Just before we turned in last night, I heard a scary teaser on the news: an announcer breathlessly asked "Has your email account been hacked? Do you use Gmail or Hotmail? Your information may be at risk!"
Oh damn. I went to my computer and typed in "Gmail hacked" and sure enough, found a news story that said the same thing. Arrgh - I immediately changed my and my wife's passwords.
This morning, after reading better news sites, I found that nothing was really "hacked" - this was just yet another phishing scheme that caught a few thousand people stupid enough to fall for it.
Well, OK: it's been a while since we changed those passwords anyway, so that's fine. However, it's annoying that news media doesn't distinguish between a true hack like someone breaking into Google and a phishing exploit like this. That newscaster should have asked "Are you a gullible fool who will give out their password when asked? Too bad for you, more at 11:00."
Of course, phishing exploits can include a real security breach component. If someone poisons DNS so that your attempt to access Gmail brings up a login page that looks like Gmail but is not, I could agree that was hacking. But if you are dumb enough to fall for an email that asks you to click on a bogus link, well, the problem is with you and your lack of common sense.
Apparently this was only about 10,000 accounts. That's actually pretty good if the bait was wide spread - if only that many fell for it, there might be hope that the general public is getting smarter about this stuff.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2009-11-07 Anthony Lawrence
Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them. (Gosser)