Web Hosting Talk : Web Hosting Main Forums : Web Hosting : URGENT - If you use gmail as your hosting account contact READ NOW!

[bigks]

URGENT - If you use gmail as your hosting account contact READ NOW!

If you are like me I have always used gmail as my hosting contact since it is the one e-mail address I can always access and has never seemed to go down.
As of August, thanks to defcon in Las Vegas, your gmail account is no longer secure. I had 4 accounts hacked this morning alone and one account I use as a contact for my hosting provider. When they saw this they immediately tried to and successfully changed my passwords to my host, e-mail accounts, and several other things I had laying in the account. With my previous password being GR33DW1llK1ll! I am impressed by this attack method as it worked perfectly. This may not be the correct forum to post this in but for anyone involved in hosting I am sure you are thankful someone is letting you know. If you don't act now your accounts and db's could be compromised. I believe yahoo could be more secure and I am hoping someone can confirm? Google is aware of the problem and has taken a stance of "security is your responsibility".
Please take this warning and make any contact information changes soon to another e-mail address.
Ryan
P.S.
FutureHost saved my *** with a 3 minute response time!

[Mike V]

Do you have a link to any discussions regarding Gmail's security? Also, how do you know it was a vulnerability in Gmail and not a keylogger on your computer? Just curious.





__________________█ Great support, great prices, great features. Choose any two.█ File Hippo - A fast, simple download site for popular applications█ Ultimate Boot CD for Windows - The best bootable CD out there - based on BartPE

[bigks]

Not a keylogger, virus scan and windows defender ran 6 hours prior to this and the only thing I have done today was admin within my own sites. On top of that the hacked session sends an e-mail back to the brute forcer listing I was number 11654 success!. Do a google search for defcon and gmail and you will see that within the past few months defcon has been slammed for letting this one creep out.

[bigks]

here is what the bot will send back from your account to the host:
to:
E-mail where password was sent: anhkuhung@gmail.com <anhkuhung@gmail.com>
| # 11650 | ryan**@gmail.com | (your password) Success
a clip of the text included:
victim_2008: anh day
chi_mot_mau: ac ac
chi_mot_mau: hichic
victim_2008: em da xong web chua
chi_mot_mau: cha thay anh dau ca
chi_mot_mau: a reg xogn chua
victim_2008: vua anh thay nick em ko sang
chi_mot_mau: hom nay
victim_2008: cu xong web di
victim_2008: reg acc thi nhanh ma`
chi_mot_mau: ac ac
victim_2008: khoang mung` 7 hoac 8 thi bat dau`
chi_mot_mau: ac ac
chi_mot_mau: okie
chi_mot_mau: web chi can thay banner
chi_mot_mau: a xem can sua nhun ggi
chi_mot_mau: bao e
victim_2008: uh
victim_2008: cai nay` thi cu lam` tu` tu`
victim_2008: dau can gap' em
chi_mot_mau: okie anh
chi_mot_mau: nhung e cung muon lam
chi_mot_mau: a bao can sua gi
chi_mot_mau: trong code aff
chi_mot_mau: e se sua
victim_2008: nghia la cu click xem phim xong
victim_2008: back lai la` site cua minh` thoi
chi_mot_mau: anh oi
victim_2008: roi chen` banner site aff vao`
chi_mot_mau: get e vai con sock nhe
victim_2008: uh
chi_mot_mau: okie
victim_2008: nhung quan trong la config trong .htaccess thoi
victim_2008: de no direct
victim_2008: de minh do~ phai click ay'
chi_mot_mau: okie
victim_2008: em can sock state gi
chi_mot_mau: an cho e ti nhe
victim_2008: uh
chi_mot_mau: NY/
chi_mot_mau: nY anh nhe
victim_2008: uh
chi_mot_mau: thank anh
victim_2008: 75.41.204.247:19383
chi_mot_mau: duoc chua anh
victim_2008: 137.142.186.141:9301
victim_2008: 205.237.170.247:62379
victim_2008: 24.184.198.79:8989
victim_2008: 76.170.224.218:46412
victim_2008: 75.60.229.133:64654
chi_mot_mau: e cam on anh neh
chi_mot_mau: anh oi
chi_mot_mau: get cho e con FL nhe
victim_2008: 72.189.226.232:62223
victim_2008: 76.26.50.5:20329
chi_mot_mau: vang
chi_mot_mau: thank an he
victim_2008: 97.96.60.86:4947
victim_2008: 76.101.214.111:13243
chi_mot_mau: okie emn
chi_mot_mau: anh dan glam gi day
chi_mot_mau: ma thuc khuya the
victim_2008: anh dang doi pass
chi_mot_mau: doi pas gi a
victim_2008: epass
chi_mot_mau: sao phai doi
victim_2008: voi mail
victim_2008: thang em anh no bi cai keylog
chi_mot_mau:
chi_mot_mau: hacker
chi_mot_mau: ma bi the a
victim_2008: mat het LR
victim_2008: wmz
victim_2008: the moi nhuc
victim_2008: no lai luu het ca cua anh
chi_mot_mau: ac ac
chi_mot_mau: :|
victim_2008: info cua anh anh cung dua cho no
victim_2008: dm doi tu hom qua den gio`
victim_2008: bao nhieu cai quan trong
victim_2008: gio con` phai luc tung ti 1
victim_2008: vi nhieu file qua'
chi_mot_mau: ac ac
victim_2008: deo hieu no thay cai o cung the nao
victim_2008: lai bi keylog
victim_2008: deo chiu cai` diet virus
victim_2008: uc che'
victim_2008: trong 1 toi' ma di mat khoang 1k7 LR
chi_mot_mau: )
chi_mot_mau: ac ac
chi_mot_mau: nhiu thia
victim_2008: 1k4LR+300 wmz
chi_mot_mau: :-O
victim_2008: hom kia mat
victim_2008: toi hom qua no moi biet roi thong bao cho anh
chi_mot_mau: vl
victim_2008: $ mat cung ko sao
victim_2008: nhung mat info moi nhuc
chi_mot_mau: ac ac
victim_2008: may ma acc epass
victim_2008: cung chua bi no doi thong tin
victim_2008: ca pass mail nua

[cristibighea]

Gmail isn't very easy to hack using brute force and will take a very long time if you have a complex password, I too think this problem is because you are either using shared passwords on certain services and perhaps you are infected by something new.





__________________478east
Custom Hosting Solutions
Complex Content Delivery

[bigks]

just be careful





Last edited by bigks : 12-03-2008 at 03:02 PM.

[bigks]

please post if it happens to you





Last edited by bigks : 12-03-2008 at 03:02 PM.

[Patrick]

The presentation you are referring to at Defcon happened in August and has since been fixed. It wasn't even a true exploit since the problem lied with GMail switching off the SSL connection after you were logged in that allowed people to sniff the plain-text data.
Look - if someone is sniffing your connection, you have bigger problems to worry about than an email account. Stop spreading FUD, you may have been compromised but Google has not...Edit:
See link above...Here's a recent article:http://www.theregister.co.uk/2008/11...s_vuln_claims/

[bigks]

tell you what, I just alerted a mod to pull this post, I would rather it happen to someone else to prove I am right.

[SSla - KoRRupt]

Google is pretty clean.. I'm sure it's something on your end. Although, I had this same problem, and never got to the bottom of it. Ended up switching off the internet, changing IP and reformatting. Finally got my account back too..
Make sure no one got in somehow, and be careful in the future man.





__________________Acai | Acai Berry






Last edited by SSla - KoRRupt : 12-03-2008 at 03:12 PM.

[bigks]

I always thought so too man. The one thing I never figured out though about gmail was why they use an image verification on so many failed log in attempts when in fact you can leave it blank and go right around it. This is what I think they are still exploiting to today.

[bager]

There is a greasemonkey script to force always ssl gmail:http://blogs.zdnet.com/Google/?p=679