More Than the CAPTCHA is Broken at Gmail
May 13th, 2008 by Justin Ryan
Two months ago, the big Gmail news was that spammers had broken Google's extra-heavy-duty CAPTCHA and had begun to run amok offering "private" enhancements and Nigerian fortunes. This month, it's the news that they wasted their time.
According to reports, the Information Security Research Team (INSERT) has demonstrated a relatively easy exploit of a "serious security flaw" in Gmail's message forwarding system that allows spammers to bypass Gmail's sending limits as well as most anti-spam filtering. According to INSERT, all you need is one Gmail account, and the ability to connect to ports 25 and 80; if you're savvy enough to do that, you're all set to start your own spam network, sponsored by Google. An additional benefit is Google's karma: because the service is highly regarded, most providers whitelist all Gmail traffic, meaning that spam sent via the exploit will pass right by ISP-level filters.
Google has not, to our knowledge, made any public statement on the exploit, but we expect they're fully aware and hard at work patching the holes.
__________________________
Justin Ryan is News Editor for LinuxJournal.com.
Submit a tip: Email IRC
Special Magazine Offer -- 2 Free Trial Issues!
Receive 2 free trial issues of Linux Journal as well as instant online access to current and past issues. There's NO RISK and NO OBLIGATION to buy. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Sorry, offer available in the US only. International orders, click here.
Delicious
Digg
Reddit
Newsvine
TechnoratiSubscribe now!
Recently Popular
| The new business of free radio | Jul-24-08 |
| Linux HOWTO: Video Editing Magic with ffmpeg | Jul-23-08 |
| Why We Must React to ACTA | Jul-24-08 |
| Boot with GRUB | May-01-01 |
| Chapter 16: Ubuntu and Your iPod | Aug-30-06 |
| Move Over Netbooks, It's Time for a Nettop | Jul-24-08 |
Featured Videos
Non-linear video editing tools are great, but they're not always the best tool for the job. This is where a powerful tool like ffmpeg becomes useful. This tutorial by Elliot Isaacson covers the basics of transcoding video, as well as more advanced tricks like creating animations, screen captures, and slow motion effects.
Shawn Powers reviews the HP Mini-Note portable computer.
Thanks to our sponsor: Silicon Mechanics
Silicon Mechanics is a leading manufacturer of rackmount servers, storage, and high performance computing hardware. The best warranty offerings available are backed by experts dedicated to customer satisfaction.
From the Magazine
August 2008, #172
There's nuttin like a Cool Project to give you some relief from the summer heat, so get out your parka cuz we got a bunch of em. First up is the BUG, not a bug, The BUG. It's got a GPS, camera and more, in a hand-sized package that's user programmable. The BUG does everything. It's both a floor wax and a dessert topping. Get one now. Need a software version of a Swiss Army knife? Take a look at Billix, and don't leave home without it. Then, chew on this one, an X server on a Gumstix device driving an E-Ink display. Need more storage? How about 16 Terabytes? Can do.
And, of course, we have the usual cast of characters: Marcel, Reuven, Dave, Kyle, Doc, plus the new kid on the block Shawn Powers. But it doesn't stop there: build a MythTV box on a budget, build your own GIS system, set up the tools to monitor your enterprise and more. Finally, remember The War of the Worlds? Now you can play too.
