An interesting blog post has highlighted how Gmail accounts can be hacked – Google Email Hijack Technique. Aside from the issue that it appears quite easy for someone/thing who knows what they are doing to start snooping on your email (more than slightly worrying), the blog post highlights a new security challenge for anyone beginning to rely on hosting data in ‘the cloud’ – i.e. stored on remote data centres and accessed using online services. Think Gmail, Flickr, YouTube, Facebook, Office Live, MySpace, LiveJournal, SalesForce…
When viruses first appeared, the primary method of spread was through infected disks. People had a habit of leaving floppy disks in computers. When the computer was next switched on, a virus would copy across from the floppy disk (way back when, the floppy disk drive was the first item read when your computer started up and the most common form of network for file sharing). Your computer would start to behave oddly as files became corrupted and you lost all your data. People, through training, threats and learning the hard way through experience, began to get better at not leaving disks inserted in computers when they switched off. But it didn’t matter because the threat changed…
Along came email and networks. New ways of hacking accounts, crashing computers and corrupting data arose that no longer relied on a floppy disk to spread the havoc. And new challenges appeared – spam overwhelming inboxes, phishing scams persuading people to willingly hand over bank details. Whilst some attacks were purely web-based (fake sites pretending to be your friendly bank), the majority of attacks still focused on taking control of your computer and doing bad stuff with it. But having a computer crash has become less of a worry as more data is being uploaded onto the web. Our need to have our data available regardless of the device we happen to be using means our devices are more resistent to damage. If your computer gets hacked, wipe it and rebuild it, then re-sync with your online services. And so the threat changes again…
The Gmail exploit doesn’t care about your computer, or your mobile phone or whatever device you choose to use. It lives in ‘the cloud’, hacking directly into the online services that are hosting your data. If Gmail gets hacked, what do you do? You can’t just format and rebuild, as has worked in the past with computers. You don’t control the service or the computers where your data is stored. Instead, you have to trust Google (or whichever service provider you happen to be using) to fix the issue. It’s a different dynamic and one that will need to be considered by any organisation planning to switch from local servers to fully hosted services.
Technorati tags: Web 2.0; Enterprise 2.0; Gmail
Joining Dots 