[Wolves] G-Mail

Tim Humpherson tim.humpherson at gmail.com
Mon Nov 1 19:22:55 GMT 2004


Yes, but you should NEVER use the GMail for any sensitive e-mails,
such as e-commerce, personal details, and above all, NEVER use GMail
to send your bank details, account numbers or PIN numbers or anything
like that that could be of use to an identity thief!

Use your own ISP's e-mail for normal personal e-mail, but NEVER use
bank details, and the like over that one too.

If in doubt, always e-commerce over SECURE https:// websites whose
certificates are valid and authentic.

Beat the hacker at any time, by adhering to the simple rules like
above, also make sure your firewall (if you have one) set up
correctlly.  If you are using Windows (argh!), keep your Anti-Virus
up-to-date.

That's all.

Cheers,


Tim



On Mon, 1 Nov 2004 14:01:38 +0000, Kevanf1 <kevanf1 at gmail.com> wrote:
> No surprises there then :-)
> 
> Didn't Yahoo have something similar when they first offered their
> webmail service?
> 
> On Mon, 1 Nov 2004 12:55:35 -0000, Philip Moore <ptm48 at uklinux.net> wrote:
> >
> > Hi
> >
> > I saw an interesting report on Thre Register - I thought those who use
> > G-Mail may be interested. The report reads:
> >
> >
> >
> > By John Leyden
> >
> > Published Friday 29th October 2004 16:50 GMT
> >
> > Google's high profile webmail service, Gmail, is vulnerable to a security
> > exploit that might allow hackers full access to a user's email account
> > simply by knowing the user name, according to reports.
> >
> > The security flaw allows full access to users' accounts, with no need of a
> > password, Israeli news site Nana says . Using a hex-encoded XSS link, the
> > victim's cookie file can be stolen by a hacker, who can later use it to
> > identify himself to Gmail as the original owner of an email account,
> > regardless of whether or not the password is subsequently changed. Following
> > up a tip from an Israeli hacker, journos from the site confirmed the attack
> > and verified the exploit with local security firm Aladdin Knowledge Systems.
> >
> > It's unclear whether the hole has been maliciously exploited. Google has
> > been notified of the issue and is reportedly working on a fix. No-one from
> > the company was available to update The Register on the issue at time of
> > going to press. ®
> >
> > Philip Moore
> >
> >
> > _______________________________________________
> > Wolves LUG mailing list
> > Homepage: http://www.wolveslug.org.uk/
> > Mailing list: Wolves at mailman.lug.org.uk
> > Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
> >
> >
> 
> --
> Take care.
> Kevan Farmer
> 
> 34 Hill Street
> Cheslyn Hay
> Staffordshire
> WS6 7HR
> 
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
>



More information about the Wolves mailing list