Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Horseychick

150 posts

Master Geek


#207896 18-Jan-2017 15:46
Send private message

Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422

 

I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?


Create new topic
Affiliate link
 
 
 

Affiliate link: You will find anything you want at MightyApe.
sidefx
3607 posts

Uber Geek

Trusted

  #1705304 18-Jan-2017 15:50
Send private message

Erm... so apparently these so called "experienced technical users" don't have 2FA turned on?  And happily enter their credentials into a popup that opens after clicking an email attachment.  I'd suggest these "experienced technical users" are in fact neither experienced nor technical.





"I was born not knowing and have had only a little time to change that here and there."         | Electric Kiwi | Sharesies
              - Richard Feynman


timmmay
18498 posts

Uber Geek

Trusted
Subscriber

  #1705318 18-Jan-2017 15:54
Send private message

I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.

 

I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.


richms
25157 posts

Uber Geek

Trusted
Subscriber

  #1705319 18-Jan-2017 15:55
Send private message

I have it turned on and the only time I get re-prompted is if I clear cookies or use a new browser or phone. What is annoying is crap apps on the phone that use their own in-app browser to do the oauth connection to things - mainly facebook I get that issue with but have seen it on my google account once.





Richard rich.ms



Behodar
8305 posts

Uber Geek

Trusted
Lifetime subscriber

  #1705323 18-Jan-2017 15:57
Send private message

timmmay: I find it a PTA and continual prompting for credentials gets annoying.

 

Bingo. I turned it on for my Apple account, then turned it back off again after getting prompted every single time I tried to get into my account from the same computer on the same static IP address.


mattwnz
18653 posts

Uber Geek


  #1705324 18-Jan-2017 15:57
Send private message

timmmay:

 

I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.

 

I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.

 

 

 

 

Like you I don't have it on for gmail, as it is a PITA, although I do for things like lastpass. But perhaps it is time to use it, as the whole login system of logging in is outdated and has security issues, and belongs in the past. There needs to be a new system.


sidefx
3607 posts

Uber Geek

Trusted

  #1705325 18-Jan-2017 15:58
Send private message

Mine prompts on a login from a new device, but pretty much every time I tick the "do not prompt for this device again" option and it doesn't do it again for that device\browser.

 

 

 

( But would you also put your gmail credentials into a popup that opened after clicking an email attachment? :) )





"I was born not knowing and have had only a little time to change that here and there."         | Electric Kiwi | Sharesies
              - Richard Feynman


Oblivian
6615 posts

Uber Geek

ID Verified

  #1705350 18-Jan-2017 16:33
Send private message

Given I was sent an email the other night that 'Someone has my password'

 

And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission




mattwnz
18653 posts

Uber Geek


  #1705352 18-Jan-2017 16:37
Send private message

Oblivian:

Given I was sent an email the other night that 'Someone has my password'


And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission



It is these apps that want you to log into them via gmail which I suspect are the problem. 2FA is a pain though when you 2FA device decides to die, which happened to me recently.

timmmay
18498 posts

Uber Geek

Trusted
Subscriber

  #1705353 18-Jan-2017 16:40
Send private message

Well I turned Google 2FA on, and so far not too much trouble. Thunderbird/Outlook/Email clients need an app password (phone, tablet, work computer, etc), which you get from the Google security console. So far less annoying than expected.


sidefx
3607 posts

Uber Geek

Trusted

  #1705359 18-Jan-2017 16:48
Send private message

Gmail is probably the most important service for me to protect - it's literally the master for most of what I do. If my gmail got pwned they would have the details of almost every other online service I use, and the ability to reset the passwords on many of them.  I definitely want as much protection on it as I can get :)





"I was born not knowing and have had only a little time to change that here and there."         | Electric Kiwi | Sharesies
              - Richard Feynman


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1705392 18-Jan-2017 18:27
Send private message

Horseychick:

 

Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422

 

I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?

 

 

It came from the Daily Mail. Nuff said.

 

 


andrewNZ
2487 posts

Uber Geek
Inactive user


  #1705397 18-Jan-2017 18:42
Send private message

Oblivian:

Given I was sent an email the other night that 'Someone has my password'


And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission


I got one of these for one of my accounts, (device based in the US). No 2FA but it was still blocked. The account affected isn't my primary account, so I wasn't too concerned.

PaulBags
810 posts

Ultimate Geek
Inactive user


  #1705404 18-Jan-2017 18:54
Send private message

That's not hacking, it's phishing.

SepticSceptic
1971 posts

Uber Geek

Trusted

  #1706330 20-Jan-2017 11:20
Send private message

Cool, lets click on links in email attachments, and then enter our gmail  user and password details into the popup.

 

 

 

Something that neither an experienced or technical user would do. If they do, then they are neither. And stupid.

 

Muppets on Computers. Actually, that's probably insulting muppets. I like muppets.

 

 





My thoughts are no longer my own and is probably representative of our media-controlled government


Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.