have alot to explain about.
Imagine trusting our data to their network, managed by Village Idiots that are going to use that same network to "hang out with their friends", and load backdoors into the system.
It's time Google took the security of people's data seriously.
Report: Cyberattackers hit Google staff via friends
Summary
People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a report.
Topics
People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday.
"The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learned who their friends were," the Financial Times reported. "The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent."
The attackers used a popular instant-messaging program to distribute the malware link to target employees, George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. The malware exploited a hole in Internet Explorer that Microsoft patched just last week.
For more on this story, read "Report: Attackers sent Google workers IMs from 'friends'" on CNET News.
Talkback Most Recent of 17 Talkback(s)
-
John Zern26th Jan 2010 -
Village Idiots
They cannot take security serious, otherwise they would have to stop tracking everybody that uses Google, which includes Goggle Search. Impossible!
ron1633@...26th Jan 2010 -
If I understand you correctly...
you are saying that if you use Google services, it is like standing on the corner with your pants down, waiting for someone to kick you where it hurts.
Loverock Davidson26th Jan 2010 -
John Zern26th Jan 2010
-
Well, let us just hope that Google is smart enough to get rid of all
Windows and IE installations after this, as any
company that cares about security should.
But, YES, Google has no place to hide here, they
should have know that the minute they allowed
Windows and IE in the building, they had their
pants down.
DonnieBoy26th Jan 2010 -
HAHA! You're stewing now!
DB, don't you realize what has happened?
You have become the joke!John Zern26th Jan 2010 -
Yes, ANYBODY would look like the village idiot using Microsoft software
anywhere were security is important in any way.
This makes Google look very bad. You can bet that
they will make sure that nobody is using Windows
or IE inside of Google for anything other than
compatibility testing.
Also, you can bet that they will be giving courses
on social engineering attacks, and how to avoid
being duped.DonnieBoy26th Jan 2010 -
Not just Google.
But every cloud provider of any size will eventually if not already fall to attacks such as this. If you put your data in the cloud you are trusting people you don't know with the future of your organization. If your data is in the cloud, chances are it has already been compromised. And it is up for sale. Your future is up for sale.
Networks the size of Google cannot be managed securely because too many people have access. This won't be the last time this happens. As a matter of fact it is unlikely that Google has actually contained the full extent of the breach. Attacks such as this most likely require shutting down major parts if not all of the network to totally eradicate the trojans hiding in the lurch. You can bet data is still being leaked.
bjbrock@...26th Jan 2010 -
I agree.
All it takes is one person with some type of access to make a tiny mistake, and next thing you know it: back door!
Even with all the checks and balances, I'd really, really be surprised if some orginization figured out everything in terms of security.John Zern26th Jan 2010 -
Social Networking just makes Social Engineering Easier
In most of the environments I've worked in in the last 30 years, it isn't the network, the servers, the services or anything else that has lead to more intrusions and data compromise than undereducated or uncaring USERS!
From the time back in the 1980s when a coworker (fellow nerd) landed a beautiful girl friend, who just so happened to be East German, to being a contractor and sitting at a users desk and asking questions about all the 20 pictures of thier favorite dog, to the simple phone call where you say, "Hello, this is Bob from the IT department, we seem to be having some issues ensuring you have access to all of your resources......we need you to log in and tell us exactly what you're typing so we can track the process...."
All of these have and will continue to work.
Most folks know not to open attachments from people you don't know, but when the hacker mines the social networks it becomes even more difficult for a user to tell friend from foe.
A word of caution to all you networkers out there:
DON'T network using your corporate accounts and don't check your personal mail at work.
A word of caution to the companies out there:
DON'T PERMIT external mail checks from internal systems. This includes webmail.
There are necessary variences to these rules, but even then you can mitigate them by not opening any unexpected attachments from any of your networked "friends" until you've asked them if they in fact actually sent them.
For some of my more critical clientelle where I've had to bend the rules, I've requested that they change a key phrase in the body of the message only when they are certifying an attachment; such as:
Change "Best regards," to "Best regards, and wishes," to signal a valid inclusion.
GDoC26th Jan 2010 -
Just the incentive needed to create a secure OS
Why isn't security at the top of the list when making an OS? We've had viruses for nearly a quarter of a century now. Certainly someone can make a rock-solid OS that forces all programs below it to go through it for verification before accessing I/O ports.
Or is there no money in it?
LarryPTL27th Jan 2010 -
Incentive to break.
'...OS that forces all programs below it to go through it...'
What do you suppose Windows, or OSX or Linux etc is? Supposedly the OS has control and executes program instructions by feeding them to the processor piecemeal. Its a program itself and its job is to do as its told, quietly.
The problem isnt the OS, its the user. For example, try to build yourself a shelving unit in your garage that is easily upgradeable, strong enough to take engine parts and wont tip over if you overload it. Its not easy, but probably possible with a lot of design and effort - but it only takes a determined idiot moments to find a way of hurting themselves with it.
You'd be perfectly safe because you'd use it for what it was intended and within tolerance.
Most computer users are clueless as to these tolerances and break things, coupled with determined attempts to break things by criminals means that the OS is a lot better designed after those years than you'd like to think. I remember programs that barfed when you typed letters into a numeric field, but since the OS handles this it doesnt happen. It takes cleverly crafted input designed to confuse the program dealing with the information to make it barf, and thats not the OS.
Half the problem is that it is software - anything made can be unmade, and software is designed to be made and unmade easily. Hardware security is the obvious choice to combat unwanted changes but that then means it cant easily be remade if it breaks or is breached.
Security is pointless, we should look to fixing the element that is wrong, those who scam and steal and break for fun - its not just computers that they affect.
Or perhaps get rid of money... O.o
SiO228th Jan 2010 -
You HAVE to try Linux Mint 8....nt....
....nt.....
Joe.Smetona28th Jan 2010 -
TaDaH27th Jan 2010 -
About Google.
Google uses Linux exclusively. Check the
Netcraft listing of the top 100 websites in the
world. Google has most of the top 100. If
there were any security issues at Google, it
would corrode the very foundation of that
supremacy. You would see Google's site visit
count drop dramatically.
http://toolbar.netcraft.com/stats/topsites
"http://toolbar.netcraft.com/netblock?q=GOOGLE-
2,66.102.0.0,66.102.15.255"
From the above chart of the top 100, you can
really see, when it comes to security, Microsoft
is history. MS could never sustain those
numbers.
Like every other reported malady, the problem
isn't with Google, OpenOffice, Firefox, Opera or
Chrome, it's with Microsoft and IE. IE is
horrible, I can't understand why anyone would
still be using it, especially after all the
recent developments.
Geez, I've had Gmail since it was introduced. I
have over 37,000 archived emails (about 20% have
1-8 MB) attachments. Google increased the size
limit on attachments to 20 MB. If Outlook was
handling my email, the computer would be jumping
up and down on the desk from viruses.
Joe.Smetona28th Jan 2010
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
