GoDaddy Domain Hijacking Using Gmail Security Flaw
An exploit was recently posted where miscreants can hijack domains hosted by GoDaddy using a flaw of Google's Gmail filters.
For the xploit to work the miscreant must know the email address of the domain owners registered with GoDaddy to receive Support emails, a bit of social engineering to trick your target to visit a website with malicious code to get the session authorization key.
Difficulty of Exploiting:
Medium to Hard, too complex for script kiddies,
Defenses:
1. Force Gmail to use SSL (https) to avoid snooping on your emails. Google's default setting is https for authentication and unsecure email after.
2. Avoid visiting untrusted websites.
3. Use a Firefox plugin called NoScript (like I do) so as not to allow scripts executing XSS code for hackers to steal your Google account ID and session ID.
For the xploit to work the miscreant must know the email address of the domain owners registered with GoDaddy to receive Support emails, a bit of social engineering to trick your target to visit a website with malicious code to get the session authorization key.
Difficulty of Exploiting:
Medium to Hard, too complex for script kiddies,
Defenses:
1. Force Gmail to use SSL (https) to avoid snooping on your emails. Google's default setting is https for authentication and unsecure email after.
2. Avoid visiting untrusted websites.
3. Use a Firefox plugin called NoScript (like I do) so as not to allow scripts executing XSS code for hackers to steal your Google account ID and session ID.
Labels: Information Security
posted by backpacking philippines @ Tuesday, November 25, 2008,
0 Comments:
Post a Comment