[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310608040926t4eb83ae1w3db95713cd2a0fd@mail.gmail.com>
Date: Fri, 4 Aug 2006 16:26:48 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Gmail emails issue
On 8/4/06, Peter Dawson <slash.pd@...il.com> wrote:
> if thats on the gmail server, then the same gmail servers /clusters hold
> all other information collateral .. that is CC#, Phones, names. pwds etc
> ...and when GHhealth comes out your blood type and if you want your SIN#
> too..!!
>
> So whats the big deal with the temp folder at the server end being
> unflushed ? Bad practice or a secruity risk.
>
> <"temp folder on the gmail server. I verified an attachment being
> available even after being signed out">
>
> .. and then my primary question would be .. how did you peek into the
> gserver cluster ?? could you share that info ?? or is this domain hosting
> your talking about ??
>
> /pd
>
>
> On 8/4/06, Thomas Pollet <thomas.pollet@...il.com> wrote:
> >
> > He means a temp folder on the gmail server.
> > I verified an attachment being available even after being signed out.
> >
> >
> > On 04/08/06, Stan Bubrouski < stan.bubrouski@...il.com > wrote:
> > >
> > > I'm reading your message in gmail and there is nothing in my temp
> > > folder... not that i'd expect there to be. Gmail can't just create
> > > files on your computer without your permission, it it can your
> > > settings are wrong or your browser is broken. In other words if your
> > > gmail mails are ending up in your temp folder your web browser is
> > > putting them there... what browser are you using BTW. I'm using
> > > firefox and it doesn't store my mails in the temp folder under my NT
> > > account.
> > >
> > > -sb
> > >
> > > On 8/4/06, 6ackpace < 6ackpace@...il.com> wrote:
> > > >
> > > > Hi All,
> > > >
> > > > Gmail stores mails in Temp folder for faster access.but i have
> > > observer it
> > > > fails to remove mail from the temp files after the session is
> > > ended.
> > > >
> > > > any user who has access physical access to the system can read mail
> > > and
> > > > contact information of the Gmail user.
> > > >
> > > > Discloses information which is private and confidential?????
> > > >
> > > > thank you
> > > >
> > > > ratna
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
>
> --
> http://peterdawson.typepad.com
> PeterDawson Home of ThoughtFlickr's
> "This message is printed on Recycled Electrons."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
The same happens on Yahoo Messenger file share. If the client cannot connect
peer to peer then the file being sent will be stored on the server as a temp
file. The Yahoo system cannot verify that the file has been successfully
downloaded by the intended party, so the file is left on the server, until
Yahoo decides to expire the file. What folks were doing is linking the temp
files to victims (via any chat or e-mail), the file extension could be
anything, so the malicious file was being used in virus and phishing runs.
The hacker would keep rotating the temp file storage system, everytime the
file expired (which can be hours at a time, enough time to infect and phish
your way through thousands of hosts), therefore you have continued storage
of virus and phishing on the Yahoo servers, undetected. The Yahoo virus and
phishing detection system trusts 'yahoo.com', so it isn't stored on their
anti-spam url collection system, and even if it did, the unique temp file
URL is changing every rotation, everytime the temp file expires, so the URL
is always changing its character, so stayed trusted and stealth. This was
being exploited by my connections three or so years ago, although, yahoo was
contacted in private, I think it was treated as a non-issue. Lolz. Can
someone check0r it out and tell me it can still be exploited today? :) I'll
need to check0r it out too. Thats Yahoo for you. Sorry to poison a Gmail
thread with this, but it just reminded me of what we exploit on Yahoo :) haw
haw haw... keep hax0ring peeps. I grew up with the vulnerability in my teen
years, it was so common place, no one thought to report it, but eventually I
stopped using Yahoo Messenger temp file storage for when we blocked the peer
to peer via our programs, but yeah, I forgot to check if they patched it.
Many good lucks and researching....I expect someone with a formal advisory
to be posting what i'm talking about in the coming daze....peace out for now
my homies. Long live server side temp file storage on Yahoo, it rocks vxers
socks. Shouts to henrit@...oo-inc.com who was the security engineer at the
time I reported it to him, so the buck stops at him, I believe the buck
should stop with someone in YAHOO, and should not get away with sloppy
security. mis@...den.com is still off the hook for the Yahoo Finance
defacement (which happened last weekend), so I guess henri gets off with the
temp storage thingy too. These people are paid thousands of dollars a year
to detect these easy holes before the bad guys. Time and time again, they
get paid even if security incidents keep happening on their turf :) Reject
their wage for each month theres a security incident on their turf and you
can be sure they'll suddenly have all the holes reported and patched to
security@...oo-inc.com, yahoo stop relying on free-lance security
researchers to tell your thousands of dollars a year ethical hackers about
bugs, and make your researchers wokr for their money. The rejected wage
packet for that month should obviously goto the free-lance researcher who
showed up the ethical hacker for not detecting the bug before them. That
would solve Yahoo security problems once and for all. Yahoo security staff,
take it for granted they'll ne given there wage regardless of what happens,
that should change, to keep them on their toes and always worried if there
getting paid that month. In the security industry, getting paid should be a
earned not assumed. Security companies and corporations need to get tough
with employees and security consultants, to make sure standards are kept in
check, to garentee their working 110% to protect your network from attacks.
I love you henri and mark, both do great work at yahoo, when you're not
being hacked
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists