FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux User Repository

 
 
LinkBack Thread Tools
 
Old 09-19-2012, 10:03 PM
Menachem Moystoviz
 
Default No confirmation link received

On Wed, Sep 19, 2012 at 7:43 PM, Sandro Munda <munda.sandro@gmail.com> wrote:
> On Sep 19, 2012 5:49 PM, "Evangelos Foutras" <evangelos@foutrelis.com>
> wrote:
>>
>> On Wed, Sep 19, 2012 at 6:49 PM, Evangelos Foutras
>> <evangelos@foutrelis.com> wrote:
>> > On Wed, Sep 19, 2012 at 6:05 PM, Sandro Munda <munda.sandro@gmail.com>
> wrote:
>> >>> On Wed, Sep 19, 2012 at 5:54 PM, Sandro Munda <munda.sandro@gmail.com>
> wrote:
>> >>>> My username is: seyz
>> >>>
>> >>> The email address for that account is: kuppidon@gmail.com -- use this
>> >>> in the password reset page to regain access to your account.
>> >>>
>> >>> Forgot to mention this earlier, but please use bottom-posting [1] when
>> >>> replying on the mailing lists.
>> >>>
>> >>> [1] http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
>> >>
>> >> Oh shit, it's a really really old mail.
>> >>
>> >> When I try to recover my password using gmail, I have:
>> >>
>> >> "This account was deleted and is no longer recoverable."
>> >>
>> >> :-( Thanks for your answer envangelos.
>> >
>> > You can always register for a new account.
>>
>> A new AUR account I meant.
>
> Yes but not with the seyz username. It's a pity anyway. Thanks

Couldn't you register kuppidon@gmail.com with gmail, and then try
using the reset password form?
It should cause the password reset email to be sent to the new account
- allowing you to use seyz as your username.

Of course, I'm assuming you're legit, since this attack vector is also
used in cracking attempts in order to enter into old
accounts - which can allow for social privilege escalation.

HTH,
Gesh
 
Old 09-19-2012, 10:13 PM
Evangelos Foutras
 
Default No confirmation link received

On Thu, Sep 20, 2012 at 1:03 AM, Menachem Moystoviz
<moystovi@g.jct.ac.il> wrote:
> Couldn't you register kuppidon@gmail.com with gmail, and then try
> using the reset password form?
> It should cause the password reset email to be sent to the new account
> - allowing you to use seyz as your username.
>
> Of course, I'm assuming you're legit, since this attack vector is also
> used in cracking attempts in order to enter into old
> accounts - which can allow for social privilege escalation.

"Gmail usernames cannot be recreated after they've been deleted." [1]



[1] https://support.google.com/accounts/bin/answer.py?hl=en&answer=1212172
 
Old 09-20-2012, 10:29 AM
Menachem Moystoviz
 
Default No confirmation link received

On Thu, Sep 20, 2012 at 1:13 AM, Evangelos Foutras
<evangelos@foutrelis.com> wrote:
> On Thu, Sep 20, 2012 at 1:03 AM, Menachem Moystoviz
> <moystovi@g.jct.ac.il> wrote:
>> Couldn't you register kuppidon@gmail.com with gmail, and then try
>> using the reset password form?
>> It should cause the password reset email to be sent to the new account
>> - allowing you to use seyz as your username.
>>
>> Of course, I'm assuming you're legit, since this attack vector is also
>> used in cracking attempts in order to enter into old
>> accounts - which can allow for social privilege escalation.
>
> "Gmail usernames cannot be recreated after they've been deleted." [1]
>
>
>
> [1] https://support.google.com/accounts/bin/answer.py?hl=en&answer=1212172

Doesn't that just mean they can't restore the data for that account?
In other words, are you implying they keep a blacklist of all accounts
registered ever,
and block all attempts to register deleted accounts?

Please try my solution - can't test it myself since I'm rushing to the bus.

Gesh
 
Old 09-20-2012, 10:47 AM
SanskritFritz
 
Default No confirmation link received

On Thu, Sep 20, 2012 at 12:29 PM, Menachem Moystoviz
<moystovi@g.jct.ac.il> wrote:
> On Thu, Sep 20, 2012 at 1:13 AM, Evangelos Foutras
> <evangelos@foutrelis.com> wrote:
>> On Thu, Sep 20, 2012 at 1:03 AM, Menachem Moystoviz
>> <moystovi@g.jct.ac.il> wrote:
>>> Couldn't you register kuppidon@gmail.com with gmail, and then try
>>> using the reset password form?
>>> It should cause the password reset email to be sent to the new account
>>> - allowing you to use seyz as your username.
>>>
>>> Of course, I'm assuming you're legit, since this attack vector is also
>>> used in cracking attempts in order to enter into old
>>> accounts - which can allow for social privilege escalation.
>>
>> "Gmail usernames cannot be recreated after they've been deleted." [1]
>>
>>
>>
>> [1] https://support.google.com/accounts/bin/answer.py?hl=en&answer=1212172
>
> Doesn't that just mean they can't restore the data for that account?
> In other words, are you implying they keep a blacklist of all accounts
> registered ever,
> and block all attempts to register deleted accounts?

That would be a security flaw at Google. While I'm sorry for the OP, I
actually hope that indeed it is not possible for anyone to revive an
email account. Why Google chooses to close down an account is of
course another story...
 
Old 09-20-2012, 08:13 PM
Xyne
 
Default No confirmation link received

Evangelos Foutras wrote:

>On Wed, Sep 19, 2012 at 5:54 PM, Sandro Munda <munda.sandro@gmail.com> wrote:
>> My username is: seyz
>
>The email address for that account is: kuppidon@gmail.com -- use this
>in the password reset page to regain access to your account.

The request seems legitimate but nevertheless I do not think that TUs should
divulge user email addresses on the mailing list. It makes it trivial to
use social engineering to obtain someone's email address (e.g. an e-stalker may
very well know the registered name of a given user).

It would be better to send an email to the registered address to confirm
identity. If it bounces then the email can be reset or the account
deleted/suspended.
 

Thread Tools




All times are GMT. The time now is 04:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org