|
|
 |
|
|
DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
November 26th, 2008
Gmail 'vulnerability' turns out to be phishing scam
Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.
The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.
However, after consulting with those who claimed to be affected by the so-called vulnerability, Google determined that they were victims of a phishing scam, Google information security engineer Chris Evans explained in a blog:
Attackers sent customized e-mails encouraging Web domain owners to visit fraudulent Web sites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired.
A Google representative contacted me early Monday to let me know the company was trying contact "Brandon" to get more information on his claim, but there was no word whether that blogger helped Google arrive at its conclusion. As of this writing, the blog has not been updated to mention Google's finding.
While this security breach was apparently unrelated to Gmail's operation, Google reminded users to enter Gmail sign-in credentials only at Web addresses starting with "https://www.google.com/accounts," and not to ignore warnings their browsers may raise regarding certificates.
Source: CNET News
All news for January, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
|
|
|
|
