Summary: Google Admin Console has a Security Flaw which can be used by attackers to claim domains and send out spoof emails.
As reported by Security Week, Patrik Fehrenbach and Behrouz Sadeghipour found a security flaw in Google Admin Console to gain temporary ownership of any domain. Google Admin Console is actually a web platform from where administrators manage their organization’s Google Apps account.
Researchers conducted some tests by claiming ytimg.com, which is used to host Youtube images and scripts, and gstatic.com, which is used by Google for loading content from its content delivery network (CDN). These two domain are owned by Google itself.
The researchers then used these domains to create users – firstname.lastname@example.org & email@example.com to send out mails.
Last month, we were able to report a vulnerability to Google where we were able to email from any domain that has not been claimed by its owner previously. For example, using google itself as a victim, we were able to claim domains such as ytimg.com and gstatic.com.
So not only we are claiming other domains, we were successfully able to trick the Google Mail Server into accepting a wrong FROM parameter. Google patched this vulnerability by simply with applying a FROM firstname.lastname@example.org
Google has addressed this vulnerability and the researchers have been awarded $500 for their efforts. Earlier too, other researchers identified even more serious vulnerabilities in the Google Apps Admin console. A researcher was reportedly awarded $5000 from Google after discovering Critical Cross-Site Scripting (XSS) vulnerability in the Admin Console in January.
About 5 million Gmail user accounts with passwords leaked
Close to 4,930,000 Gmail user accounts with their passwords were leaked on Bitcoin Security Forum by a user name “tvskit“. As per the post, posted on 10th Sept 2014, there are 4,929,090 records on the text file attached and more than 60% of the records are valid.
The Gmail leak comes a day after the publication of the text file with login details of 4.66 million Mail.ru accounts and two days after the publication of the text file with usernames and passwords of about 1.26 million Yandex accounts on the same Bitcoin platform.
Google offers a Helping Hand for those missing in Jammu & Kashmir Flood
Google offers a Helping Hand for those missing in Jammu & Kashmir Flood.
Google has offered help for lakhs of people who are looking for information about their missing family members in Jammu & Kashmir by an app – The Google Person Finder.
This app was first developed by Google in 2010 during the earthquake in Haiti and it “helps people reconnect with friends and loved ones in the aftermath of natural and humanitarian disasters” according to its official website.
Online Security is now one of the most important thing to look for, especially after the reports of theft of celebrities’ private photos. Our email accounts have many important documents including our financial data and more.
Two-Step Verification is just another layer of authentication which is needed to login to your account. A strong password is always a must but having a 2-step verification enabled on your account restricts other person from accessing your account without the 2nd level of authentication. There are currently three modes of verification – which can take the form of a text message, an email, or even a paired app on your smartphone.
Google launches Google Chrome 64-bit version for Windows 7 and Windows 8 as Beta Channel
Google announced, on 30th July 2014, the launch of Google Chrome 64-bit Beta Channel for Windows 7 and Windows 8. This version is expected to be much faster than its 32-bit counterpart, especially in graphics and multimedia content. Moreover, it is much more safer because of its ability to leverage the new Windows Os features such as High Entropy ASLR on Windows 8 and more stable with few crashes during general use.
After installation, this version preserves all your settings and bookmarks and hence no un-installation of the previous version is required. A full list of changes for this version is available in the SVN Log. You can report any issue with this release at CRBug.
Volkskrant, a Dutch website, has reported that Dutch Hackers have created a malware that can be used to hack into Google Glass. This Malware code can be injected into the Google Glass through a mini USB.
As per Volksrant, borrowing the Google Glass from the victim is very easy and once borrowed, the code can be injected through the mini usb, which can be inserted into the Google Glass USB Port.
Once hacked, hackers can then monitor everything the user does through a remote computer from a distance. Snaps can be taken and Videos can also be shoot without the knowledge of the victim. Victim’s confidential information like email ids and passwords can easily be hacked too after few minor modifications to the code.