Gmail Can Encrypt Connections Automatically

Gmail has a new feature to always encrypt connections. It’s always been possible but not everyone uses it.

What’s encryption? Say you’re at work (or at school, or at a library or an internet cafe) and using a computer to read Gmail – it’s technically possible for someone to monitor everything going out to the internet. Encryption protects your privacy in this situation, making it difficult for someone to monitor your internet usage.

How do you use it? Inside Gmail go to the Settings menu. You get the following options:

  1. Always use https (select this option to use encryption)
  2. Don’t always use https

https

Pros:

Cons:

I strongly encourage you to use this feature. Every little bit of additional security helps, especially when it’s so easy to use.

Note that using this form of encryption only protects your privacy between the computer you’re using and Gmail. Emails were never meant to be secure or private.

Facebook Exposes Birth Dates

dates A flaw in a beta version of Facebook made it possible to see member birth dates, even those set to hide this information. Birth dates are often used to confirm someone’s identity. By having a full name and birth date it’s possible to phone up companies and ask for more private information (this is called Identity Theft).

Facebook has already fixed the flaw. However it’s a good reminder that any private information you enter into a social network such as Facebook could some day be read by someone not meant to read it.

If something is important enough to be private then don’t enter it into someone else’s system without thinking through the potential consequences.

You can view a video of how this flaw works here.

Fake Invoices

departures There’s some new spam that claims you bought a plane ticket and has an invoice attached. The invoice is in fact a piece of malware. This is similar to the UPS (United Parcel Service) emails that have been popular in the past couple of weeks.

The email will have a variation of the following:

If you get any emails like this just delete it. Don’t open the attachment.

Latest Trojan Emails

New trojan emails will never cease. I’ll just summarise these new spam emails below. The deal’s always the same, some story and/or photo to get you interested enough to click on a link, download some malicious code or to type in some personal details into a stranger’s web site.

So delete unsolicited emails featuring the following:

Legally Installed Spyware

In December last year I wrote about Germany’s police wanting to install spyware on people’s computers when they deem it necessary. The legislation has now been approved, at least  in the German state of Bavaria.

What this means to you:

If you live in Bavaria, either as a resident or as a visitor, keep in mind that authorities can now legally install spyware on any computer you use if they suspect you of being a terrorist, or posing other serious criminal threats. This sounds fairly general and could apply to a lot of situations.

If the police can’t install spyware on your computer remotely they also have the authority to enter your premises and install the spyware directly onto any computers you use.

No judicial warrants are required.

So if you have any data you wish to keep private (assuming you have a perfectly legitimate reason to do so) you’ll have to start being creative. You could take your business elsewhere, be paranoid about what computer or operating systems you use (hint: popular systems are usually easier targets), and keep informed on the latest computer spying and hacking techniques.

This article’s aim is to raise awareness that governments can and do spy on people’s computers.

More information here.

Iran Invaded – Malicious Emails

Some emails have been seen with headlines such as:

The email looks like it has a link to a video.

bombing In the background it installs a variant of the Storm trojan, probably the most widely spread and malicious trojan to date. Your PC will then be under the control of others without your knowledge. It’s bad. Estimates vary but there are between 1 million and 10 million PCs in the world that are currently under the control of Storm.

So don’t open this email. At this time Iran has not been invaded (and hopefully no country ever will be). Delete it, and let others know.

Skype Phishing Emails

Skype has issued a warning that people have been receiving emails that appear to be from Skype. When a user clicks on a link in the email, they’re taken to a login page that looks like Skype’s website (but in fact it’s operated by someone else). When you enter your username and password, they’re sent to someone who will then use them for some malicious purpose.

How can you tell a real Skype login page from a fake one?

According to Skype the only page that they will ask you for login details is:

https://secure.skype.com/…(anything else is ok here)…

If you’re about to enter your Skype details into a website that doesn’t exactly match the above then it’s probably fake. What if it’s just a few letters different? What if the dot’s in the wrong place?

The part after the // and before the first / needs to be an exact match. I’ve made this bold just to make it as clear as possible. The part at the end is ok.

Below is a copy of one of these Skype phishing emails. I’ve copied the contents here to help Google index this page. When you receive suspicious emails it’s a good idea to copy and paste a few lines into Google. You’ll soon be able to tell if it’s a known fake email or real.

Account blocked

Hello!

We have to notice that your account is suspended because Skype major Terms are being changed.
To re-activate your account you need to agree with the new Terms here:

Follow this link to re-activate: ACTIVATE

after that, your account will be automatically re-activated.

Thank You!

Skype Administration

The word ACTIVATE has a link that goes to the fake Skype login page. In most email clients, if you hold the mouse pointer over the link you can see the real destination. If it’s not like the one shown at the top of this article then it’s fake. See this screenshot of the fake one:

Camera Memory Card Scam

This scam is interesting. A shopper was approached by someone and asked not to photograph in the store. Then he was asked for his camera’s memory card. It wasn’t a security guard that did this, just some random stranger hoping to be mistaken for some security person.

Within a few minutes a man came up dressed in plain clothes, flashed a badge, and told him he couldn’t take photos in the store.

Read the full post here.

Gmail and Yahoo Mail blocking fake eBay emails

keys Yahoo owns some technology called DomainKeys that can verify the sender of some emails. One thing it can do is recognise real and fake emails from eBay and PayPal. This is good because quite a few phishing emails claim to be from eBay or PayPal, intended to trick people into providing their login details.

Google has just implemented the technology for Gmail. So if safe email is of concern to you, your best bets are to use either Yahoo or Gmail for your emailing.

More technical information here.

Next Page →