Poll of the Day > should i be worried? google account related.

(+) Yeah! (+)

had something weird happened my chromebook signed me out and said that new sign in was detected. however come to find out it was only my chromebook device that was listed, password wasn't changed or anything like that. not sure whats going on, was definitely weird and had a major freak out. not sure if this has happened to anyway else or if anyone knows what it is.

Have you patched any programs that might be susceptible to the new Java vulnerability?

no play store updates everything i suppose.

i am so confused in the secuity sign in details it lists all the devices and they all have the same IP but some are called unknown.

i am very worried i just want to know if i'm ok or not as everything is tied to my gmail.

Have you got 2FA enabled? If not I would.

RJP_X posted...

no play store updates everything i suppose.

If the dev hasn't pushed the patch to the play store, you may be vulnerable.

Total pain in the ass, as you have to find out if any of your programs rely on accessing a specific Java library, (Log4J v2.15.0 or earlier) then find out if the dev is working on a patch for their program.

And to complicate matters, they may have patched to v2.16.0 (vulnerable to a DoS flaw) but not patched to v2.17.0 yet

But that's just assuming it's the Log4J vulnerability. It could be a man in the middle attack where someone is spoofing your access point, or a myriad of other things. It could even be nothing and just a flaw in how your ISP registered your IP.

OHJOY90 posted...

Have you got 2FA enabled? If not I would.

While I strongly endorse this, it's also what makes the Log4shell vulnerability so dangerous; it completely bypasses authentication.

And all it takes to execute is a line of text in a message board, the target doesn't have to run or open anything, it's one of the most insidious zero days I have ever seen.

KodyKeir posted...

If the dev hasn't pushed the patch to the play store, you may be vulnerable.

Total pain in the ass, as you have to find out if any of your programs rely on accessing a specific Java library, (Log4J v2.15.0 or earlier) then find out if the dev is working on a patch for their program.

And to complicate matters, they may have patched to v2.16.0 (vulnerable to a DoS flaw) but not patched to v2.17.0 yet

But that's just assuming it's the Log4J vulnerability. It could be a man in the middle attack where someone is spoofing your access point, or a myriad of other things. It could even be nothing and just a flaw in how your ISP registered your IP.

yeah its so strange and i keep worrying, the new sign in is both from my chromebook and my IP address. do you think it was as you said a flaw in how my ISP registered my IP? i hope to god it was.

RJP_X posted...

yeah its so strange and i keep worrying, the new sign in is both from my chromebook and my IP address. do you think it was as you said a flaw in how my ISP registered my IP? i hope to god it was.

checked my devices it says you haven't been signed out of any devices in the last 28 days and only has my device listed. already changed my password, so if someone was on my account wouldn't it list other devices or list what has been signed out? idk just so confused and worried right now.

RJP_X posted...

do you think it was as you said a flaw in how my ISP registered my IP?

Occam's razor says yes, but I could be wrong.

(I'm just trying to think what I would do next, I've never used a chromebook, so I am unfamiliar with their architecture and file systems)

I would probably cross reference the reported logins with the router access logs, and my own recollection of usage and look for discrepancies.

Just from a cursory reading, it's likely not the Log4shell vulnerability.

If you are really worried, do a password change and turn on 2FA (if it is not already on)

KodyKeir posted...

Occam's razor says yes, but I could be wrong.

(I'm just trying to think what I would do next, I've never used a chromebook, so I am unfamiliar with their architecture and file systems)

I would probably cross reference the reported logins with the router access logs, and my own recollection of usage and look for discrepancies.

Just from a cursory reading, it's likely not the Log4shell vulnerability.

If you are really worried, do a password change and turn on 2FA (if it is not already on)

the router thing would have been a good thing, unfortunately it says no logs to show. ugh.

is there a way to do 2FA without a phone by any chance? or do you need one?

RJP_X posted...

i am so confused in the secuity sign in details it lists all the devices and they all have the same IP but some are called unknown.

i am very worried i just want to know if i'm ok or not as everything is tied to my gmail.

Google has done that with me before but I knew it was me because it gave the device name and the city location.