Security Flaw Turns Gmail Into Open-Relay Server
A recently-discovered flaw in Gmail is capable of turning Google’s e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both Google’s identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.
A flaw in Gmail that allows spammers to send a potentially unlimited number of messages is definitely a problem, but there’s another, external factor that could exacerbate any potential spam attack. As the volume of spam has risen—it currently accounts for 95 percent of all e-mail traffic—many e-mail providers have adopted whitelists and blacklists as a first line of defense against the flood. An e-mail from johdoe@awinnerisyou.com (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway. E-mail providers regularly use multi-level filtering services, any of which might detect that the forged Gmail missive is actually spam, but the message has cleared a substantial hurdle that would have otherwise barred it from delivery.
News Source: Ars Technica
View: Full Story
Popularity: unranked
No Comments