Am 2016-04-11 um 08:55 schrieb Evgeny Kapun:
On 10.04.2016 19:22, Elmar Stellnberger wrote:my gmail password was malversated within a few seconds; i.e. I got a login attempt from HongKong and had to change the password after disconnecting.Is it possible that it was YOUR login attempt? Maybe Google detected your login attempt through VPN as coming from Hong Kong and thus blocked it. If this is the case, your account was probably not compromised.
Yes, it was actually the login attempt by my Thunderbird instance as the VPN was from Hong Kong and the login attempt as well. So this time no password had been malversated, definitely. Please excuse the irritation. Once you can remember a similar accident you will be somewhat more suspicious than necessary. Nonetheless the last time I had connected via a similar but more suspicious VPN to France I got a similar login attempt via my Google account from Vienna, Austria while I was staying in Carinthia and connected via Klagenfurt/Austria (where my ISP links to). That time there was definitely reason to believe in an attack of my Google account and I had my password changed. Similarely I had connected once via an unencrypted Wifi in Villach and got login attempts from Russia within a few hours afterwards for my Google account. Also very suspicious. Unfortunately these accidents will likely not be of help for us since they are already about a year or two in the past (summer last year; i.e. ~ 1,5 years in the past). I can not even remember the server settings from then (though they were likely somewhat similar.). Anyone here who can remember a hard security issue having been fixed for SSL/TLS within the last two years? The heart bleed bug should already have been fixed then as that one is from April 2014.
Actually, Google is very suspicious of login attempts from email clients and other non-browser programs. When logging in through a browser, it uses browser fingerprint and a persistent cookie to check that you are logging in from the browser that you usually use, but it can't do that with email clients.
P.S.: Special Thanks to You, Brandon Vincent.I still had the STARTTLS setting activated for my revido account and changed it to SSL/TLS as soon as I had heard how dangerous that might be. Unfortunately there are no geographical warnings for login attempts from the revido account (Accordings to ¿German law? they do not even expose me their server log cotaining the IPs with login attempts which could be backtraced with geoip). I`d personally believe that unsuspecting users should be warned of the fallback option of STARTTLS as it sounds like TLS but it can start an unencrypted connection as well.