Full Disclosure mailing list archives
Re: Gmail emails issue
From: n3td3v <xploitable () gmail com>
Date: Fri, 4 Aug 2006 16:26:48 +0000
On 8/4/06, Peter Dawson <slash.pd () gmail com> wrote:
if thats on the gmail server, then the same gmail servers /clusters hold all other information collateral .. that is CC#, Phones, names. pwds etc ...and when GHhealth comes out your blood type and if you want your SIN# too..!! So whats the big deal with the temp folder at the server end being unflushed ? Bad practice or a secruity risk. <"temp folder on the gmail server. I verified an attachment being available even after being signed out"> .. and then my primary question would be .. how did you peek into the gserver cluster ?? could you share that info ?? or is this domain hosting your talking about ?? /pd On 8/4/06, Thomas Pollet <thomas.pollet () gmail com> wrote: > > He means a temp folder on the gmail server. > I verified an attachment being available even after being signed out. > > > On 04/08/06, Stan Bubrouski < stan.bubrouski () gmail com > wrote: > > > > I'm reading your message in gmail and there is nothing in my temp > > folder... not that i'd expect there to be. Gmail can't just create > > files on your computer without your permission, it it can your > > settings are wrong or your browser is broken. In other words if your > > gmail mails are ending up in your temp folder your web browser is > > putting them there... what browser are you using BTW. I'm using > > firefox and it doesn't store my mails in the temp folder under my NT > > account. > > > > -sb > > > > On 8/4/06, 6ackpace < 6ackpace () gmail com> wrote: > > > > > > Hi All, > > > > > > Gmail stores mails in Temp folder for faster access.but i have > > observer it > > > fails to remove mail from the temp files after the session is > > ended. > > > > > > any user who has access physical access to the system can read mail > > and > > > contact information of the Gmail user. > > > > > > Discloses information which is private and confidential????? > > > > > > thank you > > > > > > ratna > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: > > > http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- http://peterdawson.typepad.com PeterDawson Home of ThoughtFlickr's "This message is printed on Recycled Electrons." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
The same happens on Yahoo Messenger file share. If the client cannot connect peer to peer then the file being sent will be stored on the server as a temp file. The Yahoo system cannot verify that the file has been successfully downloaded by the intended party, so the file is left on the server, until Yahoo decides to expire the file. What folks were doing is linking the temp files to victims (via any chat or e-mail), the file extension could be anything, so the malicious file was being used in virus and phishing runs. The hacker would keep rotating the temp file storage system, everytime the file expired (which can be hours at a time, enough time to infect and phish your way through thousands of hosts), therefore you have continued storage of virus and phishing on the Yahoo servers, undetected. The Yahoo virus and phishing detection system trusts 'yahoo.com', so it isn't stored on their anti-spam url collection system, and even if it did, the unique temp file URL is changing every rotation, everytime the temp file expires, so the URL is always changing its character, so stayed trusted and stealth. This was being exploited by my connections three or so years ago, although, yahoo was contacted in private, I think it was treated as a non-issue. Lolz. Can someone check0r it out and tell me it can still be exploited today? :) I'll need to check0r it out too. Thats Yahoo for you. Sorry to poison a Gmail thread with this, but it just reminded me of what we exploit on Yahoo :) haw haw haw... keep hax0ring peeps. I grew up with the vulnerability in my teen years, it was so common place, no one thought to report it, but eventually I stopped using Yahoo Messenger temp file storage for when we blocked the peer to peer via our programs, but yeah, I forgot to check if they patched it. Many good lucks and researching....I expect someone with a formal advisory to be posting what i'm talking about in the coming daze....peace out for now my homies. Long live server side temp file storage on Yahoo, it rocks vxers socks. Shouts to henrit () yahoo-inc com who was the security engineer at the time I reported it to him, so the buck stops at him, I believe the buck should stop with someone in YAHOO, and should not get away with sloppy security. mis () seiden com is still off the hook for the Yahoo Finance defacement (which happened last weekend), so I guess henri gets off with the temp storage thingy too. These people are paid thousands of dollars a year to detect these easy holes before the bad guys. Time and time again, they get paid even if security incidents keep happening on their turf :) Reject their wage for each month theres a security incident on their turf and you can be sure they'll suddenly have all the holes reported and patched to security () yahoo-inc com, yahoo stop relying on free-lance security researchers to tell your thousands of dollars a year ethical hackers about bugs, and make your researchers wokr for their money. The rejected wage packet for that month should obviously goto the free-lance researcher who showed up the ethical hacker for not detecting the bug before them. That would solve Yahoo security problems once and for all. Yahoo security staff, take it for granted they'll ne given there wage regardless of what happens, that should change, to keep them on their toes and always worried if there getting paid that month. In the security industry, getting paid should be a earned not assumed. Security companies and corporations need to get tough with employees and security consultants, to make sure standards are kept in check, to garentee their working 110% to protect your network from attacks. I love you henri and mark, both do great work at yahoo, when you're not being hacked
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Gmail emails issue 6ackpace (Aug 04)
- Re: Gmail emails issue Stan Bubrouski (Aug 04)
- Re: Gmail emails issue Thomas Pollet (Aug 04)
- Re: Gmail emails issue Peter Dawson (Aug 04)
- Re: Gmail emails issue John Dietz (Aug 04)
- Re: Gmail emails issue Denis Jedig (Aug 04)
- Message not available
- Re: Re: Gmail emails issue L. Victor (Aug 04)
- Re: Re: Gmail emails issue John Dietz (Aug 04)
- Re: Re: Gmail emails issue Peter Dawson (Aug 04)
- Re: Gmail emails issue Thomas Pollet (Aug 04)
- Re: Gmail emails issue Stan Bubrouski (Aug 04)
- Re: Gmail emails issue n3td3v (Aug 04)
- Re: Gmail emails issue Peter Dawson (Aug 04)
- Message not available
- Re: Gmail emails issue L. Victor (Aug 05)