[dba-Tech] The storm after the break in

Jim Lawrence accessd at shaw.ca
Tue Jan 19 12:06:35 CST 2010


Google has been going into over-drive mode trying to find the culprits who
managed the break-in to the Google Gmail sites. To that end they have shut
down the Beijing office while a forensic search of all data and
communication records goes on...it may be a Google insider who had the
required knowledge. Supposedly, a security hole in a number IE versions
allowed the attack and governments all over the world seem to be very
concerned. (As of yet the patch has not been completed.)

http://news.cnet.com/8301-27080_3-10436618-245.html?tag=newsLeadStoriesArea.
1


The attack is considered a super sophisticated and required a number of
integrated components to work. The nature of the attack is such that it is
widely believed that the process was encourage and sponsored by the Chinese
government who would have a vested interest in the discourse of foreign and
local decedents.

http://www.wired.com/threatlevel/2010/01/operation-aurora


In addition, to the hacking of Google a number of companies were hacked and
source code extracted which may have in turn been used to launch the Google
attack that appears to have been the main object of the exercise:

http://news.cnet.com/8301-27080_3-10434721-245.html?tag=mncol;txt


The actual code that utilized the IE hole has been posted according to the
following link and if so it will not be long before every devious hacker and
script kiddies will have a copy:

http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-in-google-atta
ck-now-public


Does this mean that we should stop using IE, as some have suggested, until a
patch can be created and distributed? That would be difficult as so many
companies and individuals depend on IE to run their business. According to
many experts the attack code can not be deployed unless the victim initially
connects to a tricked up predatory site.

AVG now has a free link-scanner which is supposed to catch or be able to
identify links from your current web page that may be dangerous:

http://linkscanner.avg.com

 
The truth is, it is probably beyond the capability of any browser to be a
hundred percent effective against an attack especially if the perpetrator is
capable of investing unlimited resources, in such a venture.

Jim




More information about the dba-Tech mailing list