HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Google Finally Confirms S...

Tue Sep 10, 2019, 11:33 AM

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

As a rule, one should own and maintain a "banking only" laptop, kept updated, with AV installed - and NEVER used for ANYTHING but accessing your crucial remote online accounts (brokerage, banks, NOT Facebook, Twitter etc).

NEVER used for email, nor apps, nor anything else but the web browser. Make no searches, nor click links or download things.

The sites you visit are never from clicking links, except bookmarks you've MANUALLY created.

Use the native browser, and no added plugins.

Passwords should be maintained in a secure offline password utility. Log into sites by only using the password utility, never save access info in the web browser.

How does the Google Calendar attack work?

Gmail users are finding themselves on the wrong end of a sophisticated scam which leverages misplaced trust through the use of malicious and unsolicited Google Calendar notifications.

Google Calendar allows anyone to schedule a meeting with you, and Gmail is built to integrate tightly with this calendaring functionality. Combine these two facts and users find themselves in a situation whereby the threat actor can use this non-traditional attack vector to bypass the increasing amount of awareness amongst average users when it comes to the danger of clicking unsolicited links.


https://www.forbes.com/sites/daveywinder/2019/09/09/google-finally-confirms-security-problem-for-15-billion-gmail-and-calendar-users/amp/

12 replies, 1789 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread

Response to Pluvious (Original post)

Tue Sep 10, 2019, 11:54 AM

1. I have passwords on a double protected spreadsheet

Thatís should be good, no?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to underpants (Reply #1)

Tue Sep 10, 2019, 12:29 PM

2. At the very least...

Follow these two rules:

No obvious context, and obfuscate them.

Like no URL's and meaningful descriptions

Tac on the end or beginning extra chars that you don't actually use.

But ideally, being viewable isn't good, in case your screen gets captured. And the storing of them should be encrypted.

Passwords should be entered by a paste action, never typed (key logging is a vulnerability).

Cnet site often has top ten lists, I use the open source keepass.org one myself, and download it from GitHub.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Reply #2)

Tue Sep 10, 2019, 01:13 PM

4. Excellent must do routines. People take too much for granted.

That is the biggest backdoor of all, taking the internet and major sites for granted.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Reply #2)

Tue Sep 10, 2019, 01:27 PM

6. what is your take on epic privacy browser using the built in proxy functionality?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to harumph (Reply #6)

Wed Sep 11, 2019, 11:10 AM

11. I'm sorry but I've not yet researched that (n/t)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Reply #2)

Wed Sep 11, 2019, 10:09 AM

10. +1, "Passwords should be entered by a paste action"

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Original post)

Tue Sep 10, 2019, 01:10 PM

3. This is a must. It's internet security survival.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Original post)

Tue Sep 10, 2019, 01:26 PM

5. My place of work requires us to use Google Drive and Google Calendar.

And yes, it drives me CRAZY that people can schedule my time for me.

I never even look at my work Google Calendar, I refuse.

When I get smack about missing something, I always say, "Did you bother to inform me, personally?"

"Well, I put it in your calendar," they whine back.

DRIVES ME NUTS!!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Original post)

Tue Sep 10, 2019, 01:31 PM

7. Never let your work Google calendar/Gmail touch your personal calendar/email

unless you want Google to vacuum everything up and keep it forever

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Original post)

Tue Sep 10, 2019, 02:21 PM

8. I agree with the op article but I'd like to add one extra level of security...

If you don't have an extra laptop or even if you do, follow the mentioned instructions but do all your finanical and banking transactions booting into a USB stick with the TOR operating system installed on it. It's has fully encrypted partitions, your connection is anonymous and it automatically wipes your RAM writing over it with random 1s and 0s when you shut it down.
You could do the same yourself if you make a separate enctypted patition on your computer and install a Linux OS in it. You can easily wipe your ram before you leave.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to defacto7 (Reply #8)

Wed Sep 11, 2019, 11:11 AM

12. Good info and suggestions - thanks (nt)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Pluvious (Original post)

Wed Sep 11, 2019, 08:51 AM

9. I already use a seperated laptop for my banking.

Never my cell phone.

Thanks to everyone with all the extra information to keep us safe.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread