Are Google Users More Vulnerable Than Others?
The DigiNotar breach (“Operation Black Tulip”) is certainly likely to be a watershed in Internet security, and possibly in how we perceive cyberwar. But one lesser point may get lost: how vulnerable we are with a single username password to access all Google accounts.
Not only does that single account gain potential access to email and access to other accounts if that email address is used as the default account in the case of a lost password (or if it’s used as the sign-in for other services, a la Chrome web apps), but it also gains access to documents, photos, location information, contact lists and chat records within the Google domain.
This from the Fox-IT preliminary report on the breach:
The list of IP-addresses will be handed over to Google. Google can inform their users that during this period their e-mail might have been intercepted. Not only the e-mail itself but also a login cookie could have been intercepted. Using this cookie the hacker is able to log in directly to the Gmail mailbox of the victim and also read the stored e-mails. Besides that, he is able to log in all other services Google offers to users like stored location information from Latitude or documents in GoogleDocs. Once the hacker is able to receive his targets‟ e-mail he is also able to reset passwords of others services like Facebook and Twitter using the lost password button. The login cookie stays valid for a longer period. It would be wise for all users in Iran to at least logout and login but even better change passwords.
Worth thinking about spreading one’s accounts across several accounts and resisting the urge to use Google as one’s sign-in account for third party services.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
06. September 2011 by jeremy
Categories: Security | Tags: Cross-platform software, Facebook Inc, gmail, Google, Google Account, HTTP cookie, Internet security, Iran, Login, others services, Password, Password strength, Privileged password management, the Fox, Twitter Inc., web apps | Comments Off on Are Google Users More Vulnerable Than Others?