LMFAO! On Sat, May 12, 2012 at 04:22:30AM -0700, Michael J. Gray wrote: > Effective since May 1, 2012. > > Products Affected: All Google account based services > > > > Upon attempting to log-in to my Google account while away from home, I was > presented with a message that required me to confirm various details about > my account in order to ensure I was a legitimate user and not just someone > who came across my username and password. Unable to remember what my phone > number from 2004 was, I looked for a way around it. > > The questions presented to me were: > > Complete the email address: a******g...@gmail.com > > Complete the phone number: (425) 4**-***7 > > > > Since this was presented to me, I was certain I had my username and password > correct. > > >From there, I simply went to check my email via IMAP at the new location. > > I was immediately granted access to my email inboxes with no trouble. > > > > >From there, I attempted to log-in to my Google account with the same > username and password. > > To my surprise, I was not presented with any questions to confirm my > identity. > > This completes the steps required to bypass this account hijacking > counter-measure. > > > > This just goes to show that even the largest corporations that employ teams > of security experts, can also overlook very simple issues. >
> _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- - (2^(N-1)) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/