Skip to content
September 7, 2008 / technocrawl

Gmail Auto Hack Tool Presented at Defcon

Recently Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who haven’t turned it ON yet, will going to be the victims for this sort of attack. Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in next couple of days.

Since Gmail is using https:// (SSL) not only for authentication, so when ever some intruders steals your un-encrypted cookie that contains your session ID which is exactly sent by Google , then that will be quite enough for him to get into your gmail account even without your password.

Google have already been reported for this serious Flaw, but still haven’t notified any of its users, hence Mike Perry has planned to release the tool within next couple of days and hope google will patch it up even before the release, If not the it would be a wet dream for script kiddies and gray hat to compromise Gmail user account.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: