[SLL] Gmail Security Hole

Abha Harting abhaha at gmail.com
Fri Jun 1 08:52:14 PDT 2007 

Gee...this really really SUX. And then there is the fact that I have been an
enthusiastic promoter of GMAIL...ARRG!

Abha

On 6/1/07, Jerry Horvath <jerroldhorvath at gmail.com> wrote:
>
> My Gmail has been compromised.  See the following link.
>
> http://net.nana.co.il/Article/?ArticleID=155025&sid=127
>
> Any comments will be appreciated.  What follows is an E-Mail from my
> brother:
>
> Jerry,
>
> You won't believe this, but some how/some  way I accidentally
> "cracked" your gmail account!!!!!   The evidence is attached (a
> snapshot of your "sent" items).
>
> Quite frankly, I am completely perplexed on how I accomplished this!
> Let me explain.  This weekend I placed a small order online for some
> plants for the home.  This facility uses "Google Checkout" to submit
> payment.  I did not have a Google account so I had to sign up (this
> weekend).
>
> Utilized by me is "RoboForm" to maintain track of passwords.  You can
> search for this to understand all its capabilities, but simply one
> uses a main password to secure a database of passwords for various
> sites.  It has the smarts to gather in User IDs & passwords when you
> sign-up on appropriate web pages.  For my sign-up for Google Checkout,
> I have the User ID/pw  combo for the account I signed up for with
> "balsac at yahoo.com", but I also have your User ID/pw!!!!
>
> Somehow during the automation, RoboForm captured your sign-in
> creditials for User ID "jerroldhorvath", and tied it to the web page:
> https://www.google.com/accounts/ServiceLoginAuth.
>
> I don't have the slightest idea how this happened; it can probably be
> used as a case-study for your computer forensics interests.  Obviously
> a major security flaw.  From a personal standpoint, I will monitor
> very closely if I was phish'd as I used & entered credit card info for
> this transaction.  Most notably, perhaps it's a coincidence, perhaps
> real.  This weekend, I am positive that I completed a transaction on
> Eddie Bauer's web site too.  Now they have no record of this purchase
> being completed.  Granted that I was, as usual, busy doing multiple
> tasks, and I may have not fully completed the transaction, however in
> my mind, I am positive I did, yet EB shows no record!  This may be a
> Red Herring, or coincidence due to the breach with your account, I
> don't know.
>
>
> Mark
>
>
>
> --
> Jerry Horvath
>
> aka -  jerrypenguin The Linux Longshoreman
> mathematics/philosophy/computers/maritime
>
> "It is cheering to see that the rats are still around - the ship is not
> sinking"
> Eric Hoffer - Philosopher/Writer/Longshoreman
>
>

More information about the linux-list mailing list