Ramblings of an old Doc

 

Apparently, Gmail had a large security flaw which could have led to mining huge numbers of users email addresses.

“Oren Hafif, a security penetration expert, discovered last year that he could manipulate the little-used account-sharing feature in Gmail to edit the 'Rejection Confirmed' webpage. After changing one character in the URL of the page that appears when you reject access to a shared account, Hafif found he could make the page tell him that he had been declined access to another email address…By using DirBuster, a brute-force hacking program, he automated the character-changing process and saved 37,000 Gmail addresses to a text file in around two hours. From this, he could extract the individual email addresses.” – Neowin

Of course, the email addresses alone would give nothing, however, they could be sold to spammers and phishers for a nice profit.

Anyway, Google has patched the flaw, but you have to wonder how many more there are.

Source:

http://www.neowin.net/news/gmail-had-a-simple-flaw-that-allowed-anyone-to-obtain-every-email-address


Comments
on Jun 12, 2014

Always something to mess with. Thanks Seth.

on Jun 14, 2014

Changed my info the other day.

on Jun 23, 2014

I don't store email addresses on my PC, keep them on paper and type them in...  then delete emails from sent folder. Am I paranoid?

on Jun 23, 2014

Elana, the email addy they'd get would be yours (if you have a gmail acc't.), not anyone else's.

They'd then send you malware/phishing email...and via that get whatever you have in the acc't. or on your computer.

They'd presumably see 'sent' email, so they'd get those addresses also.

on Jun 23, 2014

Thanks for the post, Seth!