Create new account | My Profile | My Account | My Bookmarks | My Inbox | Help | Log in

Google search

Advanced search

HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Google Finally Confirms S...

Tue Sep 10, 2019, 10:33 AM

Star Member Pluvious (3,564 posts)

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

As a rule, one should own and maintain a "banking only" laptop, kept updated, with AV installed - and NEVER used for ANYTHING but accessing your crucial remote online accounts (brokerage, banks, NOT Facebook, Twitter etc).

NEVER used for email, nor apps, nor anything else but the web browser. Make no searches, nor click links or download things.

The sites you visit are never from clicking links, except bookmarks you've MANUALLY created.

Use the native browser, and no added plugins.

Passwords should be maintained in a secure offline password utility. Log into sites by only using the password utility, never save access info in the web browser.

How does the Google Calendar attack work?

Gmail users are finding themselves on the wrong end of a sophisticated scam which leverages misplaced trust through the use of malicious and unsolicited Google Calendar notifications.

Google Calendar allows anyone to schedule a meeting with you, and Gmail is built to integrate tightly with this calendaring functionality. Combine these two facts and users find themselves in a situation whereby the threat actor can use this non-traditional attack vector to bypass the increasing amount of awareness amongst average users when it comes to the danger of clicking unsolicited links.


https://www.forbes.com/sites/daveywinder/2019/09/09/google-finally-confirms-security-problem-for-15-billion-gmail-and-calendar-users/amp/

12 replies, 2495 views

Thread infoBookmark this threadTrash this thread

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 12 replies Author Time Post
Reply Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users (Original post)
 Pluvious Sep 2019 OP
LineReply I have passwords on a double protected spreadsheet
 underpants Sep 2019 #1
LineLineReply At the very least...
 Pluvious Sep 2019 #2
LineLineLineNew Reply Excellent must do routines. People take too much for granted.
 defacto7 Sep 2019 #4
LineLineLineNew Reply what is your take on epic privacy browser using the built in proxy functionality?
 harumph Sep 2019 #6
LineLineLineLineNew Reply I'm sorry but I've not yet researched that (n/t)
 Pluvious Sep 2019 #11
LineLineLineNew Reply +1, "Passwords should be entered by a paste action"
 uponit7771 Sep 2019 #10
LineNew Reply This is a must. It's internet security survival.
 defacto7 Sep 2019 #3
LineNew Reply My place of work requires us to use Google Drive and Google Calendar.
 Coventina Sep 2019 #5
LineNew Reply Never let your work Google calendar/Gmail touch your personal calendar/email
 dalton99a Sep 2019 #7
LineNew Reply I agree with the op article but I'd like to add one extra level of security...
 defacto7 Sep 2019 #8
LineLineNew Reply Good info and suggestions - thanks (nt)
 Pluvious Sep 2019 #12
LineNew Reply I already use a seperated laptop for my banking.
 Delmette2.0 Sep 2019 #9

Response to Pluvious (Original post)

Tue Sep 10, 2019, 10:54 AM

Star Member underpants (174,517 posts)

1. I have passwords on a double protected spreadsheet

That’s should be good, no?

Reply to this post

Back to top Alert abuse Link here Permalink

Response to underpants (Reply #1)

Tue Sep 10, 2019, 11:29 AM

Star Member Pluvious (3,564 posts)

2. At the very least...

Follow these two rules:

No obvious context, and obfuscate them.

Like no URL's and meaningful descriptions

Tac on the end or beginning extra chars that you don't actually use.

But ideally, being viewable isn't good, in case your screen gets captured. And the storing of them should be encrypted.

Passwords should be entered by a paste action, never typed (key logging is a vulnerability).

Cnet site often has top ten lists, I use the open source keepass.org one myself, and download it from GitHub.

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Reply #2)

Tue Sep 10, 2019, 12:13 PM

defacto7 (13,485 posts)

4. Excellent must do routines. People take too much for granted.

That is the biggest backdoor of all, taking the internet and major sites for granted.

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Reply #2)

Tue Sep 10, 2019, 12:27 PM

harumph (1,481 posts)

6. what is your take on epic privacy browser using the built in proxy functionality?

Reply to this post

Back to top Alert abuse Link here Permalink

Response to harumph (Reply #6)

Wed Sep 11, 2019, 10:10 AM

Star Member Pluvious (3,564 posts)

11. I'm sorry but I've not yet researched that (n/t)

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Reply #2)

Wed Sep 11, 2019, 09:09 AM

Star Member uponit7771 (88,339 posts)

10. +1, "Passwords should be entered by a paste action"

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Original post)

Tue Sep 10, 2019, 12:10 PM

defacto7 (13,485 posts)

3. This is a must. It's internet security survival.

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Original post)

Tue Sep 10, 2019, 12:26 PM

Star Member Coventina (24,987 posts)

5. My place of work requires us to use Google Drive and Google Calendar.

And yes, it drives me CRAZY that people can schedule my time for me.

I never even look at my work Google Calendar, I refuse.

When I get smack about missing something, I always say, "Did you bother to inform me, personally?"

"Well, I put it in your calendar," they whine back.

DRIVES ME NUTS!!

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Original post)

Tue Sep 10, 2019, 12:31 PM

Star Member dalton99a (73,648 posts)

7. Never let your work Google calendar/Gmail touch your personal calendar/email

unless you want Google to vacuum everything up and keep it forever

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Original post)

Tue Sep 10, 2019, 01:21 PM

defacto7 (13,485 posts)

8. I agree with the op article but I'd like to add one extra level of security...

If you don't have an extra laptop or even if you do, follow the mentioned instructions but do all your finanical and banking transactions booting into a USB stick with the TOR operating system installed on it. It's has fully encrypted partitions, your connection is anonymous and it automatically wipes your RAM writing over it with random 1s and 0s when you shut it down.
You could do the same yourself if you make a separate enctypted patition on your computer and install a Linux OS in it. You can easily wipe your ram before you leave.

Reply to this post

Back to top Alert abuse Link here Permalink

Response to defacto7 (Reply #8)

Wed Sep 11, 2019, 10:11 AM

Star Member Pluvious (3,564 posts)

12. Good info and suggestions - thanks (nt)

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Pluvious (Original post)

Wed Sep 11, 2019, 07:51 AM

Star Member Delmette2.0 (3,577 posts)

9. I already use a seperated laptop for my banking.

Never my cell phone.

Thanks to everyone with all the extra information to keep us safe.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread

General Discussion (Forum)
DU Home | Latest Threads | Greatest Threads | Forums & Groups | My Subscriptions | My Posts

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2023 Democratic Underground, LLC. Thank you for visiting.