Early reports that Google employees were tricked into installing malware which allowed the hackers to steal information have been corroborated by McAfee.
The attackers are alleged to have identified friends of the Google employees via social networks (like Facebook, LinkedIn etc) and then posed as those friends to trick the employees into installing the malware as they believed it was trustworthy. The industry is claiming this is a watershed in the sophistication of attacks, and undoubtedly it is very sophisticated, however it seems to me that its more evolutionary: for years spammers have been sending email which claims to be from someone else, indeed the most sophisticated spammers have obtained address lists from users (either via unpatched machines or more regularly now by tricking them into sharing their username/password for their email [see my post about Threadsy]) and send emails to all their contacts as if it came from that user. The clever (?) thing about this attack is the fact they used social networks specifically to get users to believe an IM was trustworthy.
There is no new lesson here, keep practicing the safe internet usage guidance which hasn’t changed for several years:
- Always install updates for your software (Windows/OS X, IE/Sarafi/Firefox, Flash etc)
- Run AV (AVG or Microsoft Security Essentials are good free versions)
- Enable the firewall
- Dont click on anything which looks suspicious or you’re not expecting, even if its from someone you know – always check the person sent it.
Last weekend I added the final sensor to the Davis Vantage Pro 2 weather station on the roof; a UV sensor. The software which reads the data has been updated to read UV value and calculate sunshine hours per day, both of which are automatically reflected in the Weather gadget. I have yet to update live weather page as this is quite a big job; like many things IT related its not as simple as adding a graph to the page – the software I use has been updated and now has an editor, but it will require a bit of work to migrate the existing page to the new version so I’ll save that for another day.
With the explosion of blogs and social networking sites over the last few years, its apparent (at least to me) that whoever creates a compelling aggregation service will be onto a winner. Facebook is getting there, you can already integrate it with Twitter, but what about all the other information sources we each use?
Recent Comments