It’s not the Shine…
If you are a Google Gmail users and unless your ISP has been down, you probably haven’t been able to miss the newest eye-candy rolled out this week to you.
Spice up your inbox with colors and themes – Official Gmail Blog
Google starts rolling out Gmail themes - Download Squad
Gmail: Gmail Updates Its Look, Adds Themes – Lifehacker
When the dust had settled and I had run through all the offerings with Alvis hanging over my shoulder, we both settled on the “Shiny” theme.
Lavie remains on the fence at the moment.
It’s about keeping safe from stink…
I’ve noted here in the past that I am a bit overprotective when it comes to Web accounts. I always follow the following procedure when active on a secure website…say for checking my Gmail or doing on-line banking.
- Close out my current browsing session.
- Open a fresh browsing session window.
- Use a pre-saved and inspected bookmark URL to go immediately and directly to the web-account in question I intend to log into.
- Log in and conduct my business, remaining only on the host site or any cross-linked pages only.
- When done with my secure session, I log out.
- I delete both my cache files as well as any saved form data.
- I shut down my browsing session window.
From there I open a fresh session and begin my general web-surfing again.
I know it is a drag to do that, but this is a key layer in trying to avoid any page-exploits or XSS shenanigans. And as tied as I am to my Gmail account (a weakness in itself) I must disciple myself in not remaining logged in to my Gmail/Google sessions when I go browsing across the web.
Check your Gmail Filters…Regularly!
Case in point, I’ve now had to add an 8th step to the list above:
- Check my Gmail “filters” to ensure they are mine and mine alone.
One of the blogs I follow is MakeUseOf. It always has great freeware and how-to tips.
Recently they were hacked and lost their domain.
I encourage you to read the great details of their post-attack assessment.
BREAKING: New Gmail Security Flaw. More Domains Get Stolen! - MakeUseOf.com
What became clear is that Gmail was one key factor in the subterfuge.
How the attack actually was implemented is still a matter of some discussion; is it a new non-disclosed Gmail flaw? It is a variant of an existing one? Maybe none of the above?
One very interesting (and disturbing) angle can be found in this awesome Gmail Security Flaw Proof of Concept post from Brandon at Geek Condition blog.
Regardless of your interest in any of these things I believe Brandon makes one very clear and important point for ALL Gmail users to follow:
What you should do if you have a Gmail Account?
Check your filters and make sure that nothing seems out of the ordinary. If you’re using Firefox, you can download an extension called NoScript which helps to prevent you from becoming a victim of one of these attacks. Overall, though, be cautious.
To check your Gmail filter rules, log into your Gmail account and select “Settings”
Then select “Filters”
And now examine your Filters closely to make sure they are what you have set and expect.
If not then delete any ones that shouldn’t belong, change your Gmail password immediately, and start the damage assessment and mitigation process depending on what you find.
The end-result of this attack, however it occurs, is that the user is completely unaware that important and critical emails are being deleted and/or routed to the hacker/exploiter without the owner even being aware. They continue to log into and use their Gmail account, blissfully unaware of all the traffic and danger speeding in and back out of their account. (This of course assumes the Gmail owner hasn’t completely lost the keys to their Gmail account and the violator broke into their account and actually changed the password on them. In that case, things get even worse!)
So check those email/Gmail filters, and check them often!
Related posts and perspectives:
I’m sure there will be more on this story and “exploit” as security folks dig deeper. So stay tuned for details. In the meantime, the following might not be as effective as tomato-juice, but might be a good place to continue from.
Using filters – Gmail Help Center
Stealing Domains via GMail - Sûnnet Beskerming
Malicious Setting Up of Filters in Gmail? – Google Blogoscoped
Hacking Security Researchers - - Sûnnet Beskerming