G-Spam

This week, the brilliant/devious (delete as applicable) folks at Kaspersky called out the mighty Google for allowing its own applications to be facilitators of spam, often containing malicious payloads – drive-by malicious sites and other nasty malware vectors.

The story is that content generated and shared by one G-App (Calendar etc.) is treated much more leniently than content from the outside world as it passes through the mighty G-Wall and therefore is much more likely to reach the G-Spot (don’t say you didn’t see that coming) with its sneaky little payloads intact.

This is very difficult to protect against, so look forward to a flurry of meetings with Dr Double-Cheap Viagra turning up in your Google Calendar in the coming months.

It would probably be best to advise your users and family (especially the old and young) to do the following:

• Do not open messages from unknown senders.
• Never accept invitations from people you don’t know.
• Do not tap or click links in messages you weren’t expecting.
• And install a reliable security solution with an antispam module to filter out at least some of the spam that wriggles through Google’s filter.

Of course this may seem like bleeding obvious advice to you cyber security professionals but it isn’t to many and the word is worth spreading.

Regular victims, sorry darling readers of this blog, might remember us talking about the definitely messed up mystery hacker SandboxEscaper who clearly has a vendetta against Microsoft (almost certainly not alone, have you seen what they are trying to do to CERN?).

Well of course last Tuesday was patch Tuesday and all of the usual suspects belted out multiple patches. Many of Microsoft’s were patches not just against the work of SbE but also to patch previous patches and in some cases patches for patches of patches. A recursion loop is imminent, patch your shizzle before it eats the world.

A day like Patch Tuesday can often be dismissed as ‘just a day’, interesting then that many works of fiction take place in just a day. James Joyce’s Ulysses for instance runs to 730 pages or so and all the action (if you could call it that as you fall into a coma) takes place on one day, the 16th of June 1904 (Father’s day this Sunday, please let us not receive a copy of the mighty tome as punishment for being bad Dads). You probably don’t want to be writing a 730 page report on why your entire organisation was taken down because you didn’t patch, even if it might be more entertaining reading than the work of Joyce.

Prioritising patching (that cannot be automated) is essential and we believe impossible without a vulnerability management platform, something which we are pretty skilled at and would love to help you with. As usual contact us at: [email protected] or call 020 7517 3900 if you would like any advice or just a chat about what Troy Hunt is really like.

It looks like Assange is going to America where no doubt he will receive a very fair trial, after his claims to be a journalist are dismissed. The mood of law enforcers around the world is focussing on punishing hackers and the like as the four year imprisonment of the Welsh hacker Daniel Kelley proves. We can’t see it going well for Mr Assange, can you?

Have a great weekend and Happy Father’s day to Dads good and bad.