Welcome Guest.   Make a donation to an author on the site November 24, 2014, 06:20:57 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Chrome permits bad websites to send spam from one's email account???  (Read 2462 times)
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« on: June 18, 2012, 08:07:44 AM »

Hi, all.  I'm trying to get more information about something I've just been told about Google Chrome.  Yesterday, I received a spam message from someone I know.  I assumed that her email account had been hacked, and I wrote to her to let her know.  Today, I received a reply from her, saying that "Actually, there is some kind of security gap in Google Chrome that allows a bad website to send out spam from my account."  I'm highly skeptical of this explanation.  I'd imagine that 1) if there were so serious a flaw in Chrome, there would have been mention of it in lots of places that I read, and 2) Google would have quickly found a way to fix it.  I don't use Chrome, but if I did, I'd drop it like a hot potato if it had such a flaw.   Has anyone here heard of or experienced this flaw?
Logged
Jibz
Developer
***
Posts: 946



Cold Warrior

View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: June 18, 2012, 08:35:43 AM »

Yesterday, I received a spam message from someone I know.

Just for the record, when you say "from", do you mean you checked the headers and it looked like it was a message genuinely sent from her account, or just that the "From:" field in the e-mail contained her e-mail address?
Logged

"A problem, properly stated, is a problem on it's way to being solved" -Buckminster Fuller
"Multithreading is just one damn thing after, before, or simultaneous with another" -Andrei Alexandrescu
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: June 18, 2012, 10:59:59 AM »

Just for the record, when you say "from", do you mean you checked the headers and it looked like it was a message genuinely sent from her account, or just that the "From:" field in the e-mail contained her e-mail address?
Good question, Jibz.  The message was such obvious spam that I didn't bother to check the headers.  I simply assumed that someone had hacked her MSN email account and was now sending spam to everyone in her addressbook.  I wrote to let her know, and in response I got the explanation I quoted in my original message here.  It didn't seem like a likely explanation, so I thought I'd post a message here and see whether anyone has heard of a similar "problem" with Chrome.  But now that you've asked, I looked at the headers.  There weren't a lot, especially before the message was received at my university (where I have the email account to which the message was sent).  Here are some key pieces of info from the headers (I've changed the name of the person I know to janedoe and my university's address to ********.edu):

The return path header was Return-Path: <janedoe@msn.com>

The headers from the start to when it got to my university were as follows:
Received: from snt0-omc4-s11.snt0.hotmail.com (snt0-omc4-s11.snt0.hotmail.com [65.55.90.214])
   by ********.edu (mx3.********.edu) with ESMTP id q5I2vdq7025380
   for <cyberdiva@********.edu>; Sun, 17 Jun 2012 22:57:41 -0400 (EDT)
Received: from SNT102-W47 ([65.55.90.201]) by snt0-omc4-s11.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Sun, 17 Jun 2012 19:57:38 -0700
Message-ID: <SNT102-W471F1070E3DCE6C42BDA10DBF80@phx.gbl>
Content-Type: multipart/alternative;
   boundary="_cea715e6-4a2e-4c6d-9814-454a114fd041_"
X-Originating-IP: [189.224.78.19]
From: Jane Doe <janedoe@msn.com>

If the Originating IP # is not forged, it's in Mexico.  I don't know where this person lives (I "know" her only via listservs we're both on); I kinda doubt she's in Mexico, though it's not impossible.  The message-ID ends in @phx.gbl, which is apparently something that appears in many messages from Microsoft-related mail.  Since she's got an account at msn.com, I guess that makes sense.  Perhaps so too does the appearance of hotmail.com in one of the headers, I don't know.  All the unshown headers after these (leading up to the Return-Path header) look normal.  They're all internal to my university.

So no, it's not just the "From" field that makes me think it came from her account, but the Originating-IP in Mexico does give me pause.  I'm not sure, however, whether the headers indicate clearly whether her email account was simply hacked or whether somehow a "bad website" was able to send spam from her account (her explanation).  Any thoughts?

