Jump to content
Chinese-Forums
  • Sign Up

Watch your Gmail accounts

roddy

By roddy
in Life, Work and Study in China in General

 Share

Recommended Posts

roddy

roddy

Posted
Posted

Just had an attempt to log in to my Gmail account mysteriously redirect to the Hebei registered NDNS01.com. Spotted it before any damage was done I think, but have changed my password anyway.

Will be making sure I'm using overseas DNS servers (Google 'OpenDNS' or 'Google DNS') and firing up the VPN a bit more often, I think.

Reports of similar occurrences here (in Chinese).

  • Like 1
Link to comment
Share on other sites
roddy

roddy

Posted
  • Author
Posted

Edited the link.

Yeah, it was pretty worrying - if it hadn't been for the Firefox pop-in bar asking me if I wanted NDNS01.com to store the password (hmmm, suppose I must have submitted it then. Changed now anyway) I probably wouldn't have spotted it.

Something else to do is to make sure your Gmail bookmark is the https one - mine wasn't, but it certainly is now.

Link to comment
Share on other sites
valikor

valikor

Posted
Posted

Something unusual happened to me today, too, when I accessed my Gmail. Usually Chrome stores my username and password (usually=always). But today, it came up blank. I logged in with my username and password.

Then, I got another form (looked the same), which had my username filled in and wanted my password.

I assumed some cookie had expired or something, but reading this, I realize that maybe I was careless. Password changed :)

Link to comment
Share on other sites
gato

gato

Posted
Posted

There are also reports of NDNS01.COM being used to phish for MSN and Baidu passwords.

http://hi.baidu.com/%CA%A5%B8%E7/blog/item/ab0beb1a76e681f7ae513387.html

谨慎!一样的页面并不表明一样的站点

2010-07-09 19:35

http://hi.baidu.com/hanhell/blog/item/952bc2fc5ca82f8fb901a0be.html

NDNS01.COM & 百度

The reports seem to have started in July. Note that NDNS01.com's WHOIS record was most recently updated on July 5, 2010.

http://www.betterwhois.com/bwhois.cgi?verification=2766&domain=ndns01.com&submitbtn=Continue

NDNS01.COM WHOIS

Domain Name : ndns01.com

Creation Date : 2009-05-31 21:06:58

Updated Date : 2010-07-05 00:28:03

Expiration Date : 2012-05-31 21:06:54

Administrative Contact:

Name : gu long

Organization : gu long

Address : shijiazhuang

City : shijiazhuang

Province/State : hebei

Country : cn

Postal Code : 050043

Phone Number : 86-031-187935114

Fax : 86-031-187935116

Email : longcon@sina.com

  • Like 1
Link to comment
Share on other sites
roddy

roddy

Posted
  • Author
Posted

You may have a 'history' link near the footer of your Gmail pages (next to the recent activity notice?) which will show you IP addresses recently used to access your account. Nothing odd on mine.

Link to comment
Share on other sites
roddy

roddy

Posted
  • Author
Posted

Sort out your DNS - ie, eg.

However, if you're using some kind of client software from your ISP to access the Internet, it may reset your DNS. The client for my 3G card did this until I figured out how to get rid of it. Keep an eye on it, see if it changes back.

Another problem with doing that is that wireless networks that require you to log in / accept T&C's via a webpage - in Beijing Sculpting in Time, Costa Coffee, and no doubt others - won't be able to redirect you to that webpage if you are specifying DNS servers. I think that's why I'd reverted from the Google DNS. Trick is to access the page directly.

  • Like 1
Link to comment
Share on other sites
m000gle

m000gle

Posted
Posted

I can't say for sure if specifying https will fix the problem, but it could help and certainly can't hurt.

If you're using Firefox, you should take a look at this extension which automatically switches you from the unencrypted http page, to the encrypted https one for a lot of popular websites. Also, is this still a problem when using a VPN? This could be useful in determining if it is actually DNS poisoning within China.

Link to comment
Share on other sites
morpheus

morpheus

Posted
Posted

Somehow I suspect picking an https connection will be a little pointless. Gmail always redirects to the https login page. There is an option (if it isn't default yet) to read all email over https. If you go to gmail.com and aren't redirected automatically to an https page, then you have the wrong site.

The way I see it, if the guy is clever (he should be at least a little) he could redirect from gmail to his https server provided a certificate for his fake site (signed by Verisign or whoever, which can be arranged). Firefox should gladly accept that without warning, because then it would be for the "correct" site. If his fake certificate is not signed, then you will get a warning about that. If he isn't running an https server, you would get some error message or timeout.

SSL is not guaranteed protection against truly resourceful people. See http://www.networkworld.com/community/node/64074

Link to comment
Share on other sites
Koterpillar

Koterpillar

Posted
Posted

Does everyone affected have the Namipan (纳米盘) Firefox extension? For me, the problem only occurred in Firefox, therefore it's not ISP or DNS, as suggested. After removing said extension, the page was no longer stealing the password.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...