(OT) Google: "Somebody knows your password"
Volker Wysk
post at volker-wysk.de
Fri Aug 4 12:42:58 UTC 2017
Am Freitag, 4. August 2017, 09:49:56 CEST schrieb Xen:
> The DNS poisoning thing would require for example a (Windows) computer
> to be compromised and the "hosts" file to include an entry for
> google.com or whatever, causing lookups for that domain to go there.
> Unlikely perhaps. Same could happen on Linux but even more unlikely at
> this stage.
I'm using two Linux machines (desktop and laptop)... I've just used the laptop
to change the google password again (following Joel's advice). So unless my
laptop has malware on it, the attacker wouldn't have my new password, right?
> With regards to SSL/TLS certificates... if there is a fishing attack and
> the browser thinks it is going to https://account.google.com/ or
> whatever, then the browser will request the certificate from the server.
> It will then verify that the certificate contains the URL you just
> visited, and that it can validate the certificate according to a root
> certificate present in its own (local) database.
There was no message from any of the two browsers (desktop/laptop) about
untrusted certificates.
> So typically it should not be possible that anyone can impersonate that
> website, unless of course the computer was also compromised, and a
> validating certificate was added by the hacker to the root certificate
> store of your browser (or computer).
>
> So if there is actually a malware on the computer then both could and
> would be possible and you could indeed go to https://account.google.com
> or whatever and not know you were being misled.
>
> If there is not any malware on the computer, then it should not ever be
> possible.
So I think...
> I assume this isn't the case, so the only possibility would be that the
> link you click on is different from what the browser shows you.
It wasn't a html mail...
Bye
Volker
More information about the ubuntu-users
mailing list