Posted for Lauren J.
This Computerworld article titled “Gmail, Yahoo Mail join Hotmail; passwords exposed” written By Gregg Keizer seemed scary to me because I have accounts with all three web mail providers and it discussed the compromised security systems of both Gmail and Yahoo who are now sharing the stage with a previously invaded Hotmail. Both Gmail and Yahoo were victims of large scale phishing operations that previously led to at least 10,000 Hotmail passwords being stolen. It’s believed that users were tricked into providing their username and password information in a phishing scam that may have taken place over a long period of time.
As expected both e-mail providers said that they were taking precautions to protect users against these kinds of scams by forcing password resets among other things. Yahoo and Gmail declined to comment when Computerworld contacted them but the article states that a list of compromised accounts has been in circulation and about 20,000 of those accounts include accounts for Gmail, Yahoo, and other popular web mail providers. Based on reports from the Anti-Phishing Working Group (APWG) these types of scams are on the rise this year so users should be cautious before revealing personal account information.
As stated earlier I have accounts with all three providers in this article and I was the victim of someone hacking into my Hotmail account. The hacker actually sent an e-mail from my account that was riddled with grammatical errors and misspellings asking friends to make random purchases. Now I am the most paranoid person on the internet and I have never provided my account information to anyone so I know that I was no victim of any phishing scheme but more than likely someone has accessed the “secure” user information databases of these providers which is even more unnerving. After reading this article I felt a little more at ease knowing that the internet providers seem to finally be aware of the issue but at the same time it scared me because now I need to change the information for my other accounts.
How do we ever really feel safe when using the vast arena that is the internet? How do we increase our online collaboration and begin to store more data online if security can be compromised at any time? Is security the missing link to gaining the trust of other skeptical internet users?
I think security is a big concern for many barriers using the internet. It most of your security is in your hands. You have to make sure that you make a complicated password and never gave it to anyone. For example, once I get scam on my email and I sent weird email to all my contacts saying that I found a website which is interesting selling a product, blah blah, please check this out. When my friends went to that website they got a scam on their PCs unfortunately.
Security will always be an important issue for everything especially Internet world. Everyone has to be careful when you are using those things on the Internet.
Posted by: Veerapatr K. | November 17, 2009 at 11:30 PM
Well emails are always going to be around. Opening the emails is another issues. We just need to be careful of what we identify as virus free. Hacking has become a part of our system. Thats why on going security will always be around...
Posted by: Roselyn Odulate | November 15, 2009 at 09:53 PM
I have seen some pretty good lures in phishing email and can understand how some people are lured into the trap. I think that private companies have a reasonable ability to enforce good security practices among their employees to prevent email and private network compromises. Still, how can you protect people from themselves when they do not have a basic understanding of how to recoginize the most obvious kinds of attacks. With all of the press that this issue gets I am amazed at how many people jump into the world of on-line shopping and email without a basic understanding of what they need to do to protect themselves. Even scarier is the fact that children are on the internet unsupervised and they know more about how to set up a free email and FB account than their parents do. I would love to see some of these ISP's require some kind of on-line tutorial that had to be completed before an account was opened. I imagine that many retailers and ISPs would see it as a deterrent for new customers, but given what is at stake for them in terms of reputation and the amount of resources it takes to address security breaches, I would think it could only help to protect their customers from themselves. I think that elementary and high schools should also include these kinds of topics in their regular curriculum.
Posted by: KimG | November 11, 2009 at 10:04 PM
This is a good question, in my opinion i feel that no matter how much security we use there is always someone out there who is willing to hack into our networks. I mean without spending lots of money for the security I don't think it will be an easy task. I can understand big corporations spending money to save confidential data onto their networks but I don't see how everyday users can be protected without spending lots of money.
Posted by: sofia aleem | November 09, 2009 at 08:19 PM
I attended a data security seminar where lawyers told us that as long as you have put forth some level of effort in order to protect client's data AND you have the policy documented, your risk of loosing a lawsuit is low.
For example, I could backup all of my client data onto a flash drive and keep it in my desk drawer. As long as the company's data security policy stated the same, the company is ok.
