Looks At A Vulnerability In Gmail
Gmail is a leading provider of web mail services worldwide. But as we all know, Gmail is still only 4 letter word BETA. Sometimes you may wonder why Gmail is still in evidence, even after years of this apparition. Here's a small reason for it.
Gmail is a strict rule that allows users to have their name or surname contains the word from Gmail or Google. That was when opening a Gmail account, users can not choose a name or a name containing the word Gmail or Google. You can see in the preview below.
This rule is performed by the Gmail for obvious reasons, because if users are allowed to keep their name or the name which contains the word Gmail or Google, so it is possible to easily simulate identity Gmail (Google Mail or team) and engage in social engineering attacks or phishing on innocent users. This can be done by simply selecting the name and surname with the following combinations.
First Name Last Name
The Gmail Team
The Google Team
Gmail password
From the above we can see a snapshot of Gmail which has made a good move to prevent people from abusing the service. However, this move is not only sufficient to prevent the occurrence of malicious users, the identity of Gmail. Since Gmail is a bit 'vulnerability, which can be used so that users can continue to be the name includes the words of Gmail or Google. One might ask how. But it is very simple.
1. Access your Gmail account and click Settings.
2. Select the Account tab
3. Click Edit Information
4. In the Name box, select the second button and enter the name of your choice. Click Save Changes and you're done!
Gmail now accepts any name, even if it contains the word Google or Gmail. You can see below snapshot
Allow the user names are the terms and conditions include Gmail, Google is a serious vulnerability, though it seems to be high. This is due to a hacker or attacker can easily exploit this vulnerability to send phishing emails from other Gmail users to ask for sensitive information such as passwords. Most users do not even hesitate to send passwords, because they believe it will send it to the Gmail team (or someone delegated). But in reality, they're sending to the attacker uses this information to ask for personal gain.
So the bottom line is, if you have emails that appear to come from Gmail or similar equipment, do not trust them! Anyone can send these emails to deceive and take your personal data. Hopefully Gmail will address this vulnerability as soon as possible to avoid disaster.
0 comments:
Post a Comment