Geezmail

View previous topic View next topic Go down

Geezmail

Post by anonopine on 18/6/2012, 09:45

The other day when I tried to get into my Gmail account from my wired desktop while using the SSL-based VPN "Hotspot Shield", the login failed even though the correct user ID and password was used.

It had happened before with Gmail while using the VPN, but with less consequence.

Logging into Microsoft's Hotmail while using Hotspot Shield is not a problem.

There's a paid version of Hotspot Shield that encrypts all your traffic, and a free version that encrypts your traffic except at sites that are SSL based. I use the free version.

The login page for Gmail is SSL based and the free version of Hotspot Shield should not be encrypting my traffic there. Through Hotspot Shield my traffic isn't encrypted at "Shields Up" or at "WhatIsMyIP.com", sites that are SSL based. So, why is it a problem at Gmail's login page?

I received the following message from Google:

"Sorry, we can't process your request right now

For security reasons, Google may sometimes deny logins in cases where we believe the account's password could have been stolen. To regain access to your account, try other computers. If that doesn't work you can reset your password, or learn more."

Both "reset your password" and "learn more" are hot links.

The "learn more" link is entitled "Unusual sign-in location detected".

Google had apparently hijacked my account. It's a kind of reverse denial-of-service attack where instead of an outsider attacking you, your webmail provider them self is doing the attacking.

On what basis can they justify this? What proof is there it's not me? What proof is there it's me when I log in from the "usual" location?

I didn't find a corresponding troubleshooter option except to play along with Google and agree that I had been trying to hack into my own account from a couple of thousand miles away with a user ID and password which I stole from myself.


I don't know if Google must voluntarily find a way or be compelled to find a way to assume people are using VPN's and just accept the user Id and password as enough in such circumstances. I don't know what's behind this.

What they're doing is overdone, but I don't think it's clear that Google's placing computer security on a pedestal.

Back in 2011 China blocked Gmail and lots of Chinese users downloaded Hotspot Shield to get to their accounts. When it comes to making money, Google has a bottom line, and when it comes to controlling people and events, China has a bottom line.


I quit Hotspot Shield moments later and tried to log into my Gmail account again. This time, after entering the correct user ID and password, I was redirected to a Google accounts page that said Google had detected suspicious activity on my Google Account. Google asked me to please create a new password, which I did and regained possession of my account.

Another disturbing development at Google Gmail is that ancillary information for resetting passwords is now taking precedence over user ID's and passwords as a primary means off regaining possession of your Google initiated hijacked account.

What can laptop users who are being ambushed by this do? Let down their guard and temporarily quit Hotspot Shield to regain possession of their Gmail account? Are other SSL-based VPNs similarly affected?

How about casual computer users who lack the experience to properly handle bizarre interventions on their email account?

VPN's are great for accessing information your geographic location would otherwise preclude you from, and then you forget to turn off Hotspot Shield and try to log into a Gmail account -- good luck!


oat s

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

View user profile

Back to top Go down

re: Geezmail

Post by anonopine on 18/6/2012, 09:50

anonopine posted on 18/6/2012, 00:45:

"...Another disturbing development at Google Gmail is that ancillary information for resetting passwords is now taking precedence over user ID's and passwords as a primary means off regaining possession of your Google initiated hijacked account..."

Just to be clearer, I meant that ancillary information can now be a primary part of the login process in addition to the user ID and password, and not that it replaces them. Well, I don't think it's fair because we're focused on our user ID and password and when it's sprung on us and we're not prepared it can result in lockouts by Google.


oat s

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

View user profile

Back to top Go down

Re: Geezmail

Post by D1G1T@L on 19/6/2012, 09:38

Just a few notes. Gmail uses geolocation to determine whther an account is compromised, which is really retarded if you happen to be someone who travels a lot or uses a vpn with servers in different countries. This could sometimes lock you out.

Another piece of advice is to just drop Hotspot shield as I heard they have very intrusive policies and their advertising has caused infections to their users as their system was abused by adware/spyware infestations.

D1G1T@L
Moderator
Moderator

Posts : 13
Join date : 2012-06-04

View user profile

Back to top Go down

re: Geezmail

Post by anonopine on 19/6/2012, 19:36

D1G1T@L posted on 19/6/2012, 00:38:
"... Another piece of advice is to just drop Hotspot shield as I heard they have very intrusive policies and their advertising has caused infections to their users as their system was abused by adware/spyware infestations."


Initially I was hesitant to use Hotspot Shield because of negative rumors and anecdotes, but the consensus is that Hotspot Shield is good honest stuff. We have to keep in mind that there's a blanket aversion out here among some to ad supported software without any regard to the facts.

There's a paid version that's not adware supported and the free version is still a good VPN despite the annoying advertising.

Hotspot Shield is good software and I would recommend that until Google fixes its problems with it, users might try forwarding their Gmail correspondence to other webmail providers such as Hotmail in the interim.


oat s

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

View user profile

Back to top Go down

Re: Geezmail

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum