Gmail is not an iron wall

Gmail is not an iron wall
Gmail, a widely used email service under Google, has recently exposed a vulnerability that allows anyone to obtain a large number of Gmail email account information in order to post spam or even steal passwords. It is reported that the vulnerability may have existed for several years. The vulnerability was discovered by Oren Hafif, an employee from an Israeli security company who has previously discovered multiple Gmail vulnerabilities. Hafif said that by exploiting the vulnerability discovered this time, a large number of Gmail email accounts can be obtained within a few days or weeks. Although this vulnerability cannot directly steal account passwords or log in to accounts, it may put users at risk of spam, phishing or password theft. The reason why the vulnerability can be exploited is that Gmail has a little-known account sharing function, which allows users to "delegate" other users to log in to their own accounts. Last November, Hafif discovered that when trying to log in to someone else's account through the "delegate" function, you only need to make a slight change to the web page address that pops up to obtain the email address of another user. With the help of software that automatically changes web addresses, Hafif once collected 37,000 Gmail email addresses in two hours. In this regard, Hafif said that he had good reason to believe that all Gmail accounts may have been collected. In addition, he emphasized that the vulnerability affects not only personal mailboxes, but also corporate users who use Gmail mailboxes, and even Google itself. Hafif said that Google did not use cookies or other forms of authentication to display vulnerable pages, so it only needed to use anonymous software to obtain a large amount of user account information without being noticed. Hafif said that since Gmail has had a "delegation" function since 2010, the vulnerability may have existed for several years. As for how much account information has been secretly collected, it is unknown. A Google spokesperson said in an interview that the vulnerability has been successfully fixed.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<:  China Mobile: TD-LTE voice call success rate has reached 98%

>>:  Nanjing Mobile 4G users were cheated and cried: the phone lost connection after turning on

Recommend

Big news! WeChat suddenly released the "WeChat Index" last night: a must-read for operators, advertisers laughed, Baidu cried again...

Just last night, something happened that had far-...

Popular Science Illustrations | In which fields will quantum technology be used?

...

Not only the sales of purifiers are growing, but also the haze diamond rings indicate the business opportunities of Industry 4.0

Few people can associate smog with diamonds, but ...

Business Analysis Skills Course

Course Features 1. Aiming to "solve various ...

As the trend shifts from mobile Internet to artificial intelligence and human-computer interaction, will the living room be the next battlefield?

2016 was not a smooth year for China's color ...

WM Motor EX5 caught fire in Wenzhou: The whole vehicle burned but no one was injured

[NetEase Intelligence News, September 23] Today, ...

How do we acquire the first batch of seed users?

Before acquiring the first batch of seed users , ...

Lost in Russia is broadcast for free on the first day of the Chinese New Year. Where can I watch Lost in Russia for free on the first day of the Chinese New Year?

Dear friends, Happy Year of the Rat! This year...

New iPhone will upgrade fingerprint module: less mistakes and more secure

On the morning of February 11, 2015, KGI Securiti...

7 major processes of live broadcast operation planning in 2020!

In 2020, live streaming e-commerce has been boomi...

The top ten trends in the development of self-media in 2017 show obvious polarization

1. Too much content According to third-party data...

Horrible! In just a few seconds, I almost went blind! The culprit was actually...

Author: Song Run, Children's Hospital Affilia...

The only cancer in the world that can be prevented by a vaccine! Should men get vaccinated?

Expert of this article: Hu Zhongdong, Chief Physi...

Faced with “pervasive” microorganisms, what “magical protective powers” ​​do plants have?

The past few years may be the time when immunolog...

What happened with Liuli unilaterally terminating the contract with Mango TV? What is the specific situation?

What happened with Liuli unilaterally terminating...