[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Henry Bremridge wrote: > http://news.bbc.co.uk/1/hi/technology/8153122.stm > > In short: > > - Either an employee or Twitter as a policy matter put their financial > projections etc on google docs. A user with access to these figures > had a bad password for their web email > > - The users personal email was hacked by guessing the password, and > access obtained to the google docs website Reads to me as if the users personal email account was compromised, then they used this to request a password reset on their Google account. Having seen this approach used numerous times (escalating from email to other accounts), people should realise that the weak spot is often their email security, since a lot of other systems assume only you can read your personal email. Email password resets for me require me (or Neil) to do it, but at the end of the day my personal email is still (probably) less secure than my online banking, or Paypal accounts. Hopefully the bad guys realise I'm not rich and will focus on someone else's accounts, although possibly by the standards of Guinea Bissau we are all rich and they might take the risk for the remaining credit on someone's mobile phone contract. Having had issues with a Google account password, folks need to realise they may be locked out for a considerable period if someone does compromise a free account. That is why for customers I always recommend that get the paid support. But I suspect Google may be better than many other free providers, as you do eventually get support on their free email offering if you persist. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html