Google Admin Console has a Security Flaw

Google Admin Console has a Security Flaw

Summary: Google Admin Console has a Security Flaw which can be used by attackers to claim domains and send out spoof emails.

As reported by Security Week, Patrik Fehrenbach and Behrouz Sadeghipour found a security flaw in Google Admin Console to gain temporary ownership of any domain. Google Admin Console is actually a web platform from where administrators manage their organization’s Google Apps account.

Researchers conducted some tests by claiming ytimg.com, which is used to host Youtube images and scripts, and gstatic.com, which is used by Google for loading content from its content delivery network (CDN). These two domain are owned by Google itself.

The researchers then used these domains to create users – admin@ytimg.com & admin@gstatic.com to send out mails.

The researchers explained in the blog post:

Last month, we were able to report a vulnerability to Google where we were able to email from any domain that has not been claimed by its owner previously. For example, using google itself as a victim, we were able to claim domains such as ytimg.com and gstatic.com.

So not only we are claiming other domains, we were successfully able to trick the Google Mail Server into accepting a wrong FROM parameter. Google patched this vulnerability by simply with applying a FROM no-reply@google.com

Google has addressed this vulnerability and the researchers have been awarded $500 for their efforts. Earlier too, other researchers identified even more serious vulnerabilities in the Google Apps Admin console. A researcher was reportedly awarded $5000 from Google after discovering Critical Cross-Site Scripting (XSS) vulnerability in the Admin Console in January.

Both Google & Apple are expected to release fixes for the FREAK Security Vulnerability, a legacy Secure Sockets Layer (SSL) and Transport Layer Security (TLS) security flaw which allows hackers to launch SSL Man-in-the-Middle (MITM) attacks.

Lenovo installing Adware – Superfish – on new Computers and Laptops

Lenovo installing Adware – Superfish – on new Computers and Laptops

Lenovo installing adware

Lenovo has been installing an adware named Superfish onto new computers. The adware gets installed automatically when the computer is started for the first time. The adware injects third-party ads on Google searches and websites without the user’s permission.
(more…)

PayPal says SORRY.. Unblocks NSA-Proof ProtonMail PayPal Account

PayPal says SORRY.. Unblocks NSA-Proof ProtonMail PayPal Account

PayPal says SORRY.. Unblocks NSA-Proof ProtonMail PayPal Account

PayPal has unblocked the ProtonMail PayPal Account saying it was a technical fault. ProtonMail was raising funds via Indiegogo to build an email service which provided end-to-end encryption.

ProtonMail thanks users for their support on Facebook

 

On monday, PayPal had blocked the ProtonMail Account questioning whether the service provided was legal or not and was approved by the government. Within 24 hours ProtonMail reported that the block was lifted by the Payment Goliath. ProtonMail also thanked users who supported their cause through Facebook too.

PayPal spokesperson sent PandoDaily the following statement after their story’s publication:

(more…)