Information Research Security Team (INSERT) claims to have discovered an attack enabling it to use gmail's SMTP server to send forged e-mails through compromised accounts. They say they have sent in a demonstration from one such account more than 4000 bulk e-mails that were delivered. Some of these were copies of spam from blacklisted sites. They omitted many details as a courtesy to Google.
http://ece.uprm.edu/~andre/insert/gmail.html
Joel Hruska also reported on this at arstechnica. http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html
|