Enterprise IT Watch Blog

Jan 18 2010   9:21PM GMT

Is Google’s breach disclosure a clever jab at Internet Explorer?



Posted by: Michael Morisy
Tags:
Chrome
Google
Internet Explorer
Security

I’ll file this under “Conspiracy Theories” for now, but security vendor Imperva’s CTO Amichai Shulman said the prevailing explanation for the Chinese hacking incident just doesn’t add up – and it might be a ploy to boost downloads of Google’s Chrome web browser.

Currently, most media reports cite a Microsoft Internet Explorer security flaw as the attack vector for the high-profile security breach, as widely touted by anti-virus maven McAfee. In an e-mailed statement, Schulman had a different theory.

“First, why are Google employees using IE and not Google’s own browser, Chrome?  This doesn’t make sense,” explained Shulman.

“Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users credentials.  A hacker would have to jump through many hoops inside an internal network. This requires network—not browser—vulnerabilities so that the attacker can communicate with malware inside Google’s internal network,” explained Shulman.

“Unfortunately, blaming Microsoft is all too easy and it’s leading to a panic.  France and Germany are now recommending that its citizens not use Internet Explorer given its role in the recent Google hacking incident,” he said citing today’s decision by the leading European governments.  “Could this be a clever way to boost Google Chrome downloads?”

While it’s perfectly fine to question McAfee’s speculation that it’s an Internet Explorer security hole, Microsoft has come close to confirming it in its own Security Advisory 979352 (emphasis mine):

Microsoft thanks the following companies for working with us and for providing details of the attack:

  • Google Inc. and MANDIANT
  • Adobe
  • McAfee

Er, erm. Eh.

At least Imperva’s take makes a good story. I e-mailed Rob Rachwald with Imperva, who e-mailed me Schulman’s statement originally, for clarification.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: