The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed.
The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.
On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.
Gregg [Michael Gregg, head of *Superior Solutions Inc*] calls it “spearphishing.” “They target the user with an e-mail that would appeal to them, one that leads to a site that launches malicious code onto your system.” And the IE 6 exploit makes it particularly easy to slip that code on your computer.
Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is — don’t click on it.
BEIJING — International journalists in China said Monday that their Google e-mail accounts have been hacked in attacks similar to the ones against human rights activists that the search giant cited as a reason for considering pulling out of the country.
The Foreign Correspondents’ Club of China sent an e-mail Monday to its members warning that reporters in at least two news bureaus in Beijing said their Gmail accounts had been broken into, with their e-mails surreptitiously forwarded to unfamiliar accounts.
Although the warning did not name the organizations, one of the accounts belonged to an Associated Press journalist.
John Daniszewski, senior managing editor for international news at the news cooperative in New York, deplored the breach and said the AP will be investigating to determine if any vital information was compromised.
Its unclear as to how their accounts were “hacked” into. This may have been part of the larger coordinated hack against Google and Yahoo last week. Its also possible the latest Adobe PDF zero-day exploit was used, a keystroke logger or that the journalists got mess with sticky notes. I’d love to know more…
Yes, Google has open-sourced Chrome OS, its much discussed browser based operating system. But as usual, the open sourcing only says so much about its openness. Wait, no – its only open ‘on the hole’. After all, this isn’t something you can load on any PC. And it’s not much of an operating system. You can’t load local applications – not even one.
As part of its crusade to move more and more of our lives onto the web – and onto its own web services in particularÃ‚Â – Google has shunned the desktop entirely. And in doing so, it has shown a certain Apple-like quality: Like the Jobsian cult, Google is intent on tightly coupling hardware and software. The company – dare we say – is closing the market to certain hardware. Gasp.
But the ultimate irony is that after years of criticizing Microsoft for bundling its OS with its browser, Google has nearly made them one and the same. Yes, you can run third-party applications – but only web applications, online services of the sort offered most notably by, well, Google. And you certainly can’t use a third party browser.