Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

Major software offerings from Microsoft and Google have this week drawn criticism from industry experts for major security flaws.

Close on the heels of Microsoft’s none too well received operating system Windows Vista, is Windows 7 which has been tested by the public in its “release candidate form.” Versions can be downloaded by the general public and tested.

Although the initial reaction has been good, seeing it as an improvement on the cumbersome Vista, there are worries that it contains an inherent security flaw.

Windows 7 was slated in for a release date of January 2010, but it might be earlier, with Microsoft saying that they are ahead of schedule. Generally, Vista was a disappointment, standing accused of being like a sieve when it came to security (requiring constant updates) and slowing down performance times. Windows 7 appears to solve a lot of those problems and features quicker response times, a new task bar, a touch-screen capability and an ability to stream media files (including music) from one computer to another via the internet.

But the question of computer security has reared its ugly head again with some suggesting that there is a major flaw in Windows Explorer (the heart of the operating system’s file management system) which allows other users to be attacked by hackers.

And what worries the experts is that this major flaw is not new, but existed in previous versions of Windows Explorer. And the irony is not lost on many, after Microsoft has sworn themselves to a “trust vision” to make security in their products a major preoccupation.

And Google’s all-singing, all dancing new browser has shown to be a little flaky. Chrome is liked by many, but Google has had to fix quite a few security holes, which then led to a problem with crashed computers. Chrome version 1.0.154.64 was released recently to put right two major security problems. The first concerned an ability for a hacker to run attack software that had the same priviledge as the primary user. The second problem centred on the 2D graphics which could have created an opening for attack software to be infiltrated into the browser’s security system.

But when the new version was released, having fixed the two security problems, it caused a few crashes, so a new version quickly followed.

Guest Article by Neil Camp