$>
you're reading...
Cybercrime

Government officials, activists targeted in Gmail attack


Image representing Gmail as depicted in CrunchBase

Image via CrunchBase

Google has posted to their blog information about a targeted attack against the personal Gmail accounts of US government officials, political activists, military personnel and journalists.

Mila from the Contagio blog provides much more detailed information about the attacks. The messages appear to be handcrafted and spoofed to seem to be from governmental colleagues of many of the victims.

Gmail view/download linksNormally attachments in Gmail appear with a paper clip and links to view or download the item. The attackers created HTML that used fake attachment links that actually lead to a phishing page designed to look identical to the Gmail login page.

Mila wrote about these attacks in February, but the big news is Google sharing this information publicly. Most organizations prefer to keep security problems to themselves and maintain the illusion that their services are perfectly secure.

While this attack is not specifically a problem with Gmail, it is a widespread security weakness in many cloud services. Google sharing information with the public about how these attacks are executed helps all of us learn from these situations and build better systems.

Google gives some good advice in their post, although it seems strange that they feel the need to push Google Chrome as a solution to all security problems…

Gmail sign inHow should we respond to this news? We should take a moment to remind our users about best practices when using web-enabled technologies.

If you are ever presented with a login screen in your browser and you didn’t type in the address of the site you are trying to visit, close the window. Only enter your password into pages where you entered in the URL.

by Chester Wisniewski naked Security

Diskussionen

Es gibt noch keine Kommentare.

Schreibe einen Kommentar

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

Member of The Internet Defense League

Kalender

Juni 2011
M D M D F S S
« Mai   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  

Kategorien

Archiv

Legal Guide For Bloggers

Bloggers' Rights at EFF

Interessantes

Link Anonymizer

Independent Tests of Antiv-Virus Software

BSD Aktuell

Hacker News

Blog Stats

  • 260,127 hits

Haftungsausschluss

disclaimer

%d Bloggern gefällt das: