Gmail, Outlook.com and e-voting ‘pwned’ on stage in crypto-dodge hack

Black Hat 2013 Security researchers say they have developed an interesting trick to take over Gmail and Outlook.com email accounts – by shooting down victims’ logout requests even over a supposedly encrypted connection.

And their classic man-in-the-middle attack could be used to compromise electronic ballot boxes to rig elections, we’re told.

Ben Smyth and Alfredo Pironti of the French National Institute for Research in Computer Science and Control (INRIA) announced they found a way to exploit flaws in Google and Microsoft’s web email services using an issue in the TLS (Transport Layer Security) technology, which encrypts and secures website connections.

Full details of the attack are yet to be widely disseminated – but it was outlined for the first time in a demonstration at this year’s Black Hat hacking convention in Las Vegas on Wednesday.

SOURCE: theregister.co.uk