Categories
Security Breach

Reflected File Download – A New Web Attack Vector

On October 2014 as part of my talk at the Black Hat Europe 2014 event, I presented a new web attack vector that enables attackers to gain complete control over a victim’s machine by virtually downloading a file from trusted domains. I decided to call this technique Reflected File Download (RFD), as malware can be […]

Categories
Security Breach

One Token to Rule Them All – The Tale of the Leaked Gmail Addresses

Since I don’t really know where to start, let’s start at the end. At the very end of this attack, I am going to hold what appears to be every single email address hosted on Google. So what? I mean why is that such a big deal? To answer this question, you might want to […]

Categories
Security Breach

Google Account Recovery Vulnerability

Global Main Authentication and Identification Library (GMAIL) If I told you to think of the most sensitive features (security-wise) in a web application, you would probably say – Login. Well if your definition of “Login” does not include password recovery, then it would definitely be the second one. This means that password recovery is often […]