Early reports that Google employees were tricked into installing malware which allowed the hackers to steal information have been corroborated by McAfee.
The attackers are alleged to have identified friends of the Google employees via social networks (like Facebook, LinkedIn etc) and then posed as those friends to trick the employees into installing the malware as they believed it was trustworthy. The industry is claiming this is a watershed in the sophistication of attacks, and undoubtedly it is very sophisticated, however it seems to me that its more evolutionary: for years spammers have been sending email which claims to be from someone else, indeed the most sophisticated spammers have obtained address lists from users (either via unpatched machines or more regularly now by tricking them into sharing their username/password for their email [see my post about Threadsy]) and send emails to all their contacts as if it came from that user. The clever (?) thing about this attack is the fact they used social networks specifically to get users to believe an IM was trustworthy.
There is no new lesson here, keep practicing the safe internet usage guidance which hasn’t changed for several years:
- Always install updates for your software (Windows/OS X, IE/Sarafi/Firefox, Flash etc)
- Run AV (AVG or Microsoft Security Essentials are good free versions)
- Enable the firewall
- Dont click on anything which looks suspicious or you’re not expecting, even if its from someone you know – always check the person sent it.
Nicholas Carr has written an interesting article on how Google is disrupting many traditional businesses, from newspapers to movie studios and internet firms, and in so doing he explains their motivations (in his opinion) and draws a comparison with other businesses, including Microsoft.
Whilst I don’t agree with Nicks opinion that Microsoft is in business only for the money, the article makes for a good read, as do the comments from his readers.
Unbeknownst to me, whilst I was writing the Chrome post last Wednesday afternoon before flying off to Swtizerland for a weekend of climbing, a storm was brewing over the terms of the Chrome license. I wrote;
How they strike the right balance between using Chrome to deliver more adverts to their users (which means user profiling) and maintaining user privacy will be an interesting thing to watch
and it turns out this balance wasn’t right, but not just in the way I imagined. I thought they would be using Chrome to profile your use of the internet (which they are), however the liecense went much further asserting that anything you create whilst using it is re-usable by Google. Every email you write on GMail or Hotmail, every blog post you write etc. As reported on CNet, Google have since changed the license terms which is a good thing, but your browsing habbit are now profiled in addition to any searches you do, irrespective of search provider.
For more information, see the ongoing CNet coverage of Chrome here.
Its been all over the web for the last 24 hours; Google have announced they’re working on an IE and Firefox competitor called Chrome. I share some of the opinions raised in a Cnet news.com article, especially the points about Google having to share Chrome with the open source community, but I’m not sure I agree with its conclusion.
Matt Asay essentially says people will not defect to Chrome because Google has thus far failed to get any significant adoption of its existing client-side software. He makes a good point, but I can’t help but feel people want a better (or maybe just new) way to surf the web.
Byond tabs (which are “just” an evolution – albeit a very useful one) we’ve not really seen significant innovation in browsers for a number of years. I emphasise seen because both Mozilla and Micorsoft (and to some degree Opera) have all made improvments to their respective browsers, but the basic idea remains the same. Do any of us think the current model cannot be improved? I honestly don’t know. Web Slices (in IE8) seem like a good idea – I’ve long wanted a way to cut out a part of a webpage and paste it onto my desktop and still have it “live” with updated information. However, slices require a webpage to be coded in a certain way to support them, which will slow down adoption.
Google have a strong brand and if Chrome manages to significantly improve the way we use the web without further eroding user privacy, I’m sure it will be adopted. How they strike the right balance between using Chrome to deliver more adverts to their users (which means user profiling) and maintaining user privacy will be an interesting thing to watch.