Jump to content

Flaw turns Gmail into spamming machine

NewsBot
 Share

Recommended Posts

NewsBot Newbie

NewsBot

Posted
Posted

Flaw turns Gmail into spamming machine

A "serious security flaw" in Gmail turns Google's e-mail service into a spamming machine, according to a recent security report.

INSERT, the Information Security Research Team, has created a proofof concept that exploits the "trust hierarchy" that exists between mailservice providers. By exploiting a flaw in the way Google forwardsmessages, a spammer can send thousands of bulk e-mails through Google'sSMTP service, bypassing Google's 500-address bulk e-mail limit andidentity fraud protections.

The report notesthat with the rising volume of spam, e-mail providers have turned towhitelists and blacklists to help root out IP addresses of knownspammers. Because Gmail falls into the trusted-whitelist category,messages are allowed "carte blanche" to bypass spam filtering.

INSERT's report notes that no extraordinary Internet expertise is necessary to exploit the flaw:

In this regard, this document presents a vulnerability report and aproof-of-concept attack that demonstrate how anyone with no specialInternet access privileges other than being able to connect to SMTP(TCP port 25) and HTTP (TCP port 80) servers is able to exploit asingle Gmail account in order to be granted nearly unrestricted accessto Google's massive whitelisted SMTP relay infrastructure.

Google has offered no official comment on the report.

This isn't the first Google tool to appeal to spammers. In April, my colleague Elinor Mills reported that spammers were now using Google Calendar.

Source : CNET

 

 

As this report says "......the flaw we have reported remains unpatched and exploitable. We have ran a new experiment where we were able touse our attack to send 2,000 messages using one Gmail account.

We would like to clarify to the security community that we havecontacted Google about the issue more than a week ago and no responsewas provideddespite our clear intent of cooperation regarding this matter. ......."

 

So its not yet attended to. So is it not serious or the flaw is not true? Does anybody know more about it ?

 

 

More...

 

View All Our Microsoft Related Feeds

View All Our Microsft Related Feeds
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...