Gmail Vulnerability caused Domain loss

Posted on April 23rd, 2008 by admin in Domain News | No Comments »

Even though this vulnerability has been fixed by now, I felt it was important to underline the dangers we face as we use global mail providers for all our personal/business communication needs.

A couple of months ago David Airey’s blog was hacked. David Airey is a blogger and designer but you can read more about him on his website. He has since reacquired his domain name.

The striking thing about his story is that he was using a GMail account which many of us use for storing various administrative and business usernames and passwords.

The hacker exploited a GMail backdoor to insert a filter that forwards administrative emails to a different email address and subsequently deletes the original email. The cross-scripting vulnerability has since been fixed.

The hacker inserted the filter into David Airey’s GMail account then requested a domain transfer of DavidAirey.com. The domain registrar that DavidAirey.com was registered at sent an email to David’s GMail account asking for confirmation of the transfer but since the hacker had entered a redirect filter into David’s email, the confirmation email was forward to the hacker’s account and subsequently deleted from David’s inbox.

David was none the wiser.

The hacker proceeded to transfer DavidAirey.com to their own registrar.

The moral of the story?

Be careful about where and how you store your usernames and passwords. Use Firefox web-browser and if need be disable scripting. Also, just to be on the safe side, check your google forwarding options and preferably disable them.