News: Gmail users loosing all their emails and contacts
Published: 2007-01-03 17:41:29 . Categories: Google Security
Earlier ( www.kfwebs.net ) I wrote about how the lack of user interest in security resulted in computers getting hijacked with a trojan horse, getting used to perform financial transactions while the users were logged into their internet bank account.
Now I want to present a fairly recent example of google's mail service, gmail, getting targeted.
The google help pages states: "If you're not able to locate a message in your Inbox, Sent Mail, All Mail, or Trash, it's been permanently removed from your Gmail account. Unfortunately, we're unable to recover messages or Contact entries that have been deleted from your account.
If you're concerned that someone may have gained access to your account, we suggest that you take the following measures: " at mail.google.com
And this is exactly what happened to many in the newsgroup thread groups.google.com
"Found my account clean..nothing in Inbox, contacts ,sent mail..How can all these information residing in different folders disappear?"
As it turns out, the cause is most likely an insecure system, that was attacked either through a trojan horse or a cross-site scripting attack. Suspicions are that it is related to an error in Firefox 2.0 (not updated to 2.0.0.1) that can be read about at nvd.nist.gov . This error states "Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error."
Later discussions has lead to requests for a backup routine in gmail, and that google should take responsibility for backing up these user's email. The thing is, users already have a way of backing up the emails, as gmail permits POP access to the account.
This is solely the user's responsibility:
1) It was the users' computer that got compromised, so google had no way of knowing whether this was the user or an attack.
2) the users already had method available to make backups of the data.
3) The users had not performed such backups
At the same time, please read up on how to secure the communication done with emails at www.secure-my-email.com , adding digital signatures and encrypting the content.
Now I want to present a fairly recent example of google's mail service, gmail, getting targeted.
The google help pages states: "If you're not able to locate a message in your Inbox, Sent Mail, All Mail, or Trash, it's been permanently removed from your Gmail account. Unfortunately, we're unable to recover messages or Contact entries that have been deleted from your account.
If you're concerned that someone may have gained access to your account, we suggest that you take the following measures: " at mail.google.com
And this is exactly what happened to many in the newsgroup thread groups.google.com
"Found my account clean..nothing in Inbox, contacts ,sent mail..How can all these information residing in different folders disappear?"
As it turns out, the cause is most likely an insecure system, that was attacked either through a trojan horse or a cross-site scripting attack. Suspicions are that it is related to an error in Firefox 2.0 (not updated to 2.0.0.1) that can be read about at nvd.nist.gov . This error states "Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error."
Later discussions has lead to requests for a backup routine in gmail, and that google should take responsibility for backing up these user's email. The thing is, users already have a way of backing up the emails, as gmail permits POP access to the account.
This is solely the user's responsibility:
1) It was the users' computer that got compromised, so google had no way of knowing whether this was the user or an attack.
2) the users already had method available to make backups of the data.
3) The users had not performed such backups
At the same time, please read up on how to secure the communication done with emails at www.secure-my-email.com , adding digital signatures and encrypting the content.
Comments
| Mike - Mike |
| Hello!
Just to say thank you for answering my query on the Google AdSense Group. Appreciate your help. Best wishes, Mike. |
| Email: -hidden- - Website: http://mikesmoneymakingmission.blogspot.com Added: 2007-01-03 20:01:28 |
[Sitemap]
