Spear phishers target gov, military officials' Gmail accounts Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized …
Getting your email comprimised is easy peasy, just get that TPS report with an embeded from Tom u know Tom from accounting. Click it and watch that password and contact list go to China before you can say chop suey. Issue is govement and Cororate email exchange servers are so locked down and filtered now. Webmail is the way to go with out the restrictions . So im sure Yahoo, Hotmail have the same issues but are just either too scared to admit or dont care.
Why Paris - Cause u cant fix stupid.
For (at least) two reasons:
1. It's not possible to automatically identify non-local MAC addresses. You normally* have to use some sort of protocol, such as InARP.
2. MAC addresses are trivial to spoof. Of course, you'd have to know the valid MAC address, but if someone's accessing Google from a public network, that's not difficult.
* Does Frame Relay support this? I'm not sure. You're not likely to be accessing Google this way.
While there are multiple possible interpretations of MAC (Wikipedia offers almost 100 disambiguations, 12 of them specific to computing and telecommunications), I think there's a clue in the use of the word 'level' in Shannon's phrase "add a layer of security at the MAC level" (not to mention the title).
OK : You're paranoid.
But only a little. This is a long way from accidental WW3, but it is on the path if they're not careful. Rhetoric about lobbing ordnance down smokestacks as a response to cyber attacks is either an empty threat or a pretty stupid game plan. Just cos China is physically the source of this stuff it doesn't make the chinese gov responsible - after all, the subject of this story is the ease with which military personel can be deceived via e-mail, and they could be victims as well.
Perhaps they should find a more secure/verified way of communicating officially within the gov/mil community than bog-standard gmail (or any other similar offering).
Yes friends and neighbors, we have a winner. You beat me to it.
Jesus Hussein Christ, just when you thought someone somewhere in government might have a shred of common sense you learn they're using web email accounts for gov/mil purposes! ! ! !
Why not just put Sony and HBGary in charge of your network security???
Beer icon 'cause this is enough to make any sane person need several, even at this time of the morning.
Even politicians may have a social life. If you're using Gmail to set up an after work meeting - from a non-secure (in the military sense) network - there's not necessarily anything wrong*. I wouldn't recommend the use of a free public email service to update the nuclear launch codes, however.
* Though I'd ban it, because that's just the sort of security Nazi I am :)
even my home router gets bored with penetration attempts from machines under the domains of Microsoft and many other major players. Why would the home PC of an Admiral of the Fleet be any different ?
I'd not be surprised if it turned out that some high powered pumpkin was controlling a .mil SCADA system from home.
ALF
What? Haven't Google forgotten those servers they left behind in China?
They've been rented out - some Western intelligence agency is hosting software for checking whether there is any (intelligence) left at Google or its long suffering users
After all, no-one else would bother with the US - when their are "softer" targets elsewhere.
Who knows - probably not Chinese - at least they can spell in Chinese and English!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
