foxnews: your gmail is at risk.

Discussion in 'Android General Discussions' started by cisco0910, Jan 18, 2010.

  1. cisco0910

    cisco0910 Member

    Joined:
    Nov 26, 2009
    Messages:
    838
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virginia Beach, VA
    Ratings:
    +0
    Is Your Google E-Mail at Risk?
    Jan 18, 2010 7:09 PM EST
    The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed.

    The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.

    On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis Web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.

    Metasploit is intended to let security professionals test out security threats.

    "Normally these frameworks are designed for the good guys for our assessment. The problem is, it's open source and available to anyone," said Michael Gregg, head of Superior Solutions Inc., a Houston-based cybersecurity consultancy.

    "And the scary thing about Metasploit is, anybody can pull this stuff down and anybody can launch it. It's not the skilled hacker working for the government, it's the kid next door."

    George Kurtz, CTO of the security firm McAfee, agrees. "The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," he wrote late week. "This attack is especially deadly on older systems that are running XP and Internet Explorer 6."

    Hacks based on this security flaw led Google to threaten to drop its www.google.cn Web site and leave China last week. The Internet behemoth believes these security intrusions are a quest not just for political knowledge but also for intellectual property. Experts warn that as many as 30 other companies have been hacked, ranging from software firms like Adobe and Juniper Networks to Northrop Grumman -- a major U.S. defense contractor and manufacturer of nuclear-powered aircraft carriers and the Global Hawk unmanned drone.

    Microsoft has yet to patch the hole in IE 6, a flaw so serious it's prompted the German government to suggest citizens avoid IE. Microsoft has posted a security advisory detailing the problem, and urging users to upgrade to newer browsers.

    Microsoft's next scheduled security update is Feb. 9 -- so unless the company expedites an "out of cycle" security patch, more than three weeks will elapse before this vulnerability is fixed. Without a patch in sight, security experts urge vigilance, and not just for government agencies and huge businesses like Google.

    From Fox News...

    "This is something that affects businesses in the U.S. as well as individuals. The Internet knows no borders," Gregg warned.

    Gregg said that years ago, software companies had months to solve a security flaw after it was uncovered. Today, it's hours. Protecting yourself and your business is substantially harder today than it was in years past, too, due both to the accelerated pace of these exploits and also to hackers' reliance on social engineering, where an individual is tricked into providing confidential information.

    Gregg calls it spearphishing: "They target the user with an e-mail that would appeal to them, one that leads to a site that launches malicious code onto your system." And the IE 6 exploit makes it particularly easy to slip that code on your computer.

    Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is -- don't click on it.
     
    #1 cisco0910, Jan 18, 2010
    Last edited by a moderator: Jan 18, 2010
  2. taypotts

    taypotts Member

    Joined:
    Nov 9, 2009
    Messages:
    420
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Pretty sure this was only going on in China...
     
  3. Stigy

    Stigy Active Member

    Joined:
    Nov 5, 2009
    Messages:
    1,079
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New Jersey
    Ratings:
    +0
  4. DROIDMASTER

    DROIDMASTER Member

    Joined:
    Jan 14, 2010
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Colorado
    Ratings:
    +0
    This happens all the time just no one knows about it. Believe me I know. First of all if you use internet explorer 6 there are probably millions of threats on your computer anyway because no attention is made to Internet 6. I believe you can upgrade today to internet explorer 8. As long as you dont tell anyone your computers address and log out of your gmail you should be safe. To go extreme I believe you can put locks on your separate messages and use codes to look at them. DO NOT download any patches that say this has been fixed because in result your computer will probably be hacked. Unless it's off microsoft's website.
     
  5. cereal killer

    cereal killer Administrator
    Staff Member

    Joined:
    Oct 29, 2009
    Messages:
    11,397
    Likes Received:
    1,280
    Trophy Points:
    558
    Location:
    Austin, TX
    Ratings:
    +1,427
    Current Phone Model:
    Nokia Lumia Icon
    I strictly use Firefox.
     
  6. bmore

    bmore Member

    Joined:
    Jan 6, 2010
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Baltimore, MD
    Ratings:
    +0
    If someone is still using IE at all, let alone 6, they deserve it.
     
  7. jsh1120

    jsh1120 Silver Member

    Joined:
    Dec 9, 2009
    Messages:
    2,454
    Likes Received:
    1
    Trophy Points:
    103
    Location:
    Seattle, Washington
    Ratings:
    +1
    IE6? Give me a break. I've largely stopped using IE at all, but anyone who is running IE6 deserves to have their email hacked.

    Edit: Great minds think alike apparently. :)
     
    #7 jsh1120, Jan 18, 2010
    Last edited: Jan 18, 2010
  8. hookbill

    hookbill Premium Member
    Premium Member

    Joined:
    Nov 30, 2009
    Messages:
    19,502
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    N.E. Ohio
    Ratings:
    +8
  9. JhankG

    JhankG Silver Member

    Joined:
    Nov 1, 2009
    Messages:
    3,090
    Likes Received:
    0
    Trophy Points:
    101
    Location:
    Summerfield, NC
    Ratings:
    +0
    Mac user, Firefox and Chrome only. We should remember that IE still owns the majority of the browser market, so this is good information.
     
  10. Stigy

    Stigy Active Member

    Joined:
    Nov 5, 2009
    Messages:
    1,079
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New Jersey
    Ratings:
    +0
    For PC users, this is why Windows Update is a must.

    Either update to IE7 (or IE8) or use an alternative browser.
     
  11. Itamar

    Itamar Member

    Joined:
    Nov 16, 2009
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boca Raton, FL
    Ratings:
    +0
    +1 for Chrome. I haven't used IE in a while.
     
  12. mwhartman

    mwhartman Super Moderator/RS
    Premium Member

    Joined:
    Jan 15, 2010
    Messages:
    10,737
    Likes Received:
    12
    Trophy Points:
    453
    Location:
    South FL
    Ratings:
    +12
    Like, JhankG, I'm a MAc user and browse with Safari and or Firefox. To-date, no issues. However, it seems that the hackers always want to hit the biggest which in this case is MS and Google.

    Mike
     
Search tags for this page

experts warn of hack attack in gmail accounts & fox news

,

gmail vulnerability foxnews

,

is at