Gmail not secure

[Syini666]

This is completely off topic in regards to email and will only interest paranoids and crypto-freaks, but you can expand your GnuPG setup to encrypt IM's over Gaim. Gaim-e gets GnuPG and Gaim talking and allows you to secure your MSN messages, and it might do other protocols too, I just don't remember at the moment. Be warned if you do play with it, its a hog on system resources if you have a massive key.

http://gaim-e.sourceforge.net/

[chsh]

For those of you thinking that PGP is failsafe, something that may be of concern (possible signature forgery): http://zdnet.com.com/2100-1105_2-5313655.html

[Soda_Popinsky]

I think pgp actually implements RSA for it's public \ private key, which would still be safe?

Yeah, pgp encrypted messages are still "safe", but SHA1 for signatures sound bonked.

[{Jellybelly}]

Originally posted here by phunction
I found an article about google's GMail.
If i read the article, it seems that gmail isn't that secure as it should be.
The article says that it can be hacked with 3 simple steps (i doubt it will be simple).

Full article:



source: http://www.thewhir.com

Gmail is still beta. Thsi is just one of the bugs that is found and needs to be corrected. I think that Gmail will be secure in the long haul. I myself have a Gmail account and have 3 Invintations left.

-- {Jellybelly}

[rioter_au]

its a ****ing brute force, choose a decent enough password and you have nothing to worry about
and as for ausphreak they are a recincarnation of a dead group that used to know what they were talking about
if anyone wants the application they are talking about i have it and pfft

[pooh sun tzu]

How about a proof of concept?

poohsuntzu at gmail.com


Anyone want to give it a shot? If you crack my account toss me a PM. I would rather see how well this "Exploit" holds up in the real world.

[11001001]

Pooh-

Well, I just found out that they changed the way the security question is asked/verified...
(see attached)
Your inbox is going to be inundated.

[The Grunt]

I don't know whether or not this has anything to do with it but after you put in incorrect things like 3 times I believe it makes you do the security picture thing. This would stop brute force, would it not?

[rioter_au]

its not a exploit, its just a dictonary attack on the forms and they didnt include a max account try, its been fixed now, it wasnt worth media coverage in the first place
bah
thats all i say

[Cybr1d]

I can't imagine people sending "highly confidential" or classified matter over gmail, hotmail, yahoo or any other email service on the internet. It is too risky and I am sure companies have policies in place to not allow it. Over local intranet .. now that is fine of course

Well you get your confirmation email when u sign up to ebay or paypal or anything else u sign up. A social engineer could also use your email account (Which he/she has access to) and sign up for all sorts of stuff, pay with your paypal account, and if they try to trace it back to them, it traces back to you. I know u can create a new account and dump it when you're done with your ****...but why not put all the blame on another person .


As for Gmail...Of course its not as secure as it should be. If it was that secure, it wouldn't be in Beta testing anymore lol. All you have to do is pick a good password, and don't start forwarding all your sensitive email to your Gmail account.