Security flaw in Gmail can turn server in a spam machine

May 12, 2008 1 Comment


INSERT, the Information Security Research Team, has created a proof of concept that exploits Google’s SMTP service bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.

This vulnerability enables an attacker to bypass blacklist/whitelist based email filters and freely forge all fields in an email message by having Google’s SMTP servers tricked into functioning as open SMTP relays. We were able to confirm that this vulnerability is indeed exploitable by assembling a proof of concept (PoC) attack that allowed us to use one single Gmail account to send bulk messages to more than 4,000 email targets (which surpasses Gmail’s 500 messages limit for bulk messages)

Filed under Spam, Various Tagged with , , , , ,

One Response to Security flaw in Gmail can turn server in a spam machine

  1. mubix says:
    May 12, 2008 at 4:53 pm

    Thanks for the link, great writeup. Also, the alligator is awesome.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 165 other followers

%d bloggers like this: