Domain hijacking and other malicious activities with Gmail
A few months ago I read on Gnucitizen about the Gmail CSRF and that was what I think one of the first really big cases of a CSRF attack that became publicly known. Although Google has fixed this issue, it seems there's a new bug somehow similar to that one, and there's some great coverage on the issue at readwriteweb
The story behind this, amongst others contains the story of shocked site owners, getting their domain names hijacked by a malicious group, that asks for a fee (a few 00's dollars) in order to give them their domains back! Nasty.
CSRF is a so called 'Web 2.0 vulnerability', without this meaning that CSRF attacks didn't take place a few years ago. It is an emerging threat, not as well known and understood at the moment, as the different sorts of Injections, like SQL Injection, or Cross Site Scripting, still it is getting a lot of publicity as we hear more and more about high profile incidents .
I'm not going to dive deep into CSRF attacks, as the Wikipedia article explains very well the whole thing. In a few words, "It is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts." This attack class exploits the trust a site has for a particular user. Since the user is authenticated, any command issued during his sessions is supposed to be valid. So the problem is on the server side, still the user has a problem if a site is vulnerable to CSRF!
a) while logged on to Gmail, a person who owns a domain name and it's contact details are associated to this email address, visits a site that contains malicious code against Gmail
b) since the Gmail user is logged on Gmail, and Gmail is vulnerable to CSRF, the malicious code is executed, that adds a filter on the user's account. Gmail filters are rules to be executed, say for example that each email should be forwarded to address xxx@yyy.com. In this case, a filter is set to forward emails on the malicious guy's email address
c) since paying a close look every now and then on what are your filters isn't very usual (at least for most users, now), it is unlike that the user will notice the difference.
d) during this time, the malicious person collects the user's emails and monitors sensitive information being sent.
He can also use the password reset utilities on the domain registrant, change the password and hijack the domain. 
adding filters to Gmail (Settings->Filters->Create a filter)
filters of a domain hijack victim, with added filters (image from readwriteweb.com)
Take a moment and think the damage if your email account is compromised. This might result in a far greater loss than physical disasters, eg your hard drive crashing! Not in the case you are a plain user, exchanging mesages with friends and partners, but if your email account is the gateway for online banking systems, paypal, or other systems, or for a domain registrar, as in the scenario we are discussing.
What you can do about that
Google has fixed this vulnerability, however it's good to keep in mind some small things, cause similar scenarios might appear in future.
1) If you use Gmail, check your filters and make sure there's no filters added by others (Settings->Filters)
2) Change your reset passwords/answers. Seriously. Don't allow yourself to get owned because someone reset your password by answering the question 'What's your favorite puppy'. (this also aplies to ALL web based email, like yahoo, hotmail etc).
3) While logged on Gmail, don't visit malicious/questionable sites.
4) Use https://mail.google.com instead of http://mail.google.com (notice the s). Thus all of your session is encrypted (HTTPS), rather than only when you login as it happens with HTTP.
What's really important to remember is in CSRF, or XSS, or other types of attacks, we tend to underestimate the number of web sites/applications that are vulnerable. Also, as users we can't do many things to avoid these attacks (since they are server side), just be informed and suspicious :)
If this sounds interesting to you, check out geekcondition, featuring some great coverage on the issue.
Gnucitizen (what an awesome name!) is an IT security Think Tank, having produced amazing papers and coverage for many issues in the field of IT security. Moreover, the policy they've been following for publicizing vulnerabilities seems very responsive (they even prompt others to inform the vendor for a problem, let the vendor fix it and then publicize it, rather than just publicize it once discovered).
I recently came accross your blog and have been reading along. I thought I would leave my first
comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep
visiting this blog very often.so you also can read my blog.
Posted by cheap ugg boots on Δεκέμβριος 25, 2009 at 05:07 πμ EET #
It is my great pleasure to visit your website and to enjoy your excellent post here. I like that very much. I can feel that you paid much attention for
those articles, as all of them make sense and are very useful. Thanks so much for sharing. I can be very
good reader&listenerdiscount ugg boots if you are same searching for
all to be good. Appreciate for your time!
Happy New Year!
