Hacker News new | past | comments | ask | show | jobs | submit login

Yep, based on those headers it's the exact same thing discussed in the ZDNet and LinkedIn articles.

----

ETA: Just tried it myself, through my own mail server, and the headers are pretty much the same: the IPs are different, of course, and I didn't bother including extra forged Received: headers and such). This works beautifully -- message is in my Inbox (flagged as "Important according to Google magic.") and shows up under "Sent" as well.

After opening up "Show Original" in a new tab and then returning to the message, there's now a small banner (with a yellow background) at the top that reads:

> This may be a spoofed message. Gmail couldn't verify that it was actually sent from your account. Learn more.




The strange thing is the article is a year old? Why would it suddently be exploited now? I find it difficult to believe no one's tried until today?


It's probably been exploited for quite a while already, takes a certain time and threshold until these kinds of things fully bubble up to the public.

People who've been affected might not have noticed or cared enough to say/do something.


Maybe some dark-hat's side project finally reached a major milestone and was released?


No idea.

Apparently someone just found out about it and decided to try it out -- it's obviously "new" to a lot of HN'ers as well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: