Posts tagged as:

remote

Google Says Hundreds Of Gmail Accounts Hijacked

Google Gmail Hacked

Google Gmail Hacked

An attack from China has affected hundreds of users, including senior U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

Google has detected a campaign to gather Gmail account credentials that appears to originate from Jinan, China, and is warning users to take a few minutes to review their security settings.

Eric Grosse, engineering director for Google’s security team, said in a blog post that hundreds of users have been affected, including senor U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” Grosse said.

By changing these settings, which are only evident through the appropriate Gmail Settings tab page, the attackers could generate copies of incoming and outgoing email that would be forwarded without the account holder’s knowledge.

Google declined to provide further details or information about those it believes may be behind the attack.

In January 2010, Google reported that it had uncovered “a highly sophisticated and targeted attack on our corporate infrastructure originating from China.” Google said at the time that it had reason to believe that one of the main goals of the attackers was to compromise the Gmail accounts of Chinese human rights activists.

In that respect, the attack was not very successful: While Google acknowledged that the attackers had stolen unspecified intellectual property, it stressed that only two Gmail accounts appeared to have been accessed.

Jinan, capital of Shandong Province in Eastern China, happens to be the location of the Lanxiang Vocational School, one of the two Chinese schools linked to the 2010 attack against Google.

An October 2009 report on Chinese cyber espionage prepared by defense contractor Northrop Grumman said that the Chinese military maintains at least six technical reconnaissance bureaus for gathering cyber intelligence in the Lanzhou, Jinan, Chengdu, Guangzhou, and Beijing military regions.

The current attack differs from the 2010 attack in that it doesn’t involve a vulnerability in Google’s infrastructure; it is simply a phishing campaign to dupe users into revealing their Gmail login credentials.


Google said that it detected the phishing campaign through its cloud-based security and abuse detection systems, through the reports from users, and through a report published in February on the Contagio blog, a collection of malware samples and threat analysis. The company said it has notified victims and the relevant government authorities.

Google is advising Gmail users to consider steps to improve the security of their accounts. The company recommends using two-factor verification, using a strong password, only entering account information at the proper Google domain, checking Gmail settings for unknown forwarding addresses or unauthorized account delegation, watching for suspicious account activity warnings, using Google Chrome, and reviewing security education materials available online.

{ Comments on this entry are closed }

New Windows XP Flaw Leaves PCs Exposed

New Windows XP Faw Leaves PCs Exposed

A British security researcher has discovered a new zero-day vulnerability that exploits a soft spot in XP’s Help and Support Centre to take over PCs.

A new zero-day flaw has been found in Windows XP that could allow cyber criminals to take control of users’ PCs.

The bug takes advantage of a security gap in XP’s Help and Support Centre, which leaves the remote assistance tool vulnerable to being taken over by attackers, who would then be able to execute tasks on infected PCs.

By embedding commands in web addresses, hackers could activate the remote assistance tool and issue commands to the PC in question over the internet. The flaw was discovered by British security researcher Tavis Ormandy, who reported it to Microsoft earlier this week.

“At least Microsoft Windows XP, and Windows Server 2003 are affected. The attack is enhanced against IE >= 8 and other major browsers if Windows Media Player is available, but an installation is still vulnerable without it,” Ormandy wrote on the Full Disclosure mailing list.

“Machines running versions of IE less than 8 are, as usual, in even more trouble. In general, choice of browser, mail client or whatever is not relevant, they are all equally vulnerable.”

Microsoft has confirmed it is investigating the matter, but criticised Ormandy for waiting just four days before making the full details of the flaw public, complete with a worker exploit and suggested workaround.

“Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk,” said Mike Reavey, director of Microsoft’s Security Research Centre.

Need help with Windows XP Security? Have questions about computer cleanup and system optimization? You can call me at (262) 203-4459 or email me here.

He emphasised that Microsoft wasn’t aware of any working exploits, and confirmed that users of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 had nothing to worry about.

However, Ormandy countered that the risk was sufficient to make holding on to the information irresponsible. “Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user,” Ormandy wrote. “I’ve concluded that there’s a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security.”

The vulnerability comes to light just days after a bumper set of Microsoft’s customary Patch Tuesday fixes was sent out, though there is no word yet as to whether it will force the firm to send out an out-of-cycle update.

Microsoft has promised to issue a security advisory on the matter as soon as possible.

In the meantime, Ormandy suggests deleting the HCP key entry within the HKEY_CLASSES_ROOT section of the Registry as a temporary workaround. However, Microsoft warns that doing so will break not only any links hackers may be using to manipulate systems, but also any legitimate help links using the hcp://protocol.


from » http://www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }