Flaw turns Gmail into spamming machine

By Steven Musil, CNET News.com
Monday, May 12, 2008 08:28 AM

A "serious security flaw" in Gmail turns Google's e-mail service into a spamming machine, according to a recent security report.

INSERT, the Information Security Research Team, has created a proof of concept that exploits the "trust hierarchy" that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mail messages through Google's SMTP service, bypassing Google's 500-address bulk e-mail limit and identity fraud protections.

The report noted that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because, Gmail falls into the trusted whitelist category, messages are allowed "carte blanche" to bypass spam filtering.

INSERT's report noted that no extraordinary Internet expertise is necessary to exploit the flaw:

In this regard, this document presents a vulnerability report and a proof of concept attack that demonstrate how anyone with no special internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail Account in order to be granted nearly unrestricted access to Google's massive white-listed SMTP relay infrastructure.

Google has offered no official comment on the report.

This article was originally a blog post on CNET News.com.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

Code concepts: Visual Studio's T4 templates

Web Development

The T4 templating system is used to programmatically generate artifacts. Here's an overview about why the templates are useful and how to work with them.


Read more »


 
Virtualize your way to cost savings
Build an infrastructure that is flexible, scalable, and economical, as you strive to become a truly agile business.

Red Hat Outlines Its Virtualization Strategy and Roadmap for 2009
» Watch the video




Where have all the bosses gone?

Blog thumbnail

I've had dreams of opening my own cafe or bistro...cum music store...cum music school. But, I soon gave up that dream when I realized it would require significant investment and..... by Eileen Yu

Read more »

Tags

  1. advertisement
  2. blog
  3. facebook
  4. google inc.
  5. internet
  6. internet advertising
  7. microsoft corp.
  8. network
  9. revenue
  10. search
  11. social networking
  12. software
  13. u.s.
  14. video
  15. web
  16. web 2.0
  17. web browser
  18. web services
  19. web sites
  20. yahoo! inc.