Posted by jordan shoes on Μάρτιος 17, 2010 at 03:52 πμ EET #
I suppose maybe you also have <a href="http://www.chinabulksite.com/">interests</a> in <a href="http://www.chinabulksite.com/">sporting</a>.</p>
Posted by Wholesale products on Ιούνιος 28, 2011 at 05:03 πμ EEST #
It makes me feel so <a href="http://www.cheapmass.com/">surprise</a>.I never know there is such a <a href="http://www.cheapmass.com/">wonderful place</a> that I can <a href="http://www.cheapmass.com/">find what I need</a>
Posted by cheap clothes online on Ιούνιος 28, 2011 at 05:04 πμ EEST #
Popular Louis Vuitton Handbags will tell you what is the fashion . It is no longer a purses , it became hotter and hotter. Louis Vuitton Wallet not only have its own characteristic ,but also took advantage of other purses .http://www.gaolvlouisvuittonoutlet.com Louis Vuitton Outlet Store is the best online shop to own .If you own one, I’m sure that you will be the focus on the Louis Vuitton Outlet Store .
Posted by Louis Vuitton Handbags on Ιούλιος 29, 2011 at 09:17 πμ EEST #
Welcome to Louis Vuitton Outlet Store, which is one of the most famous Louis Vuitton shop. It provides you all kinds of Louis Vuitton Bags. such as LV Bags, Louis Vuitton jewelry, Louis Vuitton purses and so on.
I wanted to thank you for paying attention to Louis Vuitton Bags ! If you own one, such as http://www.golvlouisvuittonbags.com luggeges etc.
Posted by Louis Vuitton Bags on Ιούλιος 29, 2011 at 09:26 πμ EEST #
Coach Outlet Online usually carry all the collections but at significant prices.not noly the http://www.businesscoachoutlet1.com Coach Factory Outlet can provide you ladys' wear hand bag , men's wear hand bag , commerce wrap, luggage, purse etc., but also Coach Factory Store, and the continuously developing of the new series expanded Kou(Coach) the influence of brand.
Posted by Coach Outlet Online on Ιούλιος 29, 2011 at 09:31 πμ EEST #
Coach Outlet Store appears to become one of the most favorite and style with the superb Coach Bags and Coach Purses etc.. It appears the fact that conventional and stylish detailing make Coach Bags popular .http://www.coachfactorysstoresoutlet.net Coach Factory Outlet is effective enough and also within your life. Dropping the old-fashioned leather, come to Coach Purses Outlets , it will let you fell what’s the real leather..
Posted by Coach Factory Online on Ιούλιος 29, 2011 at 09:35 πμ EEST #
They are also available on Coach Factory Outlet. More items you buy, more economic to you. Recently, the http://www.godcoachoutlet.com Coach Outlet Store has evoked more and more concerns by people. It's a common topic of women's conversations.
Posted by Coach Outlet Store on Ιούλιος 29, 2011 at 09:38 πμ EEST #
Find the perfect gift of Swarovski Crystal Jewelry for my friend and take advantage of the http://www.swarovskioutlet.net Swarovski Crystal Outlet.She suggest us go to Swarovski Outlet if we want to buy Jewelry, Swarovski Jewelry is the best choose.
Posted by Swarovski Crystal on Ιούλιος 29, 2011 at 09:42 πμ EEST #
great article!
Posted by brautmoden on Σεπτέμβριος 28, 2011 at 11:55 πμ EEST #
The choices are likely to be basically countless seeing that louis vuitton outlet occurs with the help of completely new and also incredible concepts once in a while.
Posted by louis vuitton outlet on Οκτώβριος 20, 2011 at 10:20 πμ EEST #
Owning louis vuitton bags of their own has been the dreams of many fad-seeking people for a quite long time.Want to become more charming and faddish? Go to visit louis vuitton outlet webpage and select the most suitable products for yourself.
Posted by louis vuitton bags on Οκτώβριος 20, 2011 at 10:28 πμ EEST #
Offering quality LV products with favorable prices, louis vuitton outlet store is at your service. Hurry up, or you can not seize the chance.
Posted by louis vuitton outletr on Οκτώβριος 20, 2011 at 10:34 πμ EEST #
Even so it is not possible to beat the timeless design jointly with traditional elegance of the Bags at the coach factory outlet online.
Posted by coach factory outlet on Οκτώβριος 20, 2011 at 10:44 πμ EEST #
coach factory outlet can design new and original products that are also functional. The stylish appearance of products, sophisticated workmanship, superior quality and highly competitive prices have won the customer's trust and love from consumers at home and abroad. So you can rest assured that purchase.
Posted by coach factory outlett on Οκτώβριος 20, 2011 at 10:51 πμ EEST #
coach factory online is the prior choice on the market today, because you can change the value of the innovative design of the fashion and high quality hides are popular, because of other accessories, best option.
Posted by coach factory outlet on Οκτώβριος 20, 2011 at 10:58 πμ EEST #
Hi, the article is so wonderful, I am interested in it. I will pay attention to your articles.
