lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 20 Sep 2008 21:47:55 +0100
From: AaRoNg11 <aarong11@...il.com>
To: n3td3v <xploitable@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Social flaws / vulnerabilities in 'Last
	account activity' on Gmail

If the job was that sensitive of a job, do you really think they'd be using
gmail to send important information?

On Sat, Sep 20, 2008 at 7:00 PM, n3td3v <xploitable@...il.com> wrote:

> On Sat, Sep 20, 2008 at 6:36 PM,  <redb0ne@...h.com> wrote:
> > No, not time to "scrap this feature".
> >
>
> Yes time to scrap this feature, its pointless. Once they are in the
> account, they have gotten what they wanted, they don't care if a fake
> IP address is left in the 'Last account activity' list.
>
> The only thing the 'Last account activity' list feature really does is
> reveal the victims IP addresses.
>
> Someone who has broken into a Gmail account, the last thing they care
> about is being reported to Google!
>
> People think hackers just want to sit stealth and read emails, thats
> not always true, usually they are after one specific thing, or in this
> case a list of IP addresses, they don't care if the victim changes the
> password after seeing a fake IP address in the 'Last account activity'
> list. They've already gotten what they came for and left.
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Aaron Goulden

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