[Full-disclosure] Social flaws / vulnerabilities in 'Last account activity' on Gmail
AaRoNg11
aarong11 at gmail.com
Sat Sep 20 21:47:55 BST 2008
If the job was that sensitive of a job, do you really think they'd be using
gmail to send important information?
On Sat, Sep 20, 2008 at 7:00 PM, n3td3v <xploitable at gmail.com> wrote:
> On Sat, Sep 20, 2008 at 6:36 PM, <redb0ne at hush.com> wrote:
> > No, not time to "scrap this feature".
> >
>
> Yes time to scrap this feature, its pointless. Once they are in the
> account, they have gotten what they wanted, they don't care if a fake
> IP address is left in the 'Last account activity' list.
>
> The only thing the 'Last account activity' list feature really does is
> reveal the victims IP addresses.
>
> Someone who has broken into a Gmail account, the last thing they care
> about is being reported to Google!
>
> People think hackers just want to sit stealth and read emails, thats
> not always true, usually they are after one specific thing, or in this
> case a list of IP addresses, they don't care if the victim changes the
> password after seeing a fake IP address in the 'Last account activity'
> list. They've already gotten what they came for and left.
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Aaron Goulden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080920/e1fe0a7d/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.