Security flaw turns Gmail into open-relay server
Written by IT News on 8:28 PMThis article previously write By Joel Hruska | Published: May 10, 2008 - 01:15PM CT
The main reason to use Gmail is the large mailbox capacity and this is only one free mail server that allows people to get their email to outlook or other mail clients.
A recently-discovered flaw in Gmail is capable of turning Google's e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google's SMTP service without fear of detection. This attack bypasses both Google's identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.
Vulnerability in Gmail, with the spammer, a potentially unlimited number of messages is certainly a problem, but there is one other factor that could worsen external potential spam campaign. Since the volume of spam, he currently represents 95 percent of all e-mail traffic from many e-mail providers have lists of black and white lists as a first protection against flooding. An e-mail address johdoe@awinnerisyou.com (or IP address corresponding block) May automatically be blocked from any e-mail service, everything from an e-mail from a trust the authentication source such as Google Mail is automatically entitled to through the door. E-mail regularly use the provider of multi-level filter that everything to recognized that the missive forged Gmail is actually spam, but the message has an important hurdle that otherwise would have prevented delivery.
E-mail from Google, it seems, is particularly by Yahoo and Hotmail. The INSERT team tested the level of trust between the three most important e-mail providers of spam messages from Yahoo and Hotmail, with two sources. In the first attempt, the messages were sent from which the personal IP addresses were blacklisted by Yahoo and Hotmail. The second test was to broadcast the same message about Gmail VICE discovered that INSERT.
The difference is important. E-mail to Yahoo and Hotmail from a blacklist of IP is not even necessarily to the account of spam box, while the fake e-mails on the Gmail always came in the box receipt of the invoice. The goal here is not to condemn trusted source filter as bad, but to emphasize as vulnerability in a single product or service through a curling ecosystem. Google will probably act quickly to make this way, but Yahoo and Hotmail want to read, their Russian proverbs a little closer.
| Posted in »
0 comments: Responses to “ Security flaw turns Gmail into open-relay server ”