Posted by china wholesale on Οκτώβριος 29, 2011 at 10:20 πμ EEST #
Thank you for your articles
Posted by Ugg Boots Online on Οκτώβριος 29, 2011 at 10:21 πμ EEST #
"Cela va être le point <a href="http://www.supraprix.com/" title="Supra Prix">Supra Prix</a>
culminant de ma carrière", a déclaré Hamilton après avoir donné sa victoire McLaren 15e 26 courses <a href="http://www.supraprix.com/" title="supra prix chaussure">supra prix chaussure</a>
dans la principauté. ?Je suis resté optimiste et apporté à la maison. Il était le plus amusant que <a href="http://www.supraprix.com/" title="Supra Shoes Prix">Supra Shoes Prix</a>
Posted by Supra Shoes Prix on Νοέμβριος 30, 2011 at 10:32 πμ EET #
tissue layer, which mechanically tells you of their distinct nature.Most timber land pro watertight Timberland Pro are realized along choice <a href="http://www.timberlandhomme.com" title="Chaussures Timberland">Chaussures Timberland</a>
tally quality banners, not allowing even the to the lowest degree amount of watery into the inner, which decidedly keeps your <a href="http://www.timberlandhomme.com" title="Timberland Pas Cher">Timberland Pas Cher</a>
feet hot and dry all day long at exercise or outdoors generally. If you used to gain problems standing on damp grounds for long, fret not <a href="http://www.timberlandhomme.com" title="Timberland Homme Chaussure Store">Timberland Homme Chaussure Store</a>
Posted by Timberland Homme on Νοέμβριος 30, 2011 at 10:36 πμ EET #
Coach Outlet Online Build a network monitoring long-term mechanism of action to rectify the vigorous national network finally come to an end.
Posted by Coach Outlet Online on Δεκέμβριος 07, 2011 at 10:45 πμ EET #
I was very pleased to find this site.I wanted to thank you for this great read!
Posted by Coach Outlet Store Online on Δεκέμβριος 08, 2011 at 09:29 πμ EET #
It's good to see this information in your post
Posted by Coach Factory Outlet on Δεκέμβριος 14, 2011 at 10:42 πμ EET #
<h1><a href="http://www.korshandbagsoutlet.org/ ">michael kors outlet</a></h1>
http://www.korshandbagsoutlet.org/ I am really enjoying reading your well written articles. Keep up the good work it. <h1><a href="http://www.cheapuggbootsbay.com/ "> cheap ugg boots online</a></h1> http://www.cheapuggbootsbay.com/</p>
Posted by michael kors online on Δεκέμβριος 29, 2011 at 08:12 πμ EET #
live handmade, buy handmade
wholesale beads, beading supplies
http://www.zacoo.com/</p>
cheap acrylic beads
http://www.zacoo.com/acrylic-beads.html</p>
resin flower cabochons
http://www.zacoo.com/resin-cabochons.html</p>
Tibetan style beads
http://www.zacoo.com/tibetan-style-beads.html</p>
Posted by wholesale beads on Δεκέμβριος 31, 2011 at 08:37 πμ EET #
"Cela va être le point <a href="http://www.supraprix.com/" title="Supra Prix">Supra Prix</a>
culminant de ma carrière", a déclaré Hamilton après avoir donné sa victoire McLaren 15e 26 courses <a href="http://www.supraprix.com/" title="supra prix chaussure">supra prix chaussure</a>
dans la principauté. ?Je suis resté optimiste et apporté à la maison. Il était le plus amusant que <a href="http://www.supraprix.com/" title="Supra Shoes Prix">Supra Shoes Prix</a>
Posted by Supra Shoes Prix on Δεκέμβριος 31, 2011 at 09:16 πμ EET #
La Jordanie, qui est officiellement connu comme le Royaume hachémite de Jordanie est un pays qui est situé dans <a href="http://www.jordanchaussure.com" title="jordan chaussure">jordan chaussure</a>
Posted by jordan chaussure on Δεκέμβριος 31, 2011 at 09:16 πμ EET #
M4V often used by Apple’s iPod and the iTunes Store. M4V Converter for Mac can help you remove protection from iTunes DRM protected M4V video and it is a multifunctional and professional M4V video converter for all Mac users, best free M4V Converter for Mac can convert M4V to MPEG, MP4, H.264, SWF, FLV, VOB, MOD, M4V, AVI, WMV, 3GP, 3GPP, MOV, DivX, XviD, MOV, DV, MJPG, MJPEG, MPV, it also can convert M4V to HD video, like HD MPEG4, HD MOV, HD AVI, HD WMV.
Posted by m4v converter for mac on Ιανουάριος 13, 2012 at 09:59 πμ EET #