lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 8 Jul 2008 19:46:29 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: Comments on: Google powers up users' Gmail
	security arsenal

---------- Forwarded message ----------
From: newsgroup <newsgroupnewsgroup@...glemail.com>
Date: Tue, Jul 8, 2008 at 7:31 PM
Subject: Comments on: Google powers up users' Gmail security arsenal
To: n3td3v@...glegroups.com



by n3td3v  July 8, 2008 11:23 AM

@ReVeLaTeD

Not all users with access to your Gmail account want to change the
password, they want to read emails stealthily and thats all. Raising
suspicion by letting the victim know you're there isn't something they
want to do.

If they kicked you out and changed the password they wouldn't be able
to read your emails anymore, hence why they don't kick you out and
change the password.

You've got to remember why people break into web mail accounts in the
first place, its not to steal your account, its to read emails and
gather intelligence.

However, this feature is pointless in the sense of detecting if the
government is snooping, as the government monitor your Gmail account
in different ways.

This feature is only going to detect low-level snooping by bedroom
teens, criminals and stalkers.

The end game is, the government are still reading your web emails and
won't show up on this system.

It is a stupid feature in the sense its giving gullible Gmail users a
false sense of security in that, if they see no rogue IP addresses
logging into their Gmail account, that they think no one is snooping
and reading their emails, that isn't the case.

This system won't detect government snooping, the government simply
send a national security letter to Google Mail and they are granted
full access to backend visualisation stats, graphs and other neat
features to watch everything thats going on with your Gmail account.

You can probably bet this system purposely ignores known government
addresses anyway in an agreement between the government and Google, so
yeah completely misleading system this is.

All the best,

n3td3v

http://news.cnet.com/8601-13577_3-9985264.html?hhTest&communityId=2072&targetCommunityId=2072&messageId=753919#753919

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