[SLL] Gmail Security Hole

Jerry Horvath jerroldhorvath at gmail.com
Fri Jun 1 18:16:24 PDT 2007 

I just got off the phone with my brother.  He lives in the Washington
DC area.  He confirms that I never used the system that accessed my
G-Mail account..  The last time I used one of his systems occurred
over two years ago in Chicago.  Then, I used his laptop.  We are still
trying to determine precisely what happened.

Regards,

Jerry

On 6/1/07, Brian Hatch <bri at ifokr.org> wrote:
> Circa 2007-06-01 08:43 -0700, Jerry Horvath kibitzed:
>
> > My Gmail has been compromised.  See the following link.
> ...
>
> > http://net.nana.co.il/Article/?ArticleID=155025&sid=127
>
> 2004 article, results no longer valid.
>
> > Utilized by me is "RoboForm" to maintain track of passwords.  You can
> > search for this to understand all its capabilities, but simply one
> > uses a main password to secure a database of passwords for various
> > sites.  It has the smarts to gather in User IDs & passwords when you
> > sign-up on appropriate web pages.  For my sign-up for Google Checkout,
> > I have the User ID/pw  combo for the account I signed up for with
> > "balsac at yahoo.com", but I also have your User ID/pw!!!!
>
> This sounds like you used the computer on which RoboForm is
> installed at some point.  RoboForm saved the username/password
> you typed.  That's its job.
>
> > Somehow during the automation, RoboForm captured your sign-in
> > creditials for User ID "jerroldhorvath", and tied it to the web page:
> > https://www.google.com/accounts/ServiceLoginAuth.
>
> Yep.  Your brother even confirms it.
>
> The vulnerability is the person who typed their password
> on a shared computer and didn't know it was logging their
> actions.
>
> If you change your gmail password and your brother can still
> get in, I'll personally take your issue to the google security
> folks.
>
>
>
>
>
> --
> Brian Hatch                  "Whose side are you on?"
>    Systems and               "We are on the side of truth.
>    Security Engineer          Is there another?"
> http://www.ifokr.org/bri/
>
> Every message PGP signed
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFGYMKMVkMj8/ymYEsRAp/EAJ971IlXHZz/ZTXSzdfhmdIkwRnf9ACeNPTk
> tYcxQTD7AkGPry7rQd7EvBs=
> =INmk
> -----END PGP SIGNATURE-----
>
>


-- 
Jerry Horvath

aka -  jerrypenguin The Linux Longshoreman
mathematics/philosophy/computers/maritime

"It is cheering to see that the rats are still around - the ship is not sinking"
Eric Hoffer - Philosopher/Writer/Longshoreman

More information about the linux-list mailing list