Loading ...
According to a report by the Information Security Research Team, Google’s GMail service could potentially be turned into a giant spam machine thanks to a flaw that essentially renders it an open relay server. The flaw allows anyone with the ability to connect to SMTP port 25 and HTTP port 80 to exploit a GMail account and gain access to Google’s white-listed SMTP relay service.
Since Google has such a good reputation, most ISPs have white-listed the GMail domain and its IPs. A hacker exploiting the flaw would enjoy the benefits of that and be able to spam with no worries of being blocked. What’s more, they would also be free of GMails 500 message limit for bulk emails and be able to send thousands. INSERT’s test attack allowed them to spam over 4,000 email addresses in just 6 hours.
“To our best knowledge this is the first public description of this vulnerability and also the first proof of concept attack. Google has already been notified about this issue ad we are waiting their position to release further details,” the group wrote in its advisory.
Google has not yet commented on the group’s report. This is not the first time spammers have had a field day with Google. In February it was revealed that their CAPTCHA system had been cracked, and recently reports of spammers exploiting Google Calendar have begun to surface.
May 20th, 2008 at 10:00 pm
Intersting - Google is a great company and they now seem to be making strides in the Hosting email space - not simply for end users, though for companies also. I think they still have a number of issues to figure out first. And just like Microsoft based systems and software always get targetted by malicious users - Google and its related serivces will inevitably be the victin of that sort of focussed unwanted attention also.
June 27th, 2008 at 4:57 pm
If this is real then Google has a big issue infront of them..
I wonder if they are doing anything or not? Any why haven’t they released any press release on it??