Author

Topic: A hack to steal steal your Gmail password? (Read 1770 times)

legendary
Activity: 1274
Merit: 1004
January 22, 2014, 03:47:10 AM
#7
wait what are the benefits to read other people email. unless that one is super important, I dont see any goods for the thieves to do that Huh

An email account can be used
to reset passwords of other accounts
to collect someome's personal information, pics and other important data,
to send spam messages.

There are many use of a hacked email account but it depends on who's the owner of that account.
member
Activity: 84
Merit: 10
January 22, 2014, 03:38:52 AM
#6
wait what are the benefits to read other people email. unless that one is super important, I dont see any goods for the thieves to do that Huh
hero member
Activity: 756
Merit: 522
January 21, 2014, 04:24:05 PM
#5
Besides some potentially faulty features like auto fill-ins and such, what's your reasoning? And what solution do you suggest otherwise?

If it's in your head it's in your head. If it's stored by the password manager...well...then it's in there.
legendary
Activity: 1106
Merit: 1026
January 19, 2014, 12:55:20 PM
#4
Protip: don't use password managers.

Besides some potentially faulty features like auto fill-ins and such, what's your reasoning? And what solution do you suggest otherwise?
hero member
Activity: 490
Merit: 500
January 17, 2014, 09:51:17 PM
#3
Double steal?
hero member
Activity: 756
Merit: 522
January 17, 2014, 10:59:05 AM
#2
Protip: don't use password managers.

Please move this thread to scam accusations or somesuch; it doesn't belong in securities (there's a link lower right).
hero member
Activity: 644
Merit: 500
January 17, 2014, 07:56:59 AM
#1
A few days ago (luckily) I read a PDF document that described a vulnerability in several password managers (like 1Passwprd, lastpass) that when they see say  "google.com" domain they will autofill gmail's password field and user name  (even if the fields are hidden on page) and when the user clicks on "continue"  or "vote" (if it was a poll  on the psge) the  passwords are sent to the hacker.

So today on twitter I saw this guy  

https://twitter.com/CoinMKTCap

giving a link to this page hosted on google.com

(be careful before clicking anything on the page)

https://docs.google.com/forms/d/1IZf5cBivam_93zENT_arFFuvWDidHGjWxoTMVmFSoWg/viewform

Now why on earth would this be on docs.google.com if this is anything legitimate? Why not on your own site?

Right click and "view source" and I do see things like on the page:

^(focus|focusin|submit)$/i,r=/^(input|textarea)$/i,s=/^password$/i,l=!!("placeholder"in x);l|

If this page steals gmails passwords (and I think most likely it does), I would have fallen for this  -- for sure --had I not read PDF that describes the hack just a few days before

https://www.isecpartners.com/media/106983/password_managers_nov13.pdf
  




Jump to: