Tuesday, November 25, 2008

GoDaddy Domain Hijacking Using Gmail Security Flaw

An exploit was recently posted where miscreants can hijack domains hosted by GoDaddy using a flaw of Google's Gmail filters.
For the xploit to work the miscreant must know the email address of the domain owners registered with GoDaddy to receive Support emails, a bit of social engineering to trick your target to visit a website with malicious code to get the session authorization key.

Difficulty of Exploiting:
Medium to Hard, too complex for script kiddies,

Defenses:
1. Force Gmail to use SSL (https) to avoid snooping on your emails. Google's default setting is https for authentication and unsecure email after.
2. Avoid visiting untrusted websites.
3. Use a Firefox plugin called NoScript (like I do) so as not to allow scripts executing XSS code for hackers to steal your Google account ID and session ID.

No comments:

Post a Comment