BLOG

Is gmail next?

April 25, 2014 by in Industry

I’m hearing hints that there are some malware or phishing links being sent out to gmail address books, “from” those gmail addresses. If that is what’s happening then it’s much the same thing as has been happening at Yahoo for a while, and AOL more recently, and that triggered their deployment of DMARC p=reject records.
It’s going to be interesting to see what happens over the next few days.
I’ve not seen any analysis of how the compromises happened at Yahoo and AOL – do they share a server-side (XSS?) security flaw, or is this a client-side compromise that affects many end users, and is just being targeted at freemail providers one at a time?
Does anyone have any technical details that go any deeper than #AOLHacked and #gmailhacked?

2 comments

  1. Dan Randow says

    I can not offer any technical details, I’m afraid. However, implementing a strict DMARC policy in a reactive manner while dealing with a major compromise is not a great look. Now that two providers have done so and the world has not stopped, it is looking like a sensible move anyway. If I were a major webmail provider, I’d be taking this chance to make the change pre-emptively.

    April 25, 2014, 7:40 pm
  2. Tom Chiverton says

    “the world has not stopped”
    Unless you use Mailman. It’s ‘wrap’ option is worse than useless because a variety of mail clients display mail as an attachment, not inline, and it’s ‘munge from’ creates issues too because all the mail now says ‘John Smith via Mailman” and end users have no idea what Mailman is.

    May 12, 2014, 8:00 am

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

AOL admits to security breachWhy do we "warmup" IP addresses

Recent Comments

Archives