

Hackers who hit Google continue string of attacks - shawndumas
http://arstechnica.com/security/2012/09/google-hackers-carry-on/

======
davidw
I read through expecting to see where people actually died because of these
attacks. Spoiler: no one actually dies.

------
elteto
The two main attack vectors according to the article are IE and Flash. I think
I read here in HN a while ago that using Windows boxes was highly controlled
in Google nowadays, and even some kind of permission was needed. Strong
correlation here, it seems that Google was indeed hit and probably hard.

~~~
SkyMarshal
Windows is highly controlled because of the 2010 attack the author references.
Google eliminated Windows as a workstation choice for employees after that,
allowing only Linux or Mac. They still have Windows around for testing, or
special cases that have to get approved, but very sandboxed.

------
rhizome
Correction: not lethal.

------
yoduh
<sarcasm>

Whatever you do, do NOT turn off Javascript, or stop using Microsoft products
like Windows, or Adobe products like their "Flash" player or even their
seemingly harmless PDF viewer.

Don't be fooled into thinking these "highly sophisticated" hackers need such
things in order to succeed in their "exploits".

And even if they did, the costs of NOT using Javascript, Microsoft and Adobe
far, far outweight the benefits.

</sarcasm>

Nevermind the word "lethal", I've always wondered by the word "attack" was
chosen within the cryptography/computer security world. Maybe someone knows
the history behind it? Once you get used to this term it's seems normal. But
at first it's a bit strange. Playing around with computers and binary numbers
seems like the furthest thing from an "attack" one could imagine. But I guess
it goes without saying that computer nerds have very vivid imaginations.

------
jpdus
Had this discussion 2 days ago: <http://news.ycombinator.com/item?id=4488173>

------
patdennis
This is a bad thing made worse by the fact that victims are unwilling to come
forward because it is embarrassing.

~~~
daeken
Some victims may be unwilling, but I'd say a higher portion of them are un
_witting_ ; most of them almost definitely have no idea what the extent of the
attacks were, if they know at all. When you're dealing with advanced
attackers, just knowing that something is going on isn't going to be obvious.

------
mkhalil
"The number of victims affected, the duration of the campaign, and the
difficulty of identifying and exploiting so-called zero-day vulnerabilities
mean the resources required "could only be provided by a large criminal
organization, attackers supported by a nation state, or a nation state
itself,"

Just say it, you want us to A) hate China. B)Give up internet freedom so we
can have a bigger cyber army

~~~
its_so_on
I love how people are always up at arms how "a nation state" OBVIOUSLY means
Israel in a given story why don't they come out and say it???, or OBVIOUSLY
means China in another story, or OBVIOUSLY means the NSA, come on!!

Meanwhile, the reporter is the only one smart enough not to speculate based on
nothing.

