Sign up to our newsletter
Engineers are really smart people who often know how to make something with no real world effectiveness work really well without effect. In a glaring example of marketing hype, very limited effectiveness, and a lesson in teaching users to fall for phishing attacks, Pavni Diwanji, Engineering Director at Google published a blog post http://googleonlinesecurity.blogspot.com/2010/03/detecting-suspicious-account-activity.html
The blog tells of how a friend had his account hijacked and then the attacker asked him for money. This is pretty much the same scam as I blogged about at http://www.eset.com/blog/2009/07/27/hotmail%E2%80%99s-delay-may-facilitate-fraud.
I was going to leave a comment, but the blog is on Blogger.com and it was asking me for a Google.com account and password. This is sooooooo phishing like. Yeah, I know of the relationship between Google and Blogger, but may people do not. To ask for the Google credentials there is truly irresponsible.
I don’t really feel any safer knowing that if my Gmail account is hijacked Google will tell the attacker his IP address.
Giving credit where it is due, Google has some really smart security professionals and some very dedicated employees who do make a difference. In this case they have an engineering director in need of serious education and an enormously broken comment scheme on Blogger.com. If it takes a Google account and password then put it on a google.com address.
Director of Technical Education
Author ESET Research, ESET