The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed.
The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.
On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.
Gregg [Michael Gregg, head of *Superior Solutions Inc*] calls it “spearphishing.” “They target the user with an e-mail that would appeal to them, one that leads to a site that launches malicious code onto your system.” And the IE 6 exploit makes it particularly easy to slip that code on your computer.
Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is — don’t click on it.
Read full story here.
BEIJING — International journalists in China said Monday that their Google e-mail accounts have been hacked in attacks similar to the ones against human rights activists that the search giant cited as a reason for considering pulling out of the country.
The Foreign Correspondents’ Club of China sent an e-mail Monday to its members warning that reporters in at least two news bureaus in Beijing said their Gmail accounts had been broken into, with their e-mails surreptitiously forwarded to unfamiliar accounts.
Although the warning did not name the organizations, one of the accounts belonged to an Associated Press journalist.
John Daniszewski, senior managing editor for international news at the news cooperative in New York, deplored the breach and said the AP will be investigating to determine if any vital information was compromised.
Read the full story here.
My comments …
Its unclear as to how their accounts were “hacked” into. This may have been part of the larger coordinated hack against Google and Yahoo last week. Its also possible the latest Adobe PDF zero-day exploit was used, a keystroke logger or that the journalists got mess with sticky notes. I’d love to know more…
Happy New Year to everyone. Today – January the 4th, I’m in the process of moving this site to a new server. I don’t expect any time down thanks to DNS kongfu, apologies if you experience any time outs.
Merry Christmas to all of you!
Sorry for the lack of posts recently. Between work, travel and end of year projects I’ve been busy.
I’m hoping to complete a WP and theme upgrade in the next week and will get back to regular posting as soon as possible.
For 5 Easy Steps to Stay Safe (and Private!) on Facebook click here.
Warning: This is a long, drawn out article. The best solution is – don’t use FaceBook.