Thanks in advance.
Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: June 18, 2012, 11:15:18 AM »

I'd go with Hotmail hacked. It's happened to me, same kind of thing, everyone in my Hotmail contacts started receiving spam saying it was from me.
Logged
Jibz
Developer
***
Posts: 946



Cold Warrior

View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: June 18, 2012, 11:27:27 AM »

I'd go with Hotmail hacked. It's happened to me, same kind of thing, everyone in my Hotmail contacts started receiving spam saying it was from me.

Yeah, the headers look fairly believable, and if there was some security hole that would allow this in any browser, I am sure it would be widely publicized.
Logged

"A problem, properly stated, is a problem on it's way to being solved" -Buckminster Fuller
"Multithreading is just one damn thing after, before, or simultaneous with another" -Andrei Alexandrescu
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: June 18, 2012, 12:19:15 PM »

Thanks, nudone and Jibz.  I tend to agree with you.  I can't imagine why she thinks it's a security hole in Chrome that is causing this, especially since there doesn't seem to have been any publicity about this rather serious problem.  And yes, I know several people who have had their hotmail accounts hacked.  But is hotmail the same as msn?  I hadn't thought so, though they're both Microsoft.  She's got an msn.com address.  Oh well, no reason that msn is any safer than hotmail.

Again, many thanks.  I figure if the folks at DonationCoder haven't heard about this supposed security hole, it probably doesn't exist.
Logged
NigelH
Charter Member
***
Posts: 202

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #6 on: June 18, 2012, 07:42:51 PM »

Actually, I was hit by something similar via my Yahoo email account just a few weeks ago
I clicked on a link (in an email that I thought was valid) but did not verify the link first. Yeah , stupid I know.
It was an email from a friend and the subject matter appeared similar to what we'd been discussing recently.
I was signed into my email a/c at the time and the Javascript code on the site managed to access my Yahoo contacts and broadcast the same spam link to many of my contacts - including subscription list email addresses. Ticked me off no end.
I was using Opera 11.64 at the time and thought my Yahoo a/c had been hacked.
The IP sign-in logs in the Yahoo account had only my IP address - the last sign-in was the day before.

If anyone would like see the specific links, PM me.

Phishing target site at WOT:  http://www.mywot.com/en/scorecard/wa15news.net
Whois info : http://whois.domaintools.com/wa15news.net
This was one target site as well:  http://whois.domaintools.com/ca15news.net

Pity it was not caught by OpenDNS phishing checks.
Unfortunately, I also had Opera's Fraud and Malware Protection turned off (not any more though).



Logged
Jibz
Developer
***
Posts: 946



Cold Warrior

View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: June 19, 2012, 01:27:44 AM »

That is interesting .. just for clarity, were you looking at the e-mail where you clicked a link from within your yahoo account, or was it somewhere else? I hope it is not possible to access stuff like your address book from remote sites.
Logged

"A problem, properly stated, is a problem on it's way to being solved" -Buckminster Fuller
"Multithreading is just one damn thing after, before, or simultaneous with another" -Andrei Alexandrescu
Deozaan
Charter Member
***
Posts: 6,495



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: June 19, 2012, 02:15:49 AM »

Yeah I've heard of this security problem before. It's called PEBKAC. Unfortunately it is a vulnerability that exists with all browsers. Sad
Logged

NigelH
Charter Member
***
Posts: 202

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: June 19, 2012, 05:45:15 AM »

Quote from: Jibz
...were you looking at the e-mail where you clicked a link from within your yahoo account ...
Yes - did a right-click then open in background tab.

Quote from: Deozaan
.. It's called PEBKAC ..
I trust you enjoyed that.



Logged
Jibz
Developer
***
Posts: 946



Cold Warrior

View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: June 19, 2012, 07:49:31 AM »

Quote from: Jibz
...were you looking at the e-mail where you clicked a link from within your yahoo account ...
Yes - did a right-click then open in background tab.

Quote from: Deozaan
.. It's called PEBKAC ..
I trust you enjoyed that.

Well, if the browser allows arbitrary javascript in one tab to do stuff on another tab, I would call that more of a browser problem than an "Error 40". Or perhaps a web e-mail API problem?
Logged

"A problem, properly stated, is a problem on it's way to being solved" -Buckminster Fuller
"Multithreading is just one damn thing after, before, or simultaneous with another" -Andrei Alexandrescu
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.051s | Server load: 0.01 ]