Gmail Expolit - Google Email Being Hacked?

[Snake]

Saw this on another website when i was searching "gmail" under google news... and this is that i got. I thought everyone who uses gmail should know about this so they dont get hacked in anyway. If i find anymore articals about this i will surely post it here.

Source Link: Click Here

Quote:

Software designed to exploit the much lauded Gmail service has been released this week. Aptly named "Gmail Hack" the software performs Dictionary and Brute Force Attacks against a GMail email account.

The software is a windows based application that requires no technical knowledge to use. The only information you need to be able to crack a users account is their username (the first part of their @gmail.com address).

The developers AusPhreak, an Australian based hacking group, have developed the software to be simple to use, enabling anyone, not simply ardent hackers to follow a three step process to cracking/hacking into a users account.

Andrew Bonar who discovered the software and informed Google of its existence earlier today stated "I bought it because I was worried as a Gmail user myself. What is interesting is Gmail doesnt warn you when say 100+ unsuccesful login attempts have been made against your account"

Google has already fought back having instigated a Visually-Oriented Anti-Robot Test. The test identifies IP Address making multiple login attempts against an account and then kicks in with additional 'tests' which disables the software.

However Sean, a representative of AusPhreak said "we will try and get around any future security they put in place" and specifically commenting o*n the Visual Verification Tests, when asked if Gmail had put an end to the softwares usability stated "No I don't think they have" explaining "they've tried to setup a pic verification o*nly when a certain IP attacks gmail so I'm giving proxies a go" ending with the promise "I'll get an update out".

The software was available for sale on Ebay for less than a dollar until Midnight (GMT) 6th August 2004, when it was withdrawn, but not before several copies had already been sold.

Gmail staff have been contacted, but had not returned a comment by the time of going to publication. Ebay have contacted all bidders on the item to advise them not to go ahead with the transaction.

Snake

[cvrk3]

Hye snake thanks for the tips!! that is the cost you pay for the hype!! did any one in the community have the software? i think it works on the principle of Gtray. Let us hope that gmail would ensure that the mails are safe.

[tokkolo]

Quote:

"What is interesting is Gmail doesnt warn you when say 100+ unsuccesful login attempts have been made against your account"

Does this mean that gmail doesn't warn and just locks the account after 100+ unsuccesful login attemps or that google doesn't lock an account at all after the 100+ unsuccesfull login attemps?

If google doesn't lock the accounts at all when a lot of unsuccesfull login attemps happen, that could mean that your gmail account is very vulnerable to being cracked.

All they need is your username. They choose a username they want to crack and do their magic. What are the chances that they actually crack your gmail account? I think that chance is slim, they have to choose your username to crack and there are already a lot of gmail users. Just my two cents.

[cvrk3]

you can always get the username as even in this forum, many of the participants including me have posted their address. The most vulnerable part is that if the software is available to the person, with whom you corrrespond, all he needs is this piece of software to look into your inbox and what not?

tokkolo, you can add 0.8 cents for your enjoyment, as snake had indicated

[Snake]

Got that right cvrk, its 2.8 cents now, so you better change that tokkolo. lmfao

Yeah because of this Gmail Expolit i wont be posting my gmail address here til i know gmail has fixed this loop whole. Dont want hackers to get ahold of my gmail address that i just got. lol

To everyone, just becareful about who you tell your gmail address too. Dont want to get your account hacked.

Snake

[tokkolo]

Well, I sort of got attached to my 2.0 cents, oh oh... What to do, what to do.

Quote:

Yeah because of this Gmail Expolit i wont be posting my gmail address here til i know gmail has fixed this loop whole. Dont want hackers to get ahold of my gmail address that i just got. lol

To everyone, just becareful about who you tell your gmail address too. Dont want to get your account hacked.

As long as gmail is in beta I am carefull where to post or mention my gmail adrress. I really like the username and I intend to keep it the rest of my life. I don't want it being cracked or spammed.

Just my two cents

[cvrk3]

here is your 2.8 cents your gmail address will be known to all the receipients of your email. What if they decide to hack your mailbox?

[tokkolo]

Yeah, that's a risk. I just hope that the people who know my gmail adress don't try to hack my gmail... But we can never be sure, can we.

[YAKUZA]

Someone tried to hack my friend's Gmail today. Hopefully it failed...

[jeramy]

Quote:

Originally Posted by YAKUZA

Someone tried to hack my friend's Gmail today. Hopefully it failed...

did you mean thankfully or hopefully? if someone hacked my account i would be so pissed. it would be a new form of pissed off. uber-pissed.