From recent news, a Pakistani hacker shocked the world after revealing a trick to hack any Gmail account. Gmail is used widely all over the world for various purposes from business emails to chat with friends still email has proven that it is one of the best mailing communication in the 20th century. Recently a new trend in the software market about finding the bugs and getting paid by these giant social networking companies.
Recently Facebook spread the news that anyone to find a bug in their system will be paid the certain amount of money and many people engaged in this activity and got paid by finding the bugs in the giant social networking site. The same thing with Gmail, Anyone who finds a bug or a gaping hole in the system will be rewarded with a huge stack of money. Intelligent programmers and coders will spend days of research and practice to find a vulnerability in the system and get rewarded by the company.
A Pakistani student “Ahmed Mehtab” was introduced to the Google’s Hall of Fame. He did different experiments with the system and discovered a flaw in Gmail. This flaw was can allow anyone to get into Gmail account of the victim and read all the messages and information available. With that being said the outcome results to a hack.
Also Check: Top 5 Sexiest Female Hackers Of All Time
In order to qualify Google’s VRP, it takes a lot of effort for programmers to find a vulnerability/flaw in any the following categories.
1. Cross-site scripting,
2. Cross-site request forgery,
3. Mixed-content scripts,
4. Authentication or authorization flaws,
5. Server-side code execution bugs
If the participant can find a flaw after getting qualified in the Google’s VRP he can expect a reward about $20,000. And Ahmed Mehtab is one of those guys who won the reward recently. In his personal blog, he stated that if the email address is matching any of the following cases then it can be hacked.
1. If recipients SMTP is offline
2. If recipient has deactivated his email
3. If recipient does not exist
4. If recipient exists but has blocked us
5. Cases could be even more
Then, later on, Ahmed discussed more the hack process
1. Attacker try’s to confirm ownership of firstname.lastname@example.org
2. Google sends email to email@example.com for confirmation
3. firstname.lastname@example.org is not capable of receiving email so email is bounced back to Google
4. Google gives attacker a failure notification in his inbox with the verification code
5. Attacker takes that verification code and confirms his ownership to email@example.com
Ahmed said he wasn’t awarded for a security issue that he recorded and posted but instead he was introduced to Google’s Hall Of Fame for his contribution.