 DonnaBPremium
join:2003-05-07
malaysia | GMail 'CheckAvailability' Script May Disclose User Information to Remote Users
Impact: Disclosure of user information
Exploit Included: Yes
Description: A vulnerability was reported in Google's GMail beta e-mail service. A remote user may be able to determine information about another user attempting to register an account on the system.
Ahmed Motaz reported that a remote user can invoke the '/accounts/CheckAvailability' script repeatedly to cause the system to return information beloging to another user's query. The information disclosed includes the target user's first and last name and the target user's desired GMail account username.
The remote user must have a valid GMail invitation, the report said.
The vendor has reportedly been notified.
Impact: A remote user with a valid GMail invitation can determine information about another user attempting to register an account with the service, including the target user's first and last name and the target user's desired GMail account username.
Solution: No solution was available at the time of this entry.
»www.securitytracker.com/alerts/2···647.html
--
MS MVP-Windows SecurityIf U always expect the worst you will never be disappointed. |
|
| I dunno which is worse, the above or this? |
|
| said by Philmatic:
I dunno which is worse, the above or this?
HOLY SHIZNIT!!!!!  :o:o:o
--
Either you know how to use MIRC, or you dont, there is no in between |
|
TabletPremium
join:2003-01-15
Czech | reply to Philmatic
Re: GMail 'CheckAvailability' Script May Disclose said by Philmatic:
I dunno which is worse, the above or this?
Whow, this is serious indeed. Those spammers out there have a lucky day  |
|
|
|
Reviews:
 ·AT&T U-Verse
 ·San Bruno Munici..
 ·AT&T Yahoo
| reply to Philmatic
said by Philmatic:
I dunno which is worse, the above or this?
my..... god.....
--
00111110 01011111 00111100 00100000 01101111 01011111 01001111 00100000 01011000 01011111 01111000 |
|
 KoolMoeAw ManPremium
join:2001-02-14
Annapolis, MD | reply to Philmatic
Phew, my gmail username doesn't seem to be listed - at least, not any more (or not yet?).
That is pretty lame though, especially that it's lasted. Google being in control of their cache and robot should have this cleaned out immediately.
KM |
|
| said by KoolMoe:
That is pretty lame though, especially that it's lasted. Google being in control of their cache and robot should have this cleaned out immediately.
I totally agree, I saw that posted in another forum here almost 2 weeks ago, they have yet to clean it out. |
|
BPremium,MVM
join:2000-10-28 |
Wow. Just in case it gets fixed today, here's my screenshot. Only 480 names though?
-- B
--
In a realm outside causality and function |
|
 justinAustralian
join:1999-05-28
New York, NY
kudos:7 | yeah its funny
but its only 480 names.
Not even worth one second of a spammers time. |
|
| said by justin:
yeah its funny
but its only 480 names.
Not even worth one second of a spammers time.
Mabey not for a "big time" spammer, but little up and coming spammers can probably make a good profit for sending spam to gmail accounts since they are so popular
--
Either you know how to use MIRC, or you dont, there is no in between |
|
| reply to DonnaB
I think he was being sarcastic.  |
|
 ChizepPremium
join:2002-04-07
Concord, NC | reply to EvilByDesire
Re: GMail 'CheckAvailability' Script May Disclose said by EvilByDesire:
said by justin:
yeah its funny
but its only 480 names.
Not even worth one second of a spammers time.
Mabey not for a "big time" spammer, but little up and coming spammers can probably make a good profit for sending spam to gmail accounts since they are so popular
Kiddie spammers?  |
|
 QumahlinNever Enough TimePremium,MVM
join:2001-10-05
united state | reply to EvilByDesire
said by EvilByDesire:
said by justin:
yeah its funny
but its only 480 names.
Not even worth one second of a spammers time.
Mabey not for a "big time" spammer, but little up and coming spammers can probably make a good profit for sending spam to gmail accounts since they are so popular
Let them. I have roughly 25 email accounts each for various services and reasons. As a stress test for Gmail and to test it's filtering and separation features I have since set all my email addys to forward a copy of any mail they receive to my Gmail account..
Guess what so far Gmail has yet to let a single spam through to my inbox, whereas the other accounts which the email is coming from even though they use brightmail and other spam elimination tactics have let the spam through...So far my Gmail account has marked every spam perfectly and thrown them in the spam box.
It did have one false positive but it was from a friend who's email name is quite close to something you'd consider spam at a first glance and the message did contain a few phrases that I can see being considered spam. But the resolution was simple I marked the sender as not spam and now all her emails come through just fine.
So if a spammer wants to waste time spamming Gmail let em
--
Forum Posts:5004 |
|
justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| I'm not sure that forwarding is a good test of spam filters. Because a forwarded message is distinctly different than a real spam message. It comes from a different place, for a start. Not saying your test doesn't say anything about gmail filters. Just not sure that if it in that test a spam filter let messages through it would let those same messages through if they were aimed at the account in the first place. |
|
 CPMBroadband, DSL, cable
join:2001-08-24
Brooklyn, NY | reply to justin
Re: GMail 'CheckAvailability' Script May Disclose it is still not patched. Sometimes having 1st generation things is NOT the best thing to have.
It is not the best to be frist on the block after all:)
--
Broadwayman.com - Internet portal for Everything Broadway and New York. |
|
 KenPremium,MVM
join:2003-06-16
Brownsburg, IN | reply to Qumahlin
This was posted awhile back but still good info.
quote:
How long does it take to fill up 1 Gig of storage with spam? How well do Gmail's junk filters work? Let's find out! Spam my shiny new G-mail account at prattboy@gmail.com Give my address to spammers, newsletters, annoying people, whatever, and let's see how long it takes
»gmail.prattboy.net/
--
Visit my homepage:»www.kenmerritt.com |
|
| reply to Philmatic
Re: GMail 'CheckAvailability' Script May Disclose User said by Philmatic:
I dunno which is worse, the above or this?
Holy. |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to DonnaB
Re: GMail 'CheckAvailability' Script May Disclose This is why gmail is beta when you take part in a beta expect bad things to happen some times realy realy bad. Heres a example for you when i was in the realy early phases of one beta game before it was even in to closed beta i was there in non public beta aka inhouse beta or inhouse alpha. I had to reinstall my os 3 times in less than a weeks time dureing the entire beta i had 6 os reinstalls. This is what betas are all about finding bugs reporting them and getting them fixxed. Betas are not about getting a game os or email account for free.
With that said on things such as gmail you should not put in any information that you would not want public things like real name address and phone number. Id not use gmail for sending any thing you wold consider sensitive information ither.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
