GMail and IP Addresses
"Click “Details” and you get an overview of your accounts activity, including whether it’s from POP, a browser, or a mobile phone"
It also gives you IP addresses. Now I'm of the opinion that grabbing the IP address of someone who has hijacked your GMail is an interesting prospect - however, this also means that anybody able to hijack your GMail account has your IP address too, and they'll have yours before you have theirs. To be honest, I think the potentially tiny benefit of having an attackers (potentially fake) IP is greatly outweighed by them having your IP.
Call me paranoid, but is it time to break out proxies and VPNs for GMail now? Perhaps there's a way for Google to implement some kind of password protection that's required to be able to access this information - but of course, if that password is tied to GMail itself then presumably the attacker would have access to that too - so how would you do it?
Suggestions on a postcard to Google, please...
4 Comments:
You've more to worry about than IP addresses if someone's hacked your account.
The Sunbelt guys should know better than use http: for Gmail. There's a setting that forces use of https: - go and turn it on right NOW!
Unlike most other mail services, Gmail supports encryption on _all_ access protocols and session cookies. HTTPS, IMAP4, POP3.
So if you see other sessions, it's much more likely it was your session from work / a friend's PC / cafe / etc. You did have screen-lock on? But to avoid the risk that somone kills the screen-lock, Gmail lets you forcibly log out the sessions. Very useful.
"You've more to worry about than IP addresses if someone's hacked your account."
From a stalking / trolling / info gather perspective, it's a wonderful thing to get hold of (of course, if they're after your banking passwords or whatever and you've left them sitting in your GMail then agreed, you have bigger immediate problems).
I see IP grabbing used in conjunction with social engineering of idiotic ISP support staff all the time - it's one of the most common forms of real world trollers causing problems for their targets around. Used to be quite popular on sites such as Myspace not so long ago - lay some bait for your victim, get them to visit your myspace profile, stick an ip logger program on the page then cause various forms of merry hell with the ISP. Everything from fake "cancel my account" phonecalls to more sinister data mining was the order of the day.
Thanks for the GMail tips, by the way :)
That's an interesting feature..
Other than social engineering ISP staff it's not of any use at all, though. Unless someone wants to send hundreds of 32 byte packets at you, which.. could.. tickle.
It could perhaps be used to get someones location information, for example if I tracert my ip it gives my city and my ISP (though it still says NTL, ah). This information can be easily discovered through social networking sites or forums anyway.
I agree with the other guy, if your account has been hacked, you're fucked anyway unless you keep a super secret e-mail account for all your passwords/site sign-ups.
Hey paperghost, ive got a problem. Some ass hole has emailed me several times (with different emails) talking about massive amounts of cash prizes, but they need my "info" before they can make the "transaction". Over the past 3 days ive gotten about 5 emails talking about the same thing. its getting ridiculous. any ideas?
Post a Comment
Subscribe to Post Comments [Atom]
<< Home