Gmail vulnerable to password cracking

Best Prevention — A Muscular* Password

Vicente Aguilera Diaz posted a warning on Insecure.org that there currently is a weakness in Google’s extremely popular (free) Gmail that allows hackers to use automated scripts to guess passwords.

“An existing abuse of functionality in the “Check for mail using POP3” capability permits automated attacks to the password data of the accounts of the Gmail users evading the security measures adopted by Google. The abuse of this functionality permits an attacker to do thousands of authentication requests during a day over one user account, so if the user is using a weak password is a matter of time to guess to have access to the mail account.”

The solution is to use an un-guess-able password.

Gmail is Google’s free webmail service, and arguably it is the best such service out there. It comes with built-in Google search technology and over 7,300 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you’re looking for, and make sense of it all with a new way of viewing messages as part of conversations. It is excellent at filtering spam.

Tip of the day: Please read A Word About Words — Passwords, That Is. It is a short article that describes what makes a good, strong password; why that’s important; and as a bonus, provides a link to a top-rated “password manager” tool.

Today’s free link: I learned of this recent alert on Windows Secrets.com

* strong

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

August 6, 2009 Posted by techpaul | advice, computers, cyber crime, e-mail, Google, Internet, passwords, security, tech | alert, crack, Gmail, insecure.org, password, strong, windowssecrets.com | 8 Comments