| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee9310809201100q14b6a102jb72de38beed66c55@mail.gmail.com> Date: Sat, 20 Sep 2008 19:00:31 +0100 From: n3td3v <xploitable@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Social flaws / vulnerabilities in 'Last account activity' on Gmail On Sat, Sep 20, 2008 at 6:36 PM, <redb0ne@...h.com> wrote: > No, not time to "scrap this feature". > Yes time to scrap this feature, its pointless. Once they are in the account, they have gotten what they wanted, they don't care if a fake IP address is left in the 'Last account activity' list. The only thing the 'Last account activity' list feature really does is reveal the victims IP addresses. Someone who has broken into a Gmail account, the last thing they care about is being reported to Google! People think hackers just want to sit stealth and read emails, thats not always true, usually they are after one specific thing, or in this case a list of IP addresses, they don't care if the victim changes the password after seeing a fake IP address in the 'Last account activity' list. They've already gotten what they came for and left. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists