One of the events is identical to what I described. I'd call it related.
-Original Message-
From: Kyle Creyts [mailto:kyle.cre...@gmail.com]
Sent: Wednesday, June 06, 2012 12:51 AM
To: Michael J. Gray
Cc: Jann Horn; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] G
I'm glad Google took the report so seriously and corrected the problem
before anyone could do anything scary with it. Oh wait...
Thanks for the link Kyle.
-Original Message-
From: Kyle Creyts [mailto:kyle.cre...@gmail.com]
Sent: Tuesday, June 05, 2012 11:58 AM
To: Michael J. Gr
ay, May 20, 2012 4:39 AM
To: Michael J. Gray
Cc: 'Thor (Hammer of God)'; 'Dan Kaminsky';
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Google Accounts Security Vulnerability
On Sat, May 19, 2012 at 12:04:43PM -0700, Michael J. Gray wrote:
> On why I don'
I was not stating that it was a vulnerability in the sense of someone can
compromise your account with only your phone number. I was saying it's not
doing its job in terms of what most people expect it to do.
It provides a false sense of security. It's a security mechanism, it
prevents people from
The point of my article is to specifically show that Google has a system in
place which gives the perception of a particular type of security; that is if
their password happens to be compromised, that the attack will be limited
unless the attacker has very specific knowledge about the user and t
t.
Would you be willing to give me the account name to allow me to look at our
logs and determine what happened here?
Thanks, and thanks for noticing this and taking the time to report it.
Dan
From: Michael J. Gray
Date: Sat, May 12, 2012 at 4:22 AM
Subject: [Full-disclosure] Goog
of God) [mailto:t...@hammerofgod.com]
Sent: Tuesday, May 15, 2012 12:33 PM
To: Mateus Felipe Tymburibá Ferreira
Cc: Jason Hellenthal; Michael J. Gray; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Google Accounts Security Vulnerability
Logging on to IMAP mail as one would be
Effective since May 1, 2012.
Products Affected: All Google account based services
Upon attempting to log-in to my Google account while away from home, I was
presented with a message that required me to confirm various details about
my account in order to ensure I was a legitimate user and not
Product: GSC (Game Servers Client)
Version: 2.00 Build 3017
Website: http://getgsc.com
By inspecting the network traffic of messages to voice servers one can see
that ASCII strings are prefixed with their length as a 32-bit signed
integer. Simply modifying this to any length in excess of the
Product: GSC (Game Servers Client)
Version: 2.00 Build 3017
Website: http://getgsc.com
By sniffing the traffic of the chat client one can easily discern that it
uses IRC to back its private messaging system. From there, you can simply
issue commands such as NICK and switch your nickname to an
10 matches
Mail list logo
