The Google Docs spam attacks played off Google’s most fundamental weakness
If you saw a Google Docs email from someone you knew, you’d open it, right? And if, having clicked through, Google asked you to log in again, would you think something was wrong?
For countless Gmail users, the answer was no. Yesterday, a sophisticated phishing attackswept through the network, masquerading as a Google Docs permission request. Every time someone followed the prompts, the app would gain access to the user’s contact list and blast out a new round of emails, causing a ripple effect of compromised accounts. According to Google, the attack affected less than 0.1 percent of Gmail users, but that’s still as many as 1 million people. And while the scheme can look simple, it was actually a string of linked spoofs, each made possible by Google’s reassuring presence on a fundamentally open system, and raising serious questions about how the company structures its products. [Read more here...]
Comments
Post a Comment