Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
GMail warning about concurrent sessions...
Posted by: istari
Date: August 24, 2008 02:43PM

I don't know how long this has been around, but I recently noticed GMail warns users whenever there's two sessions of the same account running simultaneously, as you can see in the image below:



The detection system is pretty accurate, as I tested this opening my GMail account with two different IP addresses, but also opening it both in Firefox and IE on the same computer and on another computer behind the same router... and it always detects something fishy is going on (who would be crazy enough to have Firefox and still use IE?!?!?!)

Personally, I think this is a big step against account hijacking, because if you manage to steal someone's credentials that person may be able to know about it and act quickly (i.e. delete everything in the account ;-D ). However, it may also be a privacy issue, because the attacker can use a proxy to hide his real IP address, and if he manages to access the account he can then monitor his victim's IP address in real time, provided he/she doesn't notice the rather small warning...

Options: ReplyQuote
Re: GMail warning about concurrent sessions...
Posted by: id
Date: August 28, 2008 02:50AM

I don't think it was there before, funny how it came out right after RSnake's blackhat demo of exactly this...

Way to sidestep the problem google!

-id

Options: ReplyQuote
Re: GMail warning about concurrent sessions...
Posted by: istari
Date: August 28, 2008 05:59AM

RSnake gave a demo about this? Are there any videos / writeups?

Options: ReplyQuote
Re: GMail warning about concurrent sessions...
Posted by: thrill
Date: August 28, 2008 11:32AM

The part I like the best is that it's not like it's readily visible to everyone. If you have a crapload of mails in your inbox, you'd have to scroll way down in order to even view this.

I guess this is more of a "CYA" fix.. put the blame on the user.. "Hey, we told you there were multiple sessions logged on to your account!"..

I sure am glad they have such an arduous hiring process for their security personnel, it's apparent these guys are geniuses who are just too busy thinking of the next big thing to bother with little crap like this..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote


Sorry, only registered users may post in this forum.