1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google fixes serious email authentication bug - make sure you're

    From TechnologyDaily@1337:1/100 to All on Mon Jun 12 13:15:03 2023
    Google fixes serious email authentication bug - make sure you're not affected

    Date:
    Mon, 12 Jun 2023 11:57:18 +0000

    Description:
    Gmail system designed to protect users from scammers and malicious actors failed to do exactly that.

    FULL STORY ======================================================================

    Google says that it has fixed an issue in Gmail that saw scammers impersonating a legitimate, and more importantly, verified company, but fortunately, it looks like no users were harmed.

    The email service provider just recently expanded on the BIMI email authentication program it launched almost two years ago by allowing certain eligible companies to show a blue checkmark next to their name, in a bid to help users distinguish safe emails in the inbox.

    The emails in question appeared to come from delivery giant UPS, however fortunately, The Register reports that no malicious payload was included. Gmail authentication hacked

    BIMI requires that participating companies adopt Domain-based Message Authentication, Reporting, and Conformance (DMARC) as well as either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM). Read more

    These are the best identity theft protection tools


    Gmail now offers verification to replace your lost Twitter blue tick


    This new malware campaign can hijack your Gmail or Outlook email account

    A vulnerability in SPF is to blame for allowing scammers to pretend to be
    UPS, even adopting the companys logo and blue checkmark, according to Chris Plummer who shared their findings via a Tweet .

    The thread details Googles initial response, along the lines of wont fix - intended behavior, before pressure from Plummer and the Internet saw it rethink its stance. A later communication from Google to Plummer reads:

    After taking a closer look we realized that this indeed doesnt seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate
    team is taking a closer look at what is going on.

    Google apologized to Plummer for its initial response, which it said might have been frustrating, and thanked the Twitter user for pressing on for [Google] to take a closer look.

    While this example in isolation appears not to have caused any trouble, its unclear how many other accounts have been impersonated and how many email users have fallen victim to other scams.

    Google did not immediately respond to TechRadar Pro s request for an update
    on the matter. Protect your devices and network with the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-fixes-email-authentication-bug-that-coul d-have-let-hackers-pose-as-real-firms


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)