your stuff, he is allowing people to use the tool to come up with a fix. You can't fix something until you know how its broke.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users