So gmail was hacked

[Cider]

Hi Guys,

Got about a 4th mate whos gmail aco**** was compromised. Now they are not network gurus but I did train them to have complex password , more than 10 characters, mixed characters, number etc.

But they just let me know that two of there accounts was hacked.

What is the deal here?

They do not open a mail they are not 100 % sure of the legitamacy. AV running permanently on their PC. Without a keylogger in the background how is this being done.

Do you guys use Gmail or another service?

[HYBR|D]

There was a unpatched 0-day floating around recently.

Other then that tell them to change there passwords secret question etc and to check it they have forwarding or pop3 enabled in settings etc.

also how often do they log into the actual gmail account from https://gmail.google.com ?

if it's like hotmail/live etc if you don't log into the actual e-mail account they shut the account down and others can re-register the account and get the past owners e-mails.

[morganlefay]

Tip....never believe users....they lie. They open stuff and click on links all the time.

Alot of the new malware is using social engineering and unpatched applications\oses ...just watched a great video on you tube about the varied attack vectors...specifically the Zeus variants

http://www.youtube.com/watch?v=CzdBCDPETxk

MLF

[toengtoeng]

Tip....never believe users....they lie. They open stuff and click on links all the time.

Alot of the new malware is using social engineering and unpatched applications\oses ...just watched a great video on you tube about the varied attack vectors...specifically the Zeus variants

http://www.youtube.com/watch?v=CzdBCDPETxk

MLF

agree with this comment.beware with shortlink at your inbox

[Cider]

Downloading now, thanks MLF.

edit: the 0 day attack you are talking about is Adobe reader, right?

[morganlefay]

Yes...adobe is definitely one of them

MLF

[HYBR|D]

Yes...adobe is definitely one of them

MLF

add a little ajax handling into that also.

also nice Video morgan

[SnugglesTheBear]

This 0 day you speak of Hybrid, tell me more. Are you referring to encoding an email with these scripts and gmail renders and runs the script within the email or is it an actual attack on the google servers since they are using AJAX improperly? DETAILS! GIVE THEM TO ME!!!..... please?

[HYBR|D]

a little bit from column "A"

there are loads of "fun" 1 can have with badly handled ajax parsing for instance VB3.8.4 has a nifty ajax issue.

[Cider]

Some of these guys save their user / password in a plugin to IE to save these passwords. They say that by doing this to autocomplete their credentials keyloggers cannot get hold of their data.

Strangely enough only the username / passwords saved here are the accounts that were hacked.

It is a legitimate plugin so what gives o_0 ...