More Than the CAPTCHA is Broken at Gmail

May 13th, 2008 by Justin Ryan

Two months ago, the big Gmail news was that spammers had broken Google's extra-heavy-duty CAPTCHA and had begun to run amok offering "private" enhancements and Nigerian fortunes. This month, it's the news that they wasted their time.

According to reports, the Information Security Research Team (INSERT) has demonstrated a relatively easy exploit of a "serious security flaw" in Gmail's message forwarding system that allows spammers to bypass Gmail's sending limits as well as most anti-spam filtering. According to INSERT, all you need is one Gmail account, and the ability to connect to ports 25 and 80; if you're savvy enough to do that, you're all set to start your own spam network, sponsored by Google. An additional benefit is Google's karma: because the service is highly regarded, most providers whitelist all Gmail traffic, meaning that spam sent via the exploit will pass right by ISP-level filters.

Google has not, to our knowledge, made any public statement on the exploit, but we expect they're fully aware and hard at work patching the holes.

__________________________
Justin Ryan is News Editor for LinuxJournal.com.
Submit a tip: Email IRC

Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer

Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.

Post new comment

The Latest


Would You Like Linux With Your Jello?	Jul-03-09
Celebrate the 4th of July From the Command Line	Jul-02-09
Fireworks from the Command Line	Jul-02-09
Tech Tip: Color man Pages	Jul-02-09
Reserve Your Space on the Australian Stage	Jul-01-09
Making Processes Feel Important	Jul-01-09

Each week Linux Journal editors will tell you what's hot in the world of Linux. You will receive late breaking news, technical tips and tricks, and links to in-depth stories featured on www.linuxjournal.com.

Tech Tip Videos

Celebrate the 4th of July From the Command Line
Jul-02-09
Making Processes Feel Important
Jul-01-09
Reading Lots of Text with More and Less
Jun-30-09
Getting User Input in a Shell Script
Jun-29-09

Recently Popular


Would You Like Linux With Your Jello?	5
Why Python?	4.49337
Bash Extended Globbing	4.40909
Fireworks from the Command Line	5
Celebrate the 4th of July From the Command Line	4.57143
Boot with GRUB	4.322915

July 2009, #183

News Flash: Linux Kernel 3.0 to include an on-the-go Expresso machine interface! Ok, maybe not, but Linux is definitely going mobile, from phones to e-readers. Find out more inside about Android, the Kindle 2, the Western Digital MyBook II, The Bug, and Indamixx (a portable recording studio). And if you've gone mobile and you been wanting more Emacs in your life then check out Conkeror.

To compliment the mobile we've got the stationary: parsing command line options with getopt, checking your Ruby code with metric_fu, and building a secure Squid proxy. How is this stationary you ask? What can we say? It's not. We just wanted to see if anybody actually read this part of the page :) .

All this and more, and all you have to do is get your hot sweaty hands on the latest copy of Linux Journal.

Read this issue

Contribute to the Linux Journal Flickr Pool
Follow Linux Journal on Twitter
Add Linux Journal to your RSS reader
Meet other readers on Facebook
Get Linux Journal Miis