Google Accounts Compromised by Cookie Vulnerability 

gmail, Google, Google cookies, Hackers, Hacking, multi factor authentication, Ophtek, Suspicious links, suspicious software, , , , , , ,
20
Feb 2024

A recently discovered vulnerability appears to allow threat actors to hack into your Google account, even if you change your password. 

Given that there are 1.8 billion people actively using Gmail, it should come as no surprise that Google accounts represent a mouthwatering target for hackers. Google claims that their users are protected by world-class security and, on the whole, it is a secure system. No infrastructure, however, is 100% safe. Threat actors are industrious individuals and won’t rest until they’ve tried every avenue to compromise a system. Unfortunately, for Google and its users, this is exactly what’s happened. 

Losing Control of Google 

Google accounts are highly valuable to their owners. Packed full of apps such as Gmail and Google Drive, there’s a lot of personal data involved. A new vulnerability, attributed to a flaw in Google cookies, gives access to these accounts over to threat actors. Worst of all, this can be achieved time after time. Sure, you can try changing your password, but they will still be able to unlock your account. 

The attack starts when a user unwittingly allows malware to be installed on their PC. This malware then gets to work by searching for and identifying any Google login tokens, which are typically stored in the application’s local database. These stolen tokens can then be used to trick Google’s API interface. 

One of the main duties of a Google API is to help sync the various Google services across one account. So, for example, if you were logged into Google Drive, you wouldn’t have to log into Gmail as well. The threat actors exploit a vulnerability with Google cookies to create new cookies which can be used to gain unauthorized access to the compromised account. And this trick can be completed multiple times. Changing your password, naturally, would be the simple choice here. But even doing this still grants the hacker one more chance to access your account. 

The vulnerability in question is currently being sold by threat actors online, with at least six hacking groups advertising it. These threat actors also claim that that this vulnerability has been redesigned to tackle the efforts Google has taken to shut this exploit down. 

Keep Your Google Account Safe 

No one wants to lose their Google account, aside from the loss of personal data, there’s also the sheer inconvenience of having to create a new account and updating any services associated with your original account. Accordingly, make sure you play safe by following these best practices: 

  • Use multi-factor authentication: at present, Google hasn’t revealed whether multi-factor authentication will prevent this vulnerability from seizing control of your account. However, if you don’t have it activated, you need to make this a priority as it’s one of the simplest ways to add extra security to your account. 
  • Do not download suspicious software: the first stepping stone for the threat actors to compromise your Google account involves installing malware on your PC. This gives them a foothold to begin stealing your Google login tokens. Therefore, you need to remain vigilant as to the software you’re downloading. The most obvious question to ask here is whether the download comes from an official source. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Google Apps GMail vs. Your Webhost Email

Services, ,
16
Mar 2014

gmail-dash

Google didn’t get to where it is now if it offered only a search engine.  GMail, a member of the GApps family, is perhaps the crown jewel of all the services that Google has to offer.  So what makes Google’s email service more appealing than its competitors?  Why should a business move its email system to GMail instead of relying on services offered by the hosting company which already maintains its website? Below are some of the reasons why we think GMail is such an appealing service:

  1. Spam filter—Unwanted emails are perhaps the reasons why many of us dread checking our emails each morning.  Google has put a lot of effort into developing an extremely good spam filtering system that will send most (if not all) of the unwanted ad/scam/phishing content into the junk bin.  From time to time, one of these dubious emails will sneak past the spam filter, but at least you can instantly notice the bad egg if its among 20 or so legitimate emails you have in your box.
  2. Security—The first step to keeping your digital information safe is to create a good password for your account.  After you’ve done that, it’s up to Google to handle and store this information in a safe vault (not literally of course).  Google enforces secure transmission of your personal messages by encrypting them via the Secure Socket Layer (SSL) protocol.
  3. Automatic sorting—This GMail feature was only recently added, but we have to admit it’s pretty awesome.  If you’re a heavy social media user, chances are your inbox is flooded with notifications from Twitter, Facebook and whatever else you’re into.  GMail sorts out the different types of emails into three tabs: A ‘Primary’ tab, which receives all your important emails, a ‘Social’ tab to store all your social media/networking content, and a ‘Promotion’ tab that contains some of the less spammy ads (deals from Amazon and such).
  4. Speed and uptime—If you’ve been using the internet every day for the last ten years or so, can you recall the number of times Google.com was down?  Maybe once or twice?  If the servers were ever down, we can’t recall it happening. For that exact reason, we can say we’re confident in how Google handles its datacenters so users can have access to all the services it offers 99.99% of the time.  Moreover, Google has invested heavily in its infrastructure to ensure that most of us can access things like GMail in a timely manner.  By timely, we mean broadband users can essentially pull up anything from their inbox in a blink of an eye.
  5. Capacity—There once was a time when most email services offered just a few MB of storage, but that ancient tradition has since been squashed by GMail’s 15GB of free space.  Most emails are just a few hundred KB in size, so just imagine how many emails you can save if you have 15GB.  You also have the option of sending emails with a 25MB attachment, and if you signed up for Drive (Google’s cloud storage solution) you can ‘attach’ a 10GB file.  The 10GB file won’t be directly sent to your recipient (imagine losing 2/3 of the inbox storage in just one email!) as the file is actually stored in Drive as a shared file.
  6. Accessing Google goodies from GMail dash—Lastly, if you’re a Google fanatic and use services like YouTube and Hangout, these services are readily available right from the dashboard.  Thus, there’s not need to manually type in the individual service URLs to get to these pages. What Google basically did was bookmarked most of the services it offers into the GMail dash so you don’t have to do it through your browser.

