The Ur-Quan Masters Home Page Welcome, Guest. Please login or register.
Did you miss your activation email?
August 18, 2022, 04:01:34 am
Home Help Search Login Register
News: Paul & Fred have reached a settlement with Stardock!

+  The Ur-Quan Masters Discussion Forum
|-+  The Ur-Quan Masters Re-Release
| |-+  Starbase Café (Moderator: Death 999)
| | |-+  Google being dipshits
« previous next »
Pages: [1] 2 Print
Author Topic: Google being dipshits  (Read 8783 times)
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Google being dipshits
« on: October 04, 2010, 09:54:49 pm »

I am right now in the process of editing all my profiles to point to my Yahoo mail account instead of my Gmail account. Why? Because Google just made the worst response to a situation I can think of.

Apparently, this morning, some guy from Thailand hacked my Gmail account and sent a spam message to some people in my contacts. Google immediately took action, probably because the Email was sent to multiple addresses and contained only a URL, by supposedly preventing the message from being sent and locking my account.

Here's what they did, to be more specific: They required me to re-enter my password the next time I wanted to come back on (I was already logged in). Then, they told me to enter a phone number so they could send a verification code. This might seem just fine, until you realize that Google doesn't have my cell phone or home phone number in my account information. So essentially, as far as I can tell, this does nothing but prevent robots from re-gaining access to your account. COMPLETELY USELESS on humans, which can just send the verification code to their phones, change my password, and cause me to forever lose my Gmail account.

And the thing is, it would have been VERY SIMPLE to just change my password immediately to something random and send the new password to the alternative Email listed for that particular Email address.

To add on to the stupidity, it seems that Google in fact DIDN'T block the spam Email messages sent from my account, since one was sent to my Email address and I received the Email. Not to mention, GOOGLE ACTUALLY FILTERED THEIR OWN NOTIFICATION MESSAGES AS SPAM!!!

I was already annoyed with Gmail, because it filters Weebly contact form notifications as spam, but at this point, I don't even want to use Gmail anymore. The problem is, my YouTube channel is locked with my Gmail, since I sign into YT via Google Accounts.

Nnnnnnnnngah! The Google *silly cows* are making me *frumple*! *Silly cows* are not fun to *play*! It is *dancing* on the *sick* Google!!!!

At least Google hasn't secured a monopoly on Email.
Logged

Valos Cor
*Many bubbles*
***
Offline Offline

Gender: Male
Posts: 154



View Profile
Re: Google being dipshits
« Reply #1 on: October 04, 2010, 11:09:34 pm »

Okay...that's just creepy.  I don't get this part, though:
Apparently, this morning, some guy from Thailand hacked my Gmail account and sent a spam message to some people in my contacts. Google immediately took action, probably because the Email was sent to multiple addresses and contained only a URL, by supposedly preventing the message from being sent and locking my account.
What do you mean?  It sounds like the message was sent to several addresses containing a URL the prevents the message from being sent  Huh.

I really like gmail, though.
Logged

I'm the kind of person that uses Linux and seems to be a very literate adult but has no idea how to do anything code-wise beyond basic stuff.(such as su -<password> yum install uqm) Except I didn't install UQM that way...I used Add/Remove Software...
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #2 on: October 05, 2010, 12:25:48 am »

Okay...that's just creepy.  I don't get this part, though:
Apparently, this morning, some guy from Thailand hacked my Gmail account and sent a spam message to some people in my contacts. Google immediately took action, probably because the Email was sent to multiple addresses and contained only a URL, by supposedly preventing the message from being sent and locking my account.
What do you mean?  It sounds like the message was sent to several addresses containing a URL the prevents the message from being sent  Huh.

I really like gmail, though.

He sent an Email to a bunch of my contacts containing only a URL (with a link) in the message body. I received a message from Google (in my Spam folder, strangely) stating that the message I sent had been blocked, and linking me to a Google help page explaining further. I'm guessing that Google deduced it to be spam due to the large number of users it was sent to as well as the fact that it had only a link in it.

Yes, it is creepy. Actually, I originally thought someone must have hacked Google and was trying to trick me into giving my cell phone number, until I discovered that my older account worked just fine.
« Last Edit: October 05, 2010, 10:05:31 pm by onpon4 » Logged

Megagun
Enlightened
*****
Offline Offline

Gender: Male
Posts: 580


Moo


View Profile
Re: Google being dipshits
« Reply #3 on: October 05, 2010, 12:55:56 pm »

You blame Google for making a series of stupid mistakes and not taking proper security measures?

You blame Google for not setting up a filter so that the Weebly messages it marks as spam, instead, do not get marked as spam?

Hah. Smiley
Logged
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #4 on: October 05, 2010, 08:53:49 pm »

You blame Google for making a series of stupid mistakes and not taking proper security measures?

Um, yeah. I do.

You blame Google for not setting up a filter so that the Weebly messages it marks as spam, instead, do not get marked as spam?

Um, no, I don't.

My entire frustration was really the flawed design of the entire system that I'm noticing, and more importantly, that I couldn't contact Google about it. Couple that with Google being a monster corporation (practically owning advertising, searching, and video sharing on the internet), and I have some serious issues with Google.
Logged

meep-eep
Forum Admin
Enlightened
*****
Offline Offline

Posts: 2847



View Profile
Re: Google being dipshits
« Reply #5 on: October 05, 2010, 09:37:49 pm »

Or... the "Google message" you received was actually a fake, and you've actually been sending your Google password to the fisher ("relogging in into Google"), as well as your cell phone number, and whatever other information you entered.
So Google rightly marked "their own notification message" as spam, you didn't actually have to relogin, Google never asked you for your cell phone number, your account was never hacked into (until now...), there never was any spam sent from your account (until now...), and there wasn't any reason to change your password (until now...).
Logged

“When Juffo-Wup is complete
when at last there is no Void, no Non
when the Creators return
then we can finally rest.”
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #6 on: October 05, 2010, 09:56:42 pm »

Or... the "Google message" you received was actually a fake, and you've actually been sending your Google password to the fisher ("relogging in into Google"), as well as your cell phone number, and whatever other information you entered.
So Google rightly marked "their own notification message" as spam, you didn't actually have to relogin, Google never asked you for your cell phone number, your account was never hacked into (until now...), there never was any spam sent from your account (until now...), and there wasn't any reason to change your password (until now...).


No... you seem to not understand.

- The only place I entered a password into was the normal login screen (a normal procedure). The only way this could've been someone else is if the entirety of Gmail was hacked, in which case, more people than me would have noticed.

- My old account, jaychant, worked just fine. This only happened with my current account, onpon4.

- Gmail's activity log shows someone from Thailand accessing my account at about 6:00 yesterday, just before access was blocked.

- The interface asking me for a phone number did what it said it would do. I entered my (home) phone number, they called and spoke a verification code, I entered it in, and it gave me an interface requiring me to change my password, after which I was able to access my account.

- The Emails I talk about were all from mailer-daemon@googlemail.com. The messages all look like this:
Quote
Delivery to the following recipient failed permanently:

    pygame-users@seul.org

Technical details of permanent failure:
Message rejected.  See http://mail.google.com/support/bin/answer.py?answer=69585 for more information.

----- Original message -----

MIME-Version: 1.0
Received: by 10.227.69.202 with SMTP id a10mr7919622wbj.81.1286187250337; Mon,
 04 Oct 2010 03:14:10 -0700 (PDT)
Received: by 10.227.128.3 with HTTP; Mon, 4 Oct 2010 03:14:10 -0700 (PDT)
Date: Mon, 4 Oct 2010 06:14:10 -0400
Message-ID: <AANLkTi=S2-0MTak2cxmcY=4PDEyjYJOcLKw0s4uWiJHO@mail.gmail.com>
Subject:
From: onpon4 <onpon4@gmail.com>
To: onpon4@gmail.com, JoshV@zoominternet.net, pygame-users@seul.org,
       wxpython-users@googlegroups.com, gdreamer2008@gmail.com,
       damianworld61094@yahoo.com, feedback@dailymotion.com, wonseven@hotmail.com,
       tim2013@gmail.com
Content-Type: text/plain; charset=ISO-8859-1

http://solekrams.com/mas5.html

One of the sent messages did show up in my sent box and inbox (since one was sent to myself), and also apparently it made it to a member of the Pygame forums who I don't know.

