Dave's Profile

Member since December 15, 2004

Favorite Files

Recent Posts

  1. Comment - Gmail Bug Exposes E-mails to Hackers

    (Jan 19, 2005 - 6:12 PM)

    Passwords should never be sent by e-mail in the first place (and it annoys me that they so often are).

    Here's the fact. Mail arrives and leaves gmail using a protocol called Simple Mail Transport Protocol, which was developed a very long time ago when the internet was a kinder, gentler place.

    When you send an e-mail, first it goes to your ISP's mail server. The ISP's mail server spools it into a file, most commonly, and delivers it at some future point in time through a process called relaying.

    The file is stored on disk in unencrypted form, most commonly under a common account. Anyone at the ISP can read the mail in the queue.

    Once that is completed, the next thing that happens is that the file is sent, unencrypted, from a port on the mail server (whose address, under SPF, is conveniently recorded in the DNS record as being a mail server) to a known port on Google's e-mail server.

    This exchange occurs using the same SMTP, an unencrypted protocol, travelling over on average at least 10 routers on internet, and whose path you have no control over. There is no end-to-end encryption, and so any of these routers that may have been compromised can see your message in plain text.

    Google then stores this information in a database.

    This attack was on the cache, and displayed the message, but only after a great many other people had been given the opportunity to review the data first.

    You should never, ever send a password, credit card number or any other data you care about via e-mail. If you need something to be private, use PGP or GPG.

    The thing about this bug is it displayed random data -- you couldn't control what random data. It might be passwords, or (most likely) it might be advertisements for Viagra and fake e-Mails from WAMU.

    Any compromised router in the vicinity of google's system would be able to launch a directed attack against user's passwords and any other information sent in e-mail.

    But users don't know any better