shotgun 0 Report post Posted November 26, 2008 When you create a filter in your Gmail account, a request is sent to Googleâs servers to be processed. The request is made in the form of a url with many variables. For security reasons, your browser doesnât display all the variables contained within the url. Using FireFox and a plugin called Live HTTP Headers, you can see exactly what variables are sent from your browser to Googleâs servers.Here is an example of a request url sent to Google to create a filter exactly like the one in the image above. Iâve broken down the url by variable so itâs easier to read:https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=googlemail&emr=1?ui=2&ik=ad7df7dc23 *Unique Account Identifier*&at=xn3j35svndkg48yp2qgmpt99ivcqdc *Session Authorization Key*&view=up&act=cf&rt=h&zx=pjo6fg-k2ljzh&search=cf&cf1_from=support%40godaddy.com&cf2_emc=true&cf2_email=hacker%40hacker.com&cf2_tr=trueThrough a process of elimination you can determine the role of each variable. The two most important variables, ik & at. The ik variable is the equivalent of a username, each account has one and it never changes. Obtaining this variable is tricky but possible. Iâm not going to tell you how to do it, if you search hard enough online youâll find out how.Obtaining the at variable on the other hand can be done by tricking a user into visiting a page that contains malicious code that subsequently steals a cookie from the user called GMAIL_AT which is the same as the at variable, just named differently. Once the cookie is stolen the malicious code creates a hidden iframe with a url containing the variables that authorize Gmail to create a filter for your account.Cnet News-------------OS:Windows Vista Ultimate Sp1MD:Asus P5N-ECPU:2.40GHz/Intel Quad Core Q6600RAM:Corsair Dual Channel 4GB 800MhzVC:XFX GeForce 9800 GTX/512MB Share this post Link to post Share on other sites
yordan 10 Report post Posted November 26, 2008 This article has already been published by Brandon on Sunday, November 23rd, 2008,here : http://www.geekcondition.com/The geekcondition post goes further than your text, explaining what to do in order to workaround this security hole, as well as honestly giving also the official google answer which is, guess what ? Weâve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website ownersâ domains by unauthorized third parties. At Google weâre committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerabilityâŚ.@shotgun : please read our forum rules again. Here, at Xisto, we prefer original articles.It is not forbidden to post copied text, however you must put the copied text between quotes and mention where you copied the text from.I did this quoting job for you today, I would like you to do the quoting job by yourself next time.Else, we could imagine that you are trying to cheat with our Credit System. And this makes the admins around here rather angry. Share this post Link to post Share on other sites
FirefoxRocks 0 Report post Posted November 29, 2008 So does this mean that an attacker could gain unauthorized access to your account or what exactly is the problem with this security hole? Is it preventable or is Google currently investigating a patch right now? Share this post Link to post Share on other sites
yordan 10 Report post Posted November 29, 2008 So does this mean that an attacker could gain unauthorized access to your account or what exactly is the problem with this security hole? Is it preventable or is Google currently investigating a patch right now?If you read the original post, you will see that google has solved the problem and claims that there is no real security hole. Share this post Link to post Share on other sites
