01-25-2010 1:19
schneier / google / hacking / cn
"In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access."
http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/
Blogovi ::
Ivan Markovic
Povezani zapisi:
08-04-2010 22:40
 Google has a new feature that enables you to sign in to multiple accounts at the same time on the same browser. One of the benefits of this is that it allows you to read messages from several Gmail accounts just by opening up new tabs in the same browser.
Steps
Go to your Google Accounts page: https://www.google.com/accounts/ManageAccount
Look for the option "multiple sign-in". If it isn't there yet, your account will probably be enabled shortly.
Click on the "Change" link.
There will be a message telling you that this is an advanced feature that works for Gmail, Google Calendar, Google Sites, Google Reader, Google Voice, App Engine and Google Code.
Enable the feature. Click the button that says "On - Use multiple Google Accounts in the same web browser."
A new drop-down will appear next to your email address in Gmail, and other relevant Google products. This drop-down allows you to click on it, and sign into any new Google account from the drop-down menu without having to close out of your currently open Google account.
If you check the URL for each account, you will see that Google now numbers each one differently to identify them distinctly.
Note that your default account becomes the first account that you sign in to. This means that when you sign into non-Google products unable to support Multiple Accounts, that your sign-in will be done via your default account.
Tips
This feature is easier than using Google Chrome's incognito mode or IE8's "new session" feature.
Signing out of any Google product while in Multiple Sign In will sign you out of all accounts.
Warnings
This feature does not work for mobile devices, Google's Calendar gadget within Gmail won't work properly, and it doesn't work for offline Gmail/Google Calendar. The "note in Reader" bookmarklet will only work for the default account, not for any of the other accounts.
As a new feature, there may be more unknown issues with use of Multiple accounts. If you discover any, it's probably a good idea to alert Google so that these can be fixed.
Things You'll Need
Google Accounts
Related wikiHows
How to Add RSS Feeds to Your Google Personalized Homepage
How to Use Google
How to Keep from Getting Logged out of Google AdWords
How to Use Googles Conversion Feature
How to Install Google Desktop 2
Sources and Citations
http://googlesystem.blogspot.com/2010/08/google-multiple-sign-in-now-available.html – research source
Article Tools
Read on wikiHow
Email this Article
Edit
Discuss
Feed!
08-04-2010 22:40
Google has a new feature that enables you to sign in to multiple accounts at the same time on the same browser. One of the benefits of this is that it allows you to read messages from several Gmail accounts just by opening up new tabs in the same browser.
Steps
Go to your Google Accounts page: https://www.google.com/accounts/ManageAccount
Look for the option "multiple sign-in". If it isn't there yet, your account will probably be enabled shortly.
Click on the "Change" link.
There will be a message telling you that this is an advanced feature that works for Gmail, Google Calendar, Google Sites, Google Reader, Google Voice, App Engine and Google Code.
Enable the feature. Click the button that says "On - Use multiple Google Accounts in the same web browser."
A new drop-down will appear next to your email address in Gmail, and other relevant Google products. This drop-down allows you to click on it, and sign into any new Google account from the drop-down menu without having to close out of your currently open Google account.
If you check the URL for each account, you will see that Google now numbers each one differently to identify them distinctly.
Note that your default account becomes the first account that you sign in to. This means that when you sign into non-Google products unable to support Multiple Accounts, that your sign-in will be done via your default account.
Tips
This feature is easier than using Google Chrome's incognito mode or IE8's "new session" feature.
Signing out of any Google product while in Multiple Sign In will sign you out of all accounts.
Warnings
This feature does not work for mobile devices, Google's Calendar gadget within Gmail won't work properly, and it doesn't work for offline Gmail/Google Calendar. The "note in Reader" bookmarklet will only work for the default account, not for any of the other accounts.
As a new feature, there may be more unknown issues with use of Multiple accounts. If you discover any, it's probably a good idea to alert Google so that these can be fixed.
Things You'll Need
Google Accounts
Related wikiHows
How to Add RSS Feeds to Your Google Personalized Homepage
How to Use Google
How to Keep from Getting Logged out of Google AdWords
How to Use Googles Conversion Feature
How to Install Google Desktop 2
Sources and Citations
http://googlesystem.blogspot.com/2010/08/google-multiple-sign-in-now-available.html – research source
Article Tools
Read on wikiHow
Email this Article
Edit
Discuss
Feed!
08-02-2010 17:41
 BlackHat was one amazing ride. Over 5,000 people attended, a conference record. I got to see a ton of friends and colleagues and was fortunate enough to meet many new and interesting people. Of course a big highlight for me was my presentation, in which roughly 800 - 1,000 people showed up. A great turn out considering the talk was up against really solid and well-known presenters like Haroon Meer, Moxie Marlinspike, Christofer Hoff, and Ivan Ristic. Aside from some projector glitches and a failed cookie eviction demo everything went smoothly. From feedback in the hallway much of the audiences pin-drop silence was due to shock given how ridiculously simple yet effective these hacks were. :)
Essentially I described how a malicious website could steal their visitors names, job title, workplace, physical address, telephone number, email addresses, usernames, passwords, search terms, social security numbers, credit card numbers, and on and on by manipulating a Web browsers HTML form auto-complete / autofill functionality. For good measure I also showed show a Web page could evict all of a users cookies thereby automatically logging users out of all their current sessions, delete tracking cookies, and so on. Lastly, with only clever bits of of javascript, these attacks impact millions of Web users cheaply via online advertising networks. Yes, a lot of fun.
My complete “Breaking Browsers: Hacking Auto-Complete” slide deck is available. I’ve put up a series of blog posts describing each of the distinct Web hacking techniques complete with proof-of-concept code, screen shots, videos, and technical explanations. Enjoy!
Safari v4/v5 AutoFill Web form vulnerability (CVE-ID: CVE-2010-1796)Internet Explorer 6 & 7 stealing AutoComplete form dataFirefox mass spoofing form auto-complete dataStealing passwords out of the Firefox and Chrome password manager using XSS.Cookie Eviction - Deleting ALL of a users cookies across ALL websites
WhiteHat Security is a leading provider of website security services.
Feedproxy Security
07-27-2010 20:38
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
ISC
| |
|
|
|
