Number: IRCNE2015032444
Date: 2015/03/14
According to “zdnet”, security researchers have exposed a vulnerability within the Google Admin console which allows cyberattackers to send spoof emails which appear legitimate from unclaimed domains.
Last month, as reported by Security Week, Patrik Fehrenbach and Behrouz Sadeghipour discovered across a security flaw in the Google Admin console -- used to control a company's Google Apps suite -- which allowed users to temporarily claim domains and send spoof emails.
In order to test the vulnerability, Fehrenbach and Sadeghipour used the tech giant itself as a victim -- claiming domains including ytimg.com and gstatic.com to send spoofed emails. The domains are used by Google in relation to YouTube and both hosting files and offloading static content in order to reduce bandwidth requirements in web browsing.
Throughout testing, as explained in a blog post and accompanying video, emails were sent appearing to send from these domains -- including "admin@ytimg.com" and "admin@gstatic.com."
As a result, cyberattackers could use this vulnerability to send out spoof emails which appear legitimate and sourced from a trusted server -- and contain no flags identifying emails as suspicious.
The researchers reported the security flaw to Google, which was patched by simply applying a FROM no-reply@google.com.
- 3