Why you should always log off Gmail

Snuffy · 12-27-2007, 05:53 PM

Why you should always log off Gmail
Today, December 27, 2007, 9 hours ago | Martin
Let me narrate a story to you. A story of someone who has an Gmail account and a domain registered to his name. This someone checks his Gmail account regularly and visits other sites afterwards. It is so convenient to stay logged in at Gmail in case you want to check again. Maybe Gmail is open all the time in another tab for even further comfort.

While on vacation in India this someone received some very disturbing news from some of his friends telling him that something was wrong with the domain that he was owning. It was not loading his website anymore but redirecting to another website he never heard of before.

He investigated the matter and discovered, that he was no longer the owner of the domain name which happens to be his name dot com. First he thought that the domain might have expired but soon thereafter he discovered that a Gmail hack had been used to change the owner of the domain name.

It works like this. If you stay logged in at Gmail and visit a prepared website afterwards your Gmail filter list can be altered. In this case all mail from the domain provider was forwarded to another mail account and deleted at Gmail. The new password request was forwarded to the hacker who was then able to initiate the domain transfer at the webhoster.

Since all mails regarding the transfer were immediately redirected and deleted the victim had no idea on what was going on. The only possibility would be if he would have logged into the webhosters website and take a look at the tickets that had been created to transfer the domain.

You can read the long version on David Arey’s Website. This hole has been fixed apparently but filters that have been set before can still be in place. If you use Gmail you should check your filters asap and make sure that they have not been altered in any way.

Since this is probably not the last security hole you should make sure that you always log off when you are finished. Another possibility would be to use an email program like Thunderbird instead.

http://www.davidairey.co.uk/StaticPage.html

**CrowdAds** · [Remove Advertisement]

Vistanoob · 12-27-2007, 06:53 PM

I hardly ever use my Gmail, having a webmail account with my ISP, a hotmail account and Thunderbird as my local account. Good point about logging out when finished. It could be easy to forget. As far as a local client, I like Thunderbird, having used it since version 1 in 2004 (I think)Never had any problems with it.

ProCookie · 12-28-2007, 03:19 AM

Yikes! Checking over my Gmail accounts right now.

Sandi · 12-28-2007, 03:23 AM

I have a Gmail account, but only because it was required for some reason that is obscure now. Maybe so I could comment on Blogger blogs.

Anyway I would not use anything except my ISP email for recovering passwords when possible, and I don't consider them very secure.

Personally I think using gmail, yahoo, msm or hotmail should only be for general chit-chat with friends (because they will get you on spam lists as quick as anyone), or for a required email addy online when you would prefer not to give it.

I do have other online email servers but I never look at them. For those that I can pop I have a rule set up in outlook express to automatically delete everything that appears on those servers without downloading it.

12-27-2007, 05:53 PM	#1
Snuffy Elite Members Join Date: Nov 2006 Location: S.W. Kansas Posts: 2,841	Why you should always log off Gmail Why you should always log off Gmail Today, December 27, 2007, 9 hours ago \| Martin Let me narrate a story to you. A story of someone who has an Gmail account and a domain registered to his name. This someone checks his Gmail account regularly and visits other sites afterwards. It is so convenient to stay logged in at Gmail in case you want to check again. Maybe Gmail is open all the time in another tab for even further comfort. While on vacation in India this someone received some very disturbing news from some of his friends telling him that something was wrong with the domain that he was owning. It was not loading his website anymore but redirecting to another website he never heard of before. He investigated the matter and discovered, that he was no longer the owner of the domain name which happens to be his name dot com. First he thought that the domain might have expired but soon thereafter he discovered that a Gmail hack had been used to change the owner of the domain name. It works like this. If you stay logged in at Gmail and visit a prepared website afterwards your Gmail filter list can be altered. In this case all mail from the domain provider was forwarded to another mail account and deleted at Gmail. The new password request was forwarded to the hacker who was then able to initiate the domain transfer at the webhoster. Since all mails regarding the transfer were immediately redirected and deleted the victim had no idea on what was going on. The only possibility would be if he would have logged into the webhosters website and take a look at the tickets that had been created to transfer the domain. You can read the long version on David Arey’s Website. This hole has been fixed apparently but filters that have been set before can still be in place. If you use Gmail you should check your filters asap and make sure that they have not been altered in any way. Since this is probably not the last security hole you should make sure that you always log off when you are finished. Another possibility would be to use an email program like Thunderbird instead. http://www.davidairey.co.uk/StaticPage.html __________________ [COLOR="DarkRed"]The only Stupid Question is the one you failed to Ask![/color] [COLOR="Blue"]Beta Tester since Pre Win 95.[/COLOR]
(Offline)

12-27-2007, 06:53 PM	#2
Vistanoob Senior Member Join Date: Sep 2007 Location: Winnipeg Manitoba Posts: 376	I hardly ever use my Gmail, having a webmail account with my ISP, a hotmail account and Thunderbird as my local account. Good point about logging out when finished. It could be easy to forget. As far as a local client, I like Thunderbird, having used it since version 1 in 2004 (I think)Never had any problems with it.
(Offline)

12-28-2007, 03:19 AM	#3
ProCookie Special Member - Vista Babble Promoter Join Date: Aug 2006 Posts: 1,676	Yikes! Checking over my Gmail accounts right now. __________________ [COLOR="Red"][B][SIZE="2"]ALL THINGS WINDOWS 7 AND MORE! [URL="http://www.edgarstudios.co.uk"]VISIT MY BLOG[/SIZE][/URL][/B][/COLOR]
(Offline)

12-28-2007, 03:23 AM	#4
Sandi Member Join Date: Nov 2006 Posts: 65	I have a Gmail account, but only because it was required for some reason that is obscure now. Maybe so I could comment on Blogger blogs. Anyway I would not use anything except my ISP email for recovering passwords when possible, and I don't consider them very secure. Personally I think using gmail, yahoo, msm or hotmail should only be for general chit-chat with friends (because they will get you on spam lists as quick as anyone), or for a required email addy online when you would prefer not to give it. I do have other online email servers but I never look at them. For those that I can pop I have a rule set up in outlook express to automatically delete everything that appears on those servers without downloading it.
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode