Vulnerability in Gmail allows to reset password of any account

Hacking Gmail account with password reset system vulnerability

A security researcher named Oren Hafif found a vulnerability in the gmail accounts that could allow an attacker to hijack any email account.
This is a type of the password reset vulnerability, in the hacking process attacker have to send an email which looks like an email from an official google account.
It’s a simple spear-phishing attack by leveraging a number of flaws i.e Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a flow bypass.

In the mail, it says-”Please confirm account ownership by clicking on this link:”

Hackers email

Upon clicking the link, it redirect users to a page that is linked to https.google.com but in real it leads the victim to the attacker’s website because of CSRF attack with a customized email address. In that page you have to enter, the last password you remember and a new password: 

confirmation gmail

hacked success

Advertisements

NSA infected 50,000 computer networks worldwide with malware

NSA infected more than 50,000 computer networks with Malware

The US’ National Security Agency reportedly hacked 50,000 computer systems globally and infected them with malware, according to the classified documents revealed by whistleblower Edward Snowden.

The latest claims come from a digital presentation slide, which show a world map highlighting hard computer networks and ‘world-wide implants’ under the category.

CNE (Computer Network Exploitation), NSA jargon for malware infections.

Jailed Anonymous hacker Jeremy Hammond: ‘My days of hacking are done’

Jeremy Hammond

I knew when I started out with Anonymous that being put in jail and having a lengthy sentence was a possibility,’ Hammond said.

Jeremy Hammond, the Anonymous hacktivist who released millions of emails relating to the private intelligence firm Stratfor, has denounced his prosecution and lengthy prison sentence as a “vengeful, spiteful act” designed to put a chill on politically-motivated hacking.

Hammond was sentenced on Friday at federal court in Manhattan to the maximum 10 years in jail, plus three years supervised release. He had pleaded guilty to one count under the Computer Fraud and Abuse Act (CFAA) flowing from his 2011 hack of Strategic Forecasting, Inc, known as Stratfor. In an interview with the Guardian in the Metropolitan Correction Center in New York, conducted on Thursday, he said he was resigned to a long prison term which he sees as a conscious attempt by the US authorities to put a chill on political hacking.

Google pays $40K to ‘Pinkie Pie’ for partial hack of Chrome OS

Google today said it had paid a researcher $40,000 for a partial exploit of Chrome OS at its Pwnium 3 hacking contest two weeks ago.

The researcher, known as “Pinkie Pie,” was the only participant who submitted an exploit during the challenge Google ran March 7 at CanSecWest, the Canadian security conference which also hosted the eighth-annual Pwn2Own contest.

Two others had been working on Chrome OS exploits for Pwnium, said Google, but neither wrapped up in time, even after the contest deadline was extended.

FBI Offering $ 1,00,000 for Most wanted Hackers

FBI offering 100000 reward for information on Most Wanted Hackers

The US Federal Bureau has added 5  hackers to it’s most wanted list and seeking it’s information from the public regarding there whereabouts.

The hackers are  wanted in connection with hacking and fraud crimes in US as well as internationally. Rewards ranging from $ 50,000 and $ 1,00,000 are being offered for information that leads to there arrest.