Dec 142013
 
 December 14, 2013  Posted by  Online

Michael Mimoso reports:

Google’s decision to automatically display images in Gmail messages has security experts on edge about the privacy and security implications of the move. Of particular concern is the ability of an attacker, or marketer, to learn whether messages are being opened, as well the possibility of an attacker spiking an image URL with additional attacks that could lead to denial of service conditions or worse.

Read more on ThreatPost.

  One Response to “Gmail Image Proxy Changes Have Privacy, Security Implications”

  1. This seems to be more a question of implementation. If Google pulls the image immediately and caches it, it actually increases privacy because the originator won’t know whether or not the recipient opened the email or not. However, the article indicates they are repulling the image every time the email is opened, which is not good. I also take issue with the idea that a malicious attacker could execute a DOS attack on a server by embedding an image from that server. I’m betting Google has either already thought of that or will implement something soon to prevent such an attack.

Sorry, the comment form is closed at this time.