Pages: [1] 2
|
|
|
Author
|
Topic: Google being dipshits (Read 9484 times)
|
onpon4
Enlightened
Offline
Gender:
Posts: 709
Sharing is good.
|
I am right now in the process of editing all my profiles to point to my Yahoo mail account instead of my Gmail account. Why? Because Google just made the worst response to a situation I can think of.
Apparently, this morning, some guy from Thailand hacked my Gmail account and sent a spam message to some people in my contacts. Google immediately took action, probably because the Email was sent to multiple addresses and contained only a URL, by supposedly preventing the message from being sent and locking my account.
Here's what they did, to be more specific: They required me to re-enter my password the next time I wanted to come back on (I was already logged in). Then, they told me to enter a phone number so they could send a verification code. This might seem just fine, until you realize that Google doesn't have my cell phone or home phone number in my account information. So essentially, as far as I can tell, this does nothing but prevent robots from re-gaining access to your account. COMPLETELY USELESS on humans, which can just send the verification code to their phones, change my password, and cause me to forever lose my Gmail account.
And the thing is, it would have been VERY SIMPLE to just change my password immediately to something random and send the new password to the alternative Email listed for that particular Email address.
To add on to the stupidity, it seems that Google in fact DIDN'T block the spam Email messages sent from my account, since one was sent to my Email address and I received the Email. Not to mention, GOOGLE ACTUALLY FILTERED THEIR OWN NOTIFICATION MESSAGES AS SPAM!!!
I was already annoyed with Gmail, because it filters Weebly contact form notifications as spam, but at this point, I don't even want to use Gmail anymore. The problem is, my YouTube channel is locked with my Gmail, since I sign into YT via Google Accounts.
Nnnnnnnnngah! The Google *silly cows* are making me *frumple*! *Silly cows* are not fun to *play*! It is *dancing* on the *sick* Google!!!!
At least Google hasn't secured a monopoly on Email.
|
|
|
Logged
|
|
|
|
|
onpon4
Enlightened
Offline
Gender:
Posts: 709
Sharing is good.
|
Okay...that's just creepy. I don't get this part, though: Apparently, this morning, some guy from Thailand hacked my Gmail account and sent a spam message to some people in my contacts. Google immediately took action, probably because the Email was sent to multiple addresses and contained only a URL, by supposedly preventing the message from being sent and locking my account.
What do you mean? It sounds like the message was sent to several addresses containing a URL the prevents the message from being sent . I really like gmail, though. He sent an Email to a bunch of my contacts containing only a URL (with a link) in the message body. I received a message from Google (in my Spam folder, strangely) stating that the message I sent had been blocked, and linking me to a Google help page explaining further. I'm guessing that Google deduced it to be spam due to the large number of users it was sent to as well as the fact that it had only a link in it.
Yes, it is creepy. Actually, I originally thought someone must have hacked Google and was trying to trick me into giving my cell phone number, until I discovered that my older account worked just fine.
|
|
« Last Edit: October 05, 2010, 10:05:31 pm by onpon4 »
|
Logged
|
|
|
|
Megagun
Enlightened
Offline
Gender:
Posts: 580
Moo
|
You blame Google for making a series of stupid mistakes and not taking proper security measures?
You blame Google for not setting up a filter so that the Weebly messages it marks as spam, instead, do not get marked as spam?
Hah.
|
|
|
Logged
|
|
|
|
onpon4
Enlightened
Offline
Gender:
Posts: 709
Sharing is good.
|
You blame Google for making a series of stupid mistakes and not taking proper security measures?
Um, yeah. I do.
You blame Google for not setting up a filter so that the Weebly messages it marks as spam, instead, do not get marked as spam?
Um, no, I don't.
My entire frustration was really the flawed design of the entire system that I'm noticing, and more importantly, that I couldn't contact Google about it. Couple that with Google being a monster corporation (practically owning advertising, searching, and video sharing on the internet), and I have some serious issues with Google.
|
|
|
Logged
|
|
|
|
|
onpon4
Enlightened
Offline
Gender:
Posts: 709
Sharing is good.
|
Or... the "Google message" you received was actually a fake, and you've actually been sending your Google password to the fisher ("relogging in into Google"), as well as your cell phone number, and whatever other information you entered. So Google rightly marked "their own notification message" as spam, you didn't actually have to relogin, Google never asked you for your cell phone number, your account was never hacked into (until now...), there never was any spam sent from your account (until now...), and there wasn't any reason to change your password (until now...).
No... you seem to not understand.
- The only place I entered a password into was the normal login screen (a normal procedure). The only way this could've been someone else is if the entirety of Gmail was hacked, in which case, more people than me would have noticed.
- My old account, jaychant, worked just fine. This only happened with my current account, onpon4.
- Gmail's activity log shows someone from Thailand accessing my account at about 6:00 yesterday, just before access was blocked.
- The interface asking me for a phone number did what it said it would do. I entered my (home) phone number, they called and spoke a verification code, I entered it in, and it gave me an interface requiring me to change my password, after which I was able to access my account.
- The Emails I talk about were all from mailer-daemon@googlemail.com. The messages all look like this:
Delivery to the following recipient failed permanently: pygame-users@seul.orgTechnical details of permanent failure: Message rejected. See http://mail.google.com/support/bin/answer.py?answer=69585 for more information. ----- Original message ----- MIME-Version: 1.0 Received: by 10.227.69.202 with SMTP id a10mr7919622wbj.81.1286187250337; Mon, 04 Oct 2010 03:14:10 -0700 (PDT) Received: by 10.227.128.3 with HTTP; Mon, 4 Oct 2010 03:14:10 -0700 (PDT) Date: Mon, 4 Oct 2010 06:14:10 -0400 Message-ID: <AANLkTi=S2-0MTak2cxmcY=4PDEyjYJOcLKw0s4uWiJHO@mail.gmail.com> Subject: From: onpon4 < onpon4@gmail.com> To: onpon4@gmail.com, JoshV@zoominternet.net, pygame-users@seul.org, wxpython-users@googlegroups.com, gdreamer2008@gmail.com, damianworld61094@yahoo.com, feedback@dailymotion.com, wonseven@hotmail.com, tim2013@gmail.comContent-Type: text/plain; charset=ISO-8859-1 http://solekrams.com/mas5.html One of the sent messages did show up in my sent box and inbox (since one was sent to myself), and also apparently it made it to a member of the Pygame forums who I don't know.
You seem to be on the flawed assumption that I was merely told by a pop-up or something that I needed to change my password and supply a phone number. No, this was Gmail's interface preventing me from accessing my account, requiring me to supply a phone number to send a code to use to change my password.
The fact is, my account and phone number are not very valuable, and so no one in their right mind would go into all that trouble just to get access to my account.
|
|
« Last Edit: October 05, 2010, 10:09:52 pm by onpon4 »
|
Logged
|
|
|
|
Megagun
Enlightened
Offline
Gender:
Posts: 580
Moo
|
So what is the problem?
GMail noticed something was off, made you change your password and made a proper password reset thingy mandatory for you, which actually allows them (and you) to trace the dude that accessed your account better should things go really bad.
(The problem with a "password reset" attached to another e-mail adress is that 99% of the time the password of that e-mail adress can be easily retrieved by searching through the user's mail for passwords used on other sites.)
Also, the most valuable thing you currently posess on the internet probably *is* your identity (e-mail adress)!
|
|
|
Logged
|
|
|
|
|
ziper1221
*Many bubbles*
Offline
Posts: 124
|
AAhh it IS jaychant! I was suspecting it the whole time.
The gmail filter is so good that I almost gave a phisher my password the one time a spam got through.
|
|
|
Logged
|
|
|
|
|
Megagun
Enlightened
Offline
Gender:
Posts: 580
Moo
|
First: "address" has two D's, not just one, and "possess" has two S's I only mention this because you made the mistake more than once. Ack. And I even 'fixed' my spelling of "address" from "address" to "adress"!
The problem is that anyone with access to a phone could have changed my password. There was no attempt at all by Google to make sure it was me. Anyone who already knew my password could have had the code sent to their phone and verified that they were me and changed my password. All this protects against is robots, making it no more protective than an image code verification. The problem is that there isn't a reliable way of them identifying you, short of you having to go to some Google office and showing your ID (passport, etc) on both registering an account and attempting to reset its password. PGP might come a pretty long way, but if someone steals your private key and uses a keylogger to grab your passphrase, you're still pretty royally fucked.
Perhaps my Email account is valuable to me, but it isn't particularly valuable to anyone else, hence why I don't think someone would go into a large amount of trouble (i.e. faking Google pages perfectly) just to hack my account. It would be the equivalent of covertly posing as an employee of a store just to steal one random guy's cell phone, except for the fact that a cell phone actually costs money.
Actually, consider this: -Someone has their PayPal (or similar service) account attached to their e-mail address and it uses a password that can be retrieved either by reading e-mails or by resetting a password. -Someone is a high-profile member of some random internet forum. This identity can be used to sell stuff to other forumgoers. Many forum moderators read posts by new members carefully and are suspicious if they seem to advertise products. However, think about what would happen if someone like Lukipela suddenly started posting about his new iPhone that he totally loves and everyone should buy one too, guys!!! -Social network ad-injection: recommend some product to all of your friends! -Someone has a website hosted by some external company. Woo-hoo, yet another place to post ads for medical supplies on (and use a simple PHP mail script on) -Stealing a software developer's identity and using them to inject malicious code in the appliciation he publishes on the Internet, which can then be used to get EVEN MORE identities. (What would happen if someone stole Meep-eep's credentials and used those to publish a version of UQM that was a keylogger? Obviously since it's Meep-eep you'd trust him on not publishing any malicious code, right?) -....
Basically, the problem is that every random service online uses your e-mail address as the key to their services. You lose your password? No problem; use your e-mail address to reset it! In other words, your analogy would be more like "Covertly posing as an employee of a store just to steal someone's key, which can be used to steal money, steal phones, steal company-sensitive data (if they have any), steal cars, steal kittens, steal double rainbows, ..."
Also, faking a google login page is laughably easy. The hardest part is actually masking your tracks so that you don't get caught once people complain. If the perps have to give Google their phone numbers to even get anywhere, well, they won't like that. Perhaps they can buy a cheap pre-paid phone number somewhere, but I doubt that can be done completely untraceable (in fact, I would bet that stealing someone's phone (/number) is the safest way to stay completely anonymous here)..
|
|
« Last Edit: October 06, 2010, 07:43:20 pm by Megagun »
|
Logged
|
|
|
|
onpon4
Enlightened
Offline
Gender:
Posts: 709
Sharing is good.
|
Also, faking a google login page is laughably easy. The hardest part is actually masking your tracks so that you don't get caught once people complain. If the perps have to give Google their phone numbers to even get anywhere, well, they won't like that. Perhaps they can buy a cheap pre-paid phone number somewhere, but I doubt that can be done completely untraceable (in fact, I would bet that stealing someone's phone (/number) is the safest way to stay completely anonymous here)..
But, only I experienced it. I'm the admin of a random forum called Mustard Stories FTW, which has only one active user besides me, and I'm an extremely small-scale game developer. While it's technically possible that someone did hack the Google login page specifically for me, I highly doubt it, because they would have been stupid to just go after my account. Using your improved analogy, why only steal one random guy's key, when you can steal many people's keys?
But that's one of the biggest problems with Google: You can never contact them, so if someone decides to do something like that, it doesn't matter if it happens to multiple people, because nobody can complain, so by the time Google finds out by themselves, the perpetrator(s) could already have accessed thousands of users' Google accounts, which includes Gmail, YouTube, Advertising programs, and whatever else Google accounts are used for. This doesn't work in defense of Google at all and is even more of a reason to stop using Google services.
|
|
« Last Edit: October 06, 2010, 11:35:35 pm by onpon4 »
|
Logged
|
|
|
|
|
|
Pages: [1] 2
|
|
|
|
|