Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Social flaws / vulnerabilities in 'Last account activity' on Gmail

From: n3td3v <xploitable () gmail com>
Date: Sat, 20 Sep 2008 19:00:31 +0100
On Sat, Sep 20, 2008 at 6:36 PM,  <redb0ne () hush com> wrote:

No, not time to "scrap this feature".



Yes time to scrap this feature, its pointless. Once they are in the
account, they have gotten what they wanted, they don't care if a fake
IP address is left in the 'Last account activity' list.

The only thing the 'Last account activity' list feature really does is
reveal the victims IP addresses.

Someone who has broken into a Gmail account, the last thing they care
about is being reported to Google!

People think hackers just want to sit stealth and read emails, thats
not always true, usually they are after one specific thing, or in this
case a list of IP addresses, they don't care if the victim changes the
password after seeing a fake IP address in the 'Last account activity'
list. They've already gotten what they came for and left.

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: