More Than the CAPTCHA is Broken at Gmail

May 13th, 2008 by Justin Ryan

Two months ago, the big Gmail news was that spammers had broken Google's extra-heavy-duty CAPTCHA and had begun to run amok offering "private" enhancements and Nigerian fortunes. This month, it's the news that they wasted their time.

According to reports, the Information Security Research Team (INSERT) has demonstrated a relatively easy exploit of a "serious security flaw" in Gmail's message forwarding system that allows spammers to bypass Gmail's sending limits as well as most anti-spam filtering. According to INSERT, all you need is one Gmail account, and the ability to connect to ports 25 and 80; if you're savvy enough to do that, you're all set to start your own spam network, sponsored by Google. An additional benefit is Google's karma: because the service is highly regarded, most providers whitelist all Gmail traffic, meaning that spam sent via the exploit will pass right by ISP-level filters.

Google has not, to our knowledge, made any public statement on the exploit, but we expect they're fully aware and hard at work patching the holes.

__________________________
Justin Ryan is the News Editor for Linux Journal.
Look for him in the #linuxjournal IRC channel.

Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer

Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.

Post new comment

The Latest


Package Management With Zypper	Nov-05-09
Court Gets A Torrent-full About Linux	Nov-04-09
Forget Rasterbator, Posterazor!	Nov-04-09
Who Needs Time Machine with "Back in Time"	Nov-03-09
Tech Tip: Restore Ctrl-Alt-Backspace in Ubuntu	Nov-03-09
Stories Swirling About Skype's Source	Nov-02-09

Each week Linux Journal editors will tell you what's hot in the world of Linux. You will receive late breaking news, technical tips and tricks, and links to in-depth stories featured on www.linuxjournal.com.

Tech Tip Videos

Forget Rasterbator, Posterazor!
Nov-04-09
Who Needs Time Machine with "Back in Time"
Nov-03-09
Updating ISOs with zsync
Oct-29-09
Forgetting Sudo (we've all done it)
Oct-26-09

Recently Popular


Boot with GRUB	4.382355
Detecting Botnets	5
Why Python?	4.518595
Chapter 16: Ubuntu and Your iPod	4.642855
Cloud Computing: Good or Bad for Open Source?	4.42857
Who Needs Time Machine with "Back in Time"	4.5625

December 2009, #188

If last month's Infrastrucuture issue was too "big" for you then try on this month's Embedded issue. Find out how to use Player for programming mobile robots, build a humidity controller for your root cellar, find out how to reduce the boot time of your embedded system, and if you're new to embedded systems find out the basics that go into one. You can also read about the Beagle Board, the Mesh Potato and a spate of other interestingly named items. And along with our regular columns don't miss our new monthly column: Economy Size Geek.

Read this issue

Contribute to the Linux Journal Flickr Pool
Follow Linux Journal on Twitter
Add Linux Journal to your RSS reader
Meet other readers on Facebook
Get Linux Journal Miis