Another day, another cyber security headline. This time it’s the attack on personal gmail accounts which has left hundreds of US government and military personnel (along with other high-value targets) potentially exposed...
There’s not a lot to say about this that I didn’t say in my Advanced Persistent Threat post (and related articles) except to note that widespread reporting of this issue has been refreshingly plain and understanding. I fully expected to see tales of cyber war, Google-bashing and condemnation of Cloud Security arising from this but instead it seems people (by which I mean mainstream media) are starting to get the idea about things like Spear Phishing, and understand this attack for what it was.
Insidious, yes. Worrying, certainly. Important too but the point is this specific attack is not where the damage is being done: that comes later when the information harvested is exploited. That people are beginning to understand these subtleties of online security is truly a good thing.
Now all we need to do is fix the systems that make these attacks so easy on all but the most wary of prey. So that’s just DNS, HTTP, web browsers, HTML email… Hmm. I wonder if this will get a special mention at this week’s Cyber Security Summit.