You seem to be on the flawed assumption that I was merely told by a pop-up or something that I needed to change my password and supply a phone number. No, this was Gmail's interface preventing me from accessing my account, requiring me to supply a phone number to send a code to use to change my password.

The fact is, my account and phone number are not very valuable, and so no one in their right mind would go into all that trouble just to get access to my account.
« Last Edit: October 05, 2010, 10:09:52 pm by onpon4 » Logged

Megagun
Enlightened
*****
Offline Offline

Gender: Male
Posts: 580


Moo


View Profile
Re: Google being dipshits
« Reply #7 on: October 05, 2010, 10:35:57 pm »

So what is the problem?

GMail noticed something was off, made you change your password and made a proper password reset thingy mandatory for you, which actually allows them (and you) to trace the dude that accessed your account better should things go really bad.

(The problem with a "password reset" attached to another e-mail adress is that 99% of the time the password of that e-mail adress can be easily retrieved by searching through the user's mail for passwords used on other sites.)

Also, the most valuable thing you currently posess on the internet probably *is* your identity (e-mail adress)!
Logged
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #8 on: October 05, 2010, 10:49:14 pm »

So what is the problem?

GMail noticed something was off, made you change your password and made a proper password reset thingy mandatory for you, which actually allows them (and you) to trace the dude that accessed your account better should things go really bad.

(The problem with a "password reset" attached to another e-mail adress is that 99% of the time the password of that e-mail adress can be easily retrieved by searching through the user's mail for passwords used on other sites.)

Also, the most valuable thing you currently posess on the internet probably *is* your identity (e-mail adress)!

First: "address" has two D's, not just one, and "possess" has two S's I only mention this because you made the mistake more than once. Wink

The problem is that anyone with access to a phone could have changed my password. There was no attempt at all by Google to make sure it was me. Anyone who already knew my password could have had the code sent to their phone and verified that they were me and changed my password. All this protects against is robots, making it no more protective than an image code verification.

Perhaps my Email account is valuable to me, but it isn't particularly valuable to anyone else, hence why I don't think someone would go into a large amount of trouble (i.e. faking Google pages perfectly) just to hack my account. It would be the equivalent of covertly posing as an employee of a store just to steal one random guy's cell phone, except for the fact that a cell phone actually costs money.
Logged

ziper1221
*Many bubbles*
***
Offline Offline

Posts: 124



View Profile
Re: Google being dipshits
« Reply #9 on: October 06, 2010, 03:53:36 am »

AAhh it IS jaychant! I was suspecting it the whole time.

The gmail filter is so good that I almost gave a phisher my password the one time a spam got through.
Logged

onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #10 on: October 06, 2010, 12:14:24 pm »

AAhh it IS jaychant! I was suspecting it the whole time.

Yeah... "it" (I) "is" (am). I thought everybody knew by now.
Logged

Megagun
Enlightened
*****
Offline Offline

Gender: Male
Posts: 580


Moo


View Profile
Re: Google being dipshits
« Reply #11 on: October 06, 2010, 07:37:48 pm »

First: "address" has two D's, not just one, and "possess" has two S's I only mention this because you made the mistake more than once. Wink
Ack. And I even 'fixed' my spelling of "address" from "address" to "adress"! Tongue

The problem is that anyone with access to a phone could have changed my password. There was no attempt at all by Google to make sure it was me. Anyone who already knew my password could have had the code sent to their phone and verified that they were me and changed my password. All this protects against is robots, making it no more protective than an image code verification.
The problem is that there isn't a reliable way of them identifying you, short of you having to go to some Google office and showing your ID (passport, etc) on both registering an account and attempting to reset its password. PGP might come a pretty long way, but if someone steals your private key and uses a keylogger to grab your passphrase, you're still pretty royally fucked.

