lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 15 Jul 2008 01:03:56 -0400
From: Ureleet <ureleet@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Comments on: Google powers up users'
	Gmail security arsenal

i am surprised you didnt take credit for this you twit.

On Tue, Jul 8, 2008 at 2:46 PM, n3td3v <xploitable@...il.com> wrote:
> ---------- Forwarded message ----------
> From: newsgroup <newsgroupnewsgroup@...glemail.com>
> Date: Tue, Jul 8, 2008 at 7:31 PM
> Subject: Comments on: Google powers up users' Gmail security arsenal
> To: n3td3v@...glegroups.com
>
>
>
> by n3td3v  July 8, 2008 11:23 AM
>
> @ReVeLaTeD
>
> Not all users with access to your Gmail account want to change the
> password, they want to read emails stealthily and thats all. Raising
> suspicion by letting the victim know you're there isn't something they
> want to do.
>
> If they kicked you out and changed the password they wouldn't be able
> to read your emails anymore, hence why they don't kick you out and
> change the password.
>
> You've got to remember why people break into web mail accounts in the
> first place, its not to steal your account, its to read emails and
> gather intelligence.
>
> However, this feature is pointless in the sense of detecting if the
> government is snooping, as the government monitor your Gmail account
> in different ways.
>
> This feature is only going to detect low-level snooping by bedroom
> teens, criminals and stalkers.
>
> The end game is, the government are still reading your web emails and
> won't show up on this system.
>
> It is a stupid feature in the sense its giving gullible Gmail users a
> false sense of security in that, if they see no rogue IP addresses
> logging into their Gmail account, that they think no one is snooping
> and reading their emails, that isn't the case.
>
> This system won't detect government snooping, the government simply
> send a national security letter to Google Mail and they are granted
> full access to backend visualisation stats, graphs and other neat
> features to watch everything thats going on with your Gmail account.
>
> You can probably bet this system purposely ignores known government
> addresses anyway in an agreement between the government and Google, so
> yeah completely misleading system this is.
>
> All the best,
>
> n3td3v
>
> http://news.cnet.com/8601-13577_3-9985264.html?hhTest&communityId=2072&targetCommunityId=2072&messageId=753919#753919
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