Sunday, November 23, 2008

All Over Gmail: Like Stink on a Skunk

It’s not the Shine…

If you are a Google Gmail users and unless your ISP has been down, you probably haven’t been able to miss the newest eye-candy rolled out this week to you.

Spice up your inbox with colors and themes – Official Gmail Blog

Google starts rolling out Gmail themes - Download Squad

Gmail: Gmail Updates Its Look, Adds Themes – Lifehacker

Gmail gets pretty, oh so pretty, with new themes – TechBlog

When the dust had settled and I had run through all the offerings with Alvis hanging over my shoulder, we both settled on the “Shiny” theme.

Lavie remains on the fence at the moment.

It’s about keeping safe from stink…

I’ve noted here in the past that I am a bit overprotective when it comes to Web accounts.  I always follow the following procedure when active on a secure website…say for checking my Gmail or doing on-line banking.

  1. Close out my current browsing session.
  2. Open a fresh browsing session window.
  3. Use a pre-saved and inspected bookmark URL to go immediately and directly to the web-account in question I intend to log into.
  4. Log in and conduct my business, remaining only on the host site or any cross-linked pages only.
  5. When done with my secure session, I log out.
  6. I delete both my cache files as well as any saved form data.
  7. I shut down my browsing session window.

From there I open a fresh session and begin my general web-surfing again.

I know it is a drag to do that, but this is a key layer in trying to avoid any page-exploits or XSS shenanigans.  And as tied as I am to my Gmail account (a weakness in itself) I must disciple myself in not remaining logged in to my Gmail/Google sessions when I go browsing across the web.

Check your Gmail Filters…Regularly!

Case in point, I’ve now had to add an 8th step to the list above:

  • Check my Gmail “filters” to ensure they are mine and mine alone.

One of the blogs I follow is MakeUseOf.  It always has great freeware and how-to tips.

Recently they were hacked and lost their domain.

I encourage you to read the great details of their post-attack assessment.

BREAKING: New Gmail Security Flaw. More Domains Get Stolen! - MakeUseOf.com

What became clear is that Gmail was one key factor in the subterfuge.

How the attack actually was implemented is still a matter of some discussion; is it a new non-disclosed Gmail flaw? It is a variant of an existing one? Maybe none of the above?

One very interesting (and disturbing) angle can be found in this awesome Gmail Security Flaw Proof of Concept post from Brandon at Geek Condition blog.

Regardless of your interest in any of these things I believe Brandon makes one very clear and important point for ALL Gmail users to follow:

What you should do if you have a Gmail Account?

Check your filters and make sure that nothing seems out of the ordinary. If you’re using Firefox, you can download an extension called NoScript which helps to prevent you from becoming a victim of one of these attacks. Overall, though, be cautious.

To check your Gmail filter rules, log into your Gmail account and select “Settings” 

Filters1

Then select “Filters”

Filters2

And now examine your Filters closely to make sure they are what you have set and expect. 

Filters3

If not then delete any ones that shouldn’t belong, change your Gmail password immediately, and start the damage assessment and mitigation process depending on what you find.

The end-result of this attack, however it occurs, is that the user is completely unaware that important and critical emails are being deleted and/or routed to the hacker/exploiter without the owner even being aware.  They continue to log into and use their Gmail account, blissfully unaware of all the traffic and danger speeding in and back out of their account. (This of course assumes the Gmail owner hasn’t completely lost the keys to their Gmail account and the violator broke into their account and actually changed the password on them.  In that case, things get even worse!)

So check those email/Gmail filters, and check them often!

Related posts and perspectives:

I’m sure there will be more on this story and “exploit” as security folks dig deeper.  So stay tuned for details.  In the meantime, the following might not be as effective as tomato-juice, but might be a good place to continue from.

Using filters – Gmail Help Center

Stealing Domains via GMail - Sûnnet Beskerming

Malicious Setting Up of Filters in Gmail? – Google Blogoscoped

Hacking Security Researchers -  - Sûnnet Beskerming

Be safe.

--Claus V.

2 comments:

Nathaniel said...

Hummm.... I stay logged into my Gmail pretty much all the time I'm online. However, I'm using Gmail as a Chrome app right now, and Firefox for my main browsing... so I suppose that helps.

Themes... cool that Google actually did it. I ended up setting it back to default, but Shiny is pretty classy.

Claus said...

@ Nathaniel - Yes, I think that as long as you were separating your Gmail session in a different browser you might be much more isolated and safe. Good tip!

Visually all the themes do look very polished, and for some of them you actually need to provide a ZIP code so based on the iGoogle site themes, that would lead me to suspect they will rotate a bit for the seasons or other factors. That is a pretty fun effect as well.

I tend to the simpler visual styles (usually) so I like the polished theme. However one benefit of the classic one(s) are that they probably require a bit less bandwidth to download...good for slow connections. I wonder if the images are cached and reused?

Cheers and Happy Thanksgiving week!

Claus V.