Perhaps my Email account is valuable to me, but it isn't particularly valuable to anyone else, hence why I don't think someone would go into a large amount of trouble (i.e. faking Google pages perfectly) just to hack my account. It would be the equivalent of covertly posing as an employee of a store just to steal one random guy's cell phone, except for the fact that a cell phone actually costs money.
Actually, consider this:
-Someone has their PayPal (or similar service) account attached to their e-mail address and it uses a password that can be retrieved either by reading e-mails or by resetting a password.
-Someone is a high-profile member of some random internet forum. This identity can be used to sell stuff to other forumgoers. Many forum moderators read posts by new members carefully and are suspicious if they seem to advertise products. However, think about what would happen if someone like Lukipela suddenly started posting about his new iPhone that he totally loves and everyone should buy one too, guys!!!
-Social network ad-injection: recommend some product to all of your friends!
-Someone has a website hosted by some external company. Woo-hoo, yet another place to post ads for medical supplies on (and use a simple PHP mail script on)
-Stealing a software developer's identity and using them to inject malicious code in the appliciation he publishes on the Internet, which can then be used to get EVEN MORE identities. (What would happen if someone stole Meep-eep's credentials and used those to publish a version of UQM that was a keylogger? Obviously since it's Meep-eep you'd trust him on not publishing any malicious code, right?)
-....

Basically, the problem is that every random service online uses your e-mail address as the key to their services. You lose your password? No problem; use your e-mail address to reset it! In other words, your analogy would be more like "Covertly posing as an employee of a store just to steal someone's key, which can be used to steal money, steal phones, steal company-sensitive data (if they have any), steal cars, steal kittens, steal double rainbows, ..."

Also, faking a google login page is laughably easy. The hardest part is actually masking your tracks so that you don't get caught once people complain. If the perps have to give Google their phone numbers to even get anywhere, well, they won't like that. Perhaps they can buy a cheap pre-paid phone number somewhere, but I doubt that can be done completely untraceable (in fact, I would bet that stealing someone's phone (/number) is the safest way to stay completely anonymous here)..
« Last Edit: October 06, 2010, 07:43:20 pm by Megagun » Logged
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #12 on: October 06, 2010, 09:18:03 pm »

Also, faking a google login page is laughably easy. The hardest part is actually masking your tracks so that you don't get caught once people complain. If the perps have to give Google their phone numbers to even get anywhere, well, they won't like that. Perhaps they can buy a cheap pre-paid phone number somewhere, but I doubt that can be done completely untraceable (in fact, I would bet that stealing someone's phone (/number) is the safest way to stay completely anonymous here)..

But, only I experienced it. I'm the admin of a random forum called Mustard Stories FTW, which has only one active user besides me, and I'm an extremely small-scale game developer. While it's technically possible that someone did hack the Google login page specifically for me, I highly doubt it, because they would have been stupid to just go after my account. Using your improved analogy, why only steal one random guy's key, when you can steal many people's keys?

But that's one of the biggest problems with Google: You can never contact them, so if someone decides to do something like that, it doesn't matter if it happens to multiple people, because nobody can complain, so by the time Google finds out by themselves, the perpetrator(s) could already have accessed thousands of users' Google accounts, which includes Gmail, YouTube, Advertising programs, and whatever else Google accounts are used for. This doesn't work in defense of Google at all and is even more of a reason to stop using Google services.
« Last Edit: October 06, 2010, 11:35:35 pm by onpon4 » Logged

Valos Cor
*Many bubbles*
***
Offline Offline

Gender: Male
Posts: 154



View Profile
Re: Google being dipshits
« Reply #13 on: October 06, 2010, 09:44:59 pm »

 I just found the website and found the Chinese section, but no Traditional Sad  I know, I know.  Off topic Smiley
Logged

I'm the kind of person that uses Linux and seems to be a very literate adult but has no idea how to do anything code-wise beyond basic stuff.(such as su -<password> yum install uqm) Except I didn't install UQM that way...I used Add/Remove Software...
onpon4
Enlightened
*****
Offline Offline

Gender: Male
Posts: 709


Sharing is good.


View Profile WWW
Re: Google being dipshits
« Reply #14 on: October 06, 2010, 09:52:34 pm »

I just found the website and found the Chinese section, but no Traditional Sad  I know, I know.  Off topic Smiley

You mean Google Translate? It doesn't even work anyway.
Logged

Pages: [1] 2 Print 
« previous next »
Jump to:  


Login with username, password and session length

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!