Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicGmail hacking


149 posts

Master Geek
+1 received by user: 79


# 207896 18-Jan-2017 15:46
Send private message

Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422

 

I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?

Create new topic
3277 posts

Uber Geek
+1 received by user: 979

Trusted

  # 1705304 18-Jan-2017 15:50
6 people support this post
Send private message

Erm... so apparently these so called "experienced technical users" don't have 2FA turned on?  And happily enter their credentials into a popup that opens after clicking an email attachment.  I'd suggest these "experienced technical users" are in fact neither experienced nor technical.

14746 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 1705318 18-Jan-2017 15:54
2 people support this post
Send private message

I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.

 

I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.

 
 
 
 


22054 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1705319 18-Jan-2017 15:55
2 people support this post
Send private message

I have it turned on and the only time I get re-prompted is if I clear cookies or use a new browser or phone. What is annoying is crap apps on the phone that use their own in-app browser to do the oauth connection to things - mainly facebook I get that issue with but have seen it on my google account once.




Richard rich.ms

6561 posts

Uber Geek
+1 received by user: 1279

Trusted
Lifetime subscriber

  # 1705323 18-Jan-2017 15:57
One person supports this post
Send private message

timmmay: I find it a PTA and continual prompting for credentials gets annoying.

 

Bingo. I turned it on for my Apple account, then turned it back off again after getting prompted every single time I tried to get into my account from the same computer on the same static IP address.

14809 posts

Uber Geek
+1 received by user: 2007


  # 1705324 18-Jan-2017 15:57
Send private message

timmmay:

 

I'm a very experienced technical user who does quite a bit of security work. I don't have 2FA turned on for Google because I find it a PTA and continual prompting for credentials gets annoying. I have 2FA on for AWS, Amazon, and a few other things. So I don't think it's fair that no 2FA = idiot.

 

I should probably turn it on though, and I will if someone can tell me Google / Gmail doesn't constantly prompt for it.

 

 

 

 

Like you I don't have it on for gmail, as it is a PITA, although I do for things like lastpass. But perhaps it is time to use it, as the whole login system of logging in is outdated and has security issues, and belongs in the past. There needs to be a new system.

3277 posts

Uber Geek
+1 received by user: 979

Trusted

  # 1705325 18-Jan-2017 15:58
Send private message

Mine prompts on a login from a new device, but pretty much every time I tick the "do not prompt for this device again" option and it doesn't do it again for that device\browser.

 

 

 

( But would you also put your gmail credentials into a popup that opened after clicking an email attachment? :) )

3165 posts

Uber Geek
+1 received by user: 412


  # 1705350 18-Jan-2017 16:33
Send private message

Given I was sent an email the other night that 'Someone has my password'

 

And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission

14809 posts

Uber Geek
+1 received by user: 2007


  # 1705352 18-Jan-2017 16:37
Send private message

Oblivian:

Given I was sent an email the other night that 'Someone has my password'


And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission



It is these apps that want you to log into them via gmail which I suspect are the problem. 2FA is a pain though when you 2FA device decides to die, which happened to me recently.

14746 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 1705353 18-Jan-2017 16:40
Send private message

Well I turned Google 2FA on, and so far not too much trouble. Thunderbird/Outlook/Email clients need an app password (phone, tablet, work computer, etc), which you get from the Google security console. So far less annoying than expected.

3277 posts

Uber Geek
+1 received by user: 979

Trusted

  # 1705359 18-Jan-2017 16:48
Send private message

Gmail is probably the most important service for me to protect - it's literally the master for most of what I do. If my gmail got pwned they would have the details of almost every other online service I use, and the ability to reset the passwords on many of them.  I definitely want as much protection on it as I can get :)

27782 posts

Uber Geek
+1 received by user: 7270

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1705392 18-Jan-2017 18:27
One person supports this post
Send private message

Horseychick:

 

Herald reporting Gmail hacking - http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11784422

 

I don't usually trust their reporting so has anyone experienced this yet or think it sounds correct?

 

 

It came from the Daily Mail. Nuff said.

 

 

2107 posts

Uber Geek
+1 received by user: 1180


  # 1705397 18-Jan-2017 18:42
Send private message

Oblivian:

Given I was sent an email the other night that 'Someone has my password'


And in my security logs stated a device from Sweden had used my credentials but been blocked. Needless to say 2FA was enabled. No phishing etc however, so god knows how they got it. Other than possibly of my apps being reported as logging in with it that have google acct login permission


I got one of these for one of my accounts, (device based in the US). No 2FA but it was still blocked. The account affected isn't my primary account, so I wasn't too concerned.




Location: Dunedin

 

 

810 posts

Ultimate Geek
+1 received by user: 191
Inactive user


  # 1705404 18-Jan-2017 18:54
Send private message

That's not hacking, it's phishing.

1756 posts

Uber Geek
+1 received by user: 363

Trusted

  # 1706330 20-Jan-2017 11:20
Send private message

Cool, lets click on links in email attachments, and then enter our gmail  user and password details into the popup.

 

 

 

Something that neither an experienced or technical user would do. If they do, then they are neither. And stupid.

 

Muppets on Computers. Actually, that's probably insulting muppets. I like muppets.

 

 




My thoughts are no longer my own and is probably representative of our media-controlled government

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07

Techweek starting around NZ today
Posted 20-May-2019 09:52

Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00

New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30

Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11

Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23

Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11

Vodafone New Zealand sold
Posted 14-May-2019 07:25

Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25

Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39

Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25

Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13

The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41

Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06

Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.