Is it the Browser, or the People Using the Browser?

Another breach of security, at another big name.  Or is it?  The recent announced breach of email and personal information comes to us from Google and those with Gmail accounts.  The “attacks” have come from China, and affected “top U.S. officials.”  But reading the fine print in all of the articles out there about this latest “breach,” brings up the same cause:

targeted attacks…duped victims into revealing their Gmail passwords through e-mails that pose as people or companies known to end user.”

In other words, phishing.  The users themselves were to blame for letting the hackers into their accounts.

If I leave my car unlocked and full of things like GPS devices, iPods, digital cameras, backpacks, the purchases we just made at Macy’s and the Apple Store, we can’t complain that someone stole our stuff.  If you let the crook into your living room, you can’t complain that he stole your television!

The fact is, there are always going to be people trying to rip us off.  That’s the way the world is, whether we like it or not.  We lock our cars, and the doors to our houses, because that’s the best way to keep out the bad guys.  It’s not fool proof, of course, but it reduces the chances of a theft by a whole bunch.

The same needs to be the case for use when it comes to our computers.  Not taking an extra 30 seconds to check the legitimacy of an email from someone, and to be suspicious of anyone asking for my username or password, I have successfully avoided getting a virus, a trojan, malware, or worse yet, my personal information.  In other words, I’ve never been hacked.

I’m not smarter than anyone else, I’m sure of that.  What I am is skeptical, and cautious.  I still only read email in text form (not html).  I know what my friends sound like when they write to me in an email, and I will recognize when they don’t sound like themselves.  I use strong passwords, and answer my “challenge questions” with false information that I will easily remember but that no one else can figure out.

I don’t consider this recent “attack” as a hack, as much as it is a crook taking advantage of people who have left themselves open to theft.  That crook is always looking for a way to get what is yours.  It is up to me to make sure he doesn’t have an open door to walk through.  “Top government officials” should know enough not to be phished.  And if they don’t know enough, then why aren’t they being trained to be more cautious?

This alone amazes me. It’s not that hard to be cautious, to keep a suspicious mind, and to take a few extra minutes to verify that where you’re clicking, and what information you are entering, is really something you should be doing.

Is Google supposed to take responsibility for this recent attack?  I sure don’t think so.  Place the blame where it belongs:  on the user.