For small businesses (and even large ones), GMail is an indispensable tool.  One GMail account gives you access to a slew of other Google-derived applications.  Services such as Calendar, Hangout, Docs and Sites all sync with one account.  That means, you can easily access any of the documents or services you started via GApps under one handle.  The added benefit of being able to integrate personal or business domains (i.e. Janesflowershop.com) into the GMail system will greatly improve your workflow and information management. All the pros that we’ve listed above are either not offered via webhosting emails or are just too clunky to work.  For help moving your email to GApps, contact your local IT professional.

Read More

Simplifying Small Business IT With Google Apps

Office IT, Services, , , , , , ,
12
Mar 2014

stay_connected

Access your documents from anywhere.

Just because you have a ‘website’ it doesn’t mean you or your organization is ready to start dealing with internet matters.  Depending on where you’re going with your business, you have to decide which tools will suit your needs most.  There are many supposed ‘all-in-one’ packages out there, but no one specific product will likely meet or even come close to fulfilling your demands.

That said, if you’re searching for a cloud suite to conduct and collaborate on ‘general’ internet matters, Google Apps for Business is a wonderful tool.  Unlike niche-specific tools like customer relationship management (CRM) and content management systems (CMS), GApps provide you with most of the tools you would need to complete and collaborate on various tasks.

The Must-Have Emailing System

screenshots_googlemail_1

GMail from Google.

Let’s start with email.  When it comes to brand building and recognition, you should have your own ‘domain’, which (in this instance) is something like www.mybusiness.com.  Along with the domain name, you’ll also likely want to send out emails with a @mybusiness.com address.  The hosting service you’ve chosen may provide you with an email system, but trust us when we say that these systems are simply just not as robust as the one built by Google.  If you’re using a @gmail email address, you’re using one of the products GApps offer.  From spam filtering to on-point subject searches, the Google-based emailing system is as powerful as you can get without getting your hands dirty.  Once you’ve signed up for the GApps service, you’ll be able to integrate your business domain into Gmail and send out emails from the Google-built system.

screenshots_drive_1

Browser-based productivity apps that you can share and edit in real-time.

Collaboration In Real-Time

For creating documents, there are GApps products like Docs, Sheets and Slides for you to use—these are the cloud equivalent to Microsoft’s Word, Excel and PowerPoint.  Since the GApps document apps are based in the cloud, all your work will be saved onto Google’s server so you can access them whenever and wherever you want.  The documents also have built in ‘sharing’ features so that you and/or you employees can share and collaborate with each other without needing to constantly email drafts back-and-forth.  Moreover, authorized users of any shared documents will be able to monitor and edit (if given permission) them in real-time.

screenshots_calendar_1

Cross-platform Calendar app allows your employees to sync all their activities with each other.

Streamlining and keeping all your employees and partners up-to-date is also covered via Calendar.  Despite all the technological advancements we’ve experienced in the last decade or so, a calendar is still exactly just that.  Unlike the paper pocket reminder you have stashed away in your desk drawer, cloud-based calendar programs provide much more flexibility.  Calendar from GApps gives you the ability to sync all your planned activities with your employees.  This is especially beneficial if you’re all on time crunches and in need of a tool that will display when exactly everyone will be available.

Heavy In Features But Lighter Than A Cloud

Of course these cloud services will also require some sort of cloud storage, so Google is offering 30GB per user at a price of $5 per month.  Should a person need more than 30GB, the administrator of the account can add 20GB to Drive for $4.  Your information is automatically encrypted with Secure Sockets Layer (SSL) security technology, so the burden of having to build virtual private networks from the ground up is negated.  Google guarantees that their servers will be up 24x7x365, which means you won’t have to ever worry about not being able to access your data—provided you have an internet connection.

We can’t forget to mention that GApps is a cross-platform service, meaning you can access/create documents and generate new information on virtually any devices.  Many businesses have adopted the bring-your-own-device (BYOD) model, and chances are your employees have more than just iPhones in their pockets.  GApps is accessible on Android, iPhone, Blackberry, Windows Phone and any phone or mobile device that supports a modern browser.  Keep in mind that a modern browser is basically one that’s built for a smartphone, so a flip-phone from 10 years ago will likely not support GApps.

Well Done or Medium Rare?

GApps for Business isn’t, as we already mentioned, a tool that will provide you with everything you need to run your business from a workstation.  Moreover, since there are so many ‘separate’ tools available, you need to decide which apps will offer the most return on your time spent using them.  The GApps ‘system’ itself is like a raw piece of prime cut steak, and you get to decide how you want to have it done.  Essentially, the only con when it comes to cooking a delicious GApps system is the time spent to figure out what you’re in the mood for, and for some this part of the thought process is the ‘make-it’ or ‘break-it’ portion.

A lot of work has to go into information management and GApps simplifies a lot of these areas.  The apps themselves are simple enough to use, but with choices come confusion.  How will you put all of it together?  That’s why we’re here, send us an email or give us a call, we’ll be more than happy to guide you through the GApps process.

Read More