Hacks and Incidents

Google Account Recovery Vulnerability

Google Account Recovery Vulnerability: If I told you to think of the most sensitive features security-wise in a web application, you would probably say – Login. Well if your definition of “Login” does not include password recovery, then it would definitely be the second one. This means, that password recovery is often in the center of attention for attackers – and for security professionals.So lets say you are using Paypal, Facebook or Twitter, and you forgot your password shit happens, right?. They will ask you to put your email in a nice input box, and wait until you get a password recovery link. If youre using Gmail hey, who are you trying to fool? – you are!, it is the tool you recover passwords with, for every other application out there. Did you ever stop and ask what does GMAIL stand for? It’s the Global Main Authentication and Identification Library. Seriously, if someone got access to your Gmail account, he can “password recover” his way to any other web/mobile application out there !. More about this can be viewed on a video by “security researcher” Don Friesen http://www.youtube.com/watch?v=2tJ-NSPES9Y.What about the password recovery of your Gmail account? Its the password recovery for all the other password recoveries. According to the security jargon, it is a Mega-mega-mega-mega-password-recovery. A lot of nasty hackers out there would love to find some holes in this fortress, thats why I decided to take a quick look at it.