Security lessons learned from the China Google hack
Besides geopolitical and economical issues related to the recent hacking of Google and other high-profile organizations stemming from China we see once again that basic IT-security measures play an important role in everyday life.
The hack in a nutshell: malicious emails from supposed colleagues allowed attackers to lure unsuspecting employees to infected websites which allowed the attackers to install malware onto the local computers. The malware in turn took advantage of vulnerabilities in the Internet Explorer (and possibly other applications such as Adobe) to gain control over the system. It’s as simple as that.
Even though security updates for some of these applications, such as the Internet Explorer, were not released until recently we see that social engineering is still very effective in tricking people into opening attachments from strangers, clicking on unsuspecting links or even sending personal information to the bad-guys. It is getting more difficult nowadays for the average user to differentiate between good and bad information, so some of the most important tips for any user are still:
- be suspicious about information and attachments you receive from people and don’t give out private information
- be cautious about how and where you surf (make sure you are using safe browser settings)
- keep all of your applications (especially browsers, virus scanners, etc.) constantly up-to-date if you manage your own system.
… and don’t forget to make regular backups, in case the roof leaks on a rainy day anyway.
The Windows Application Scanner from Secunia helps keep your Apps current:
Google Hack (EN):
Google Hack (DE):