Easy click, easy steal

posted Oct 25, 2011, 7:15 AM by Anthony Lai
Sometimes, we may authorize third-party application via oauth to access our mailbox like findbigmails. However, you need to regularly check whether you have authorized some apps you don't know or aware of.

Please go to account setting and click on "edit" for Authorizing applications & share under Account overview section. If suspicious app(s) or/and service(s) are authorized, please revoke and remove it immediately.

Attack tricks are relatively easy. Attackers could simply offer kinds "free" helping service, and you authorize it, however, most of time the apps/services vendor do not inform the user to remove it. Your privacy and secrets are handed over to them :-)

- Darkfloyd
Figure 1: Check any service/apps accessing your Google account.

Figure 2: Do you find any suspicious service accessing your account?
Comments