News in brief: Gmail stops scanning; UK Parliament hack; Windows 10 S hacked


Your daily round-up of some of the other stories in the news

Gmail stops reading email

Google has announced that Gmail is going to stop reading your emails. From “later this year” its consumer email product will no longer target ads based on what you read and write.

The ads aren’t going anywhere, they’re just going to rely on your user settings instead:

G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products. Ads shown are based on users’ settings.

The search giant reports that the decision “brings Gmail ads in line with how we personalize ads for other Google products”.

No doubt it will also be happy to see the back of the bad publicity and legal cases that have dogged Gmail’s email scanning as it tries to promote use of its burgeoning paid-for business product.

UK Parliament’s email system attacked

Hackers used a “brute-force attack” against the UK Parliament’s email system over the weekend, apparently gaining access to 90 accounts used by Parliamentary workers and members.

Rob Greig, director of the Parliamentary Digital Service, described the attack as “sustained and determined.” Security services blocked network access to anyone outside Westminster, leaving all 650 MPs and their staff unable to access email until the next morning.

An official statement lays the blame firmly at the feet of the system’s users:

On 24 June we discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre.

… Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.

An investigation is underway to determine if sensitive data was lost.

“Ransomware-proof” Windows hacked

A couple of weeks ago we reported that Microsoft was trumpeting it’s new operating system, Windows 10 S, with the slogan “No known ransomware works against Windows 10 S”.

It’s one of those statements that invites you to infer more than it actually says and triggers the automatic eyeball-rolling reflex in techies of all stripes.

At the time I ventured that:

…hackers are inclined to regard claims of invulnerability, or anything close to it, as an invitation to which the appropriate response is “challenge accepted”.

Well, that challenge was accepted by security researcher Matthew Hickey on behalf of ZDNet, the original reporters of Microsoft’s marketing puffery. Hickey used “a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process”.

And the the code that carried out that attack on Microsoft’s newest operating system? It’s oldest headache: a Word macro.

Can you guess what comes in malicious Word macros these days?

Catch up with all of today’s stories on Naked Security