A damaging bug discovered through a security researcher this spring may have allowed attackers to abuse Google’s Gmail service. If they take advantage of it, fake emails can be sent from genuine Gmail addresses.
These so-called identity theft attacks allow cybercriminals to touch potential victims from a reliable email or provide a convenient way to hide their fingerprints.
Email has been in place for a long, long time. This has not been a very safe way to communicate, however, many innovations have been made in recent years.
SPF (Sender Policy Framework) and DMARC (Domain-Based Message Authentication, Reporting, and Compliance) were incorporated to make it more complicated to send counterfeit emails across actors. The sender’s email must pass checks from the domain’s email server before a message can be sent.
Gmail has been compatible with SPF and DMARC for some time. However, the error discovered through Allison Hussain would have allowed an attacker to pass those checks and send forged emails.
To express his point of view, that is precisely what Hussain did. You sent a verification email from an email with Google.com to a mailbox that you also knew hosted through Google.
It has been doubly complicated for fake email to pass through Google filters, but it was right in front. Hussain’s check came directly to the check’s inbox along with other valid emails.
You might be able to skip Google email verifications about the features that G Suite administrators had. Hussain created regulations to process emails that accepted fake incoming messages and turned them into valid messages that Gmail would send to “victims”.
Hussain revealed the error to Google in early April. On the first of August she took a position and she had still heard something about a solution, so she sent an ice indicating that she intended to publish her findings.
When Google responded that mitigation measures would not be in place until mid-September, Hussain waited a few more days before posting on its non-public blog. Within hours of the publication’s release, Google accelerated the fix and ended this harmful email manipulation flaw.
Lee began writing about software, hardware and geek culture when the Red Wings last won the Stanley Cup. However, the two are not related in any way.
Lee began writing about software, hardware and geek culture when the Red Wings last won the Stanley Cup. However, the two are not related in any way. When you’re not catching up or writing on a tech news blog, you can place it by watching or betting baseball and making its component so that the next generation of geeks are raised properly.