Sure, the cleaning staff could find the drive and sell it on eBay, but according to these laywers, we would win any lawsuit.
Posted by: Steve F. | November 09, 2009 at 07:41 PM
I agree with Kyle F. you have to be careful. It most of your security is in your hands. You have to make sure you have a complicated password and never give it to anyone. There are many other practices that keep you more secure. I've never heard of Google actually being hacked but more of people being able to guess your password, or guess your lost password questions, or phishing scams. Everyone needs to realize that you can't trust much on the Internet.
Posted by: Joe Steinkamp | November 09, 2009 at 12:29 AM
Computer Security in general is never perfect, but I don't think that should keep people from using it. Most phishing incidents are due to users not being careful when it comes to their account information. People are in car accidents everyday, but that does not keep most people from driving. The uses of technology should be though of in the same way.
Posted by: Matt Fields | November 08, 2009 at 09:12 PM
I dont think you can ever feel secure while browsing the net or purchasing something online. I too was a victim of a phishing email. It looked just like the email I would receive from Paypal and asking me to change password for the account. When I clicked on the link, it took me to a website that looks exactly like Paypal except the actual URL for the website was no where close to Paypal.
I finally figured out that it was a fake website and I have been more paranoid about opening any link that comes in my inbox. I have been charged several times on my credit card because it leaked while buying something online. Therefore, I almost never buy anything online anymore. I think there can never be a complete security when doing anything online because someone can somehow always figure out a way to hack into it.
Posted by: Kevin Maung | November 08, 2009 at 05:01 PM
In my opinion it is mostly the user's fault. I'm not saying he is intentionally doing it, but his lack of caution and carefulness lead to such things. I don't think a hacker or spammer can get easily into a service provider network and steal user's information, it is the user who gave this information by not making sure what site he is working on. I know it is hard for people to distinguish a phishing from normal site because hackers design the phishing site to look exactly the same as the original one; but yet there are some clues to say if a site is real or phishing one.
Posted by: Haidar AlMubarak | November 08, 2009 at 12:13 AM
Good post. As part of my job I do network security and I can be pretty cautious. I remember a couple of years ago getting a phish e-mail that scared me. It was pretty real looking but I knew enough not to put my information into the redirected page.
I as a rule never click on an link provided in an e-mail. If I get an e-mail from a service that I pay for I know open a browser and go directly to the page.
This problem isn't unique to collaboration or SaaS offerings. Large corporations have to worry about their public e-mail pages being phished.
Posted by: Keith Townsend | November 07, 2009 at 09:10 PM
In my personal experiences, I have seen many things of this nature happen to people in my family. I tend to be the only one that is fairly close to being technically savvy by any means and for that reason anytime something happens, they tend to come to me for any help that they can get. These tend to be inevitable, phishing in particular. Majority of people that are not knowledgable of tech threats do not look at urls to ensure that it is guiding to the correct site when there is a possible phishing attack and for that reason they get swayed into fake chase websites and end up giving their login information which can be very damaging to their financial data's integrity. not to mention all of the viruses that I have had to clean off of computers because of people opening private messages on facebook.
Posted by: Greg Chamopoulos | November 07, 2009 at 04:03 PM
I think the best way to protect yourself is not to use the internet. Since that option is virtually impossible for everyone, i think the second best option would be to either use stronger password protection and extremely cautious of what we do over email or other social networks.
Posted by: Cornel Benford | November 07, 2009 at 08:29 AM
To James: a VPN and MPLS network will only help you if people are trying to watch the data that you send. It will not help if you click on a malicious link, say a fake facebook login page, where you enter your facebook login data. It is likely that the page will say that you mistyped your password and redirect you to the real Facebook login page. There you will reenter your data and you won't even know that you have been compromised.
One of the best tips that I have heard is that if you see a link to a page you want to visit, like http://www.facebook.com/something/somefriendrequest/pickme, open a new browser window instead of clicking on the link, type in the address bar http://www.facebook.com, login there, then find the information you were looking for. If it was a fake request, you won't see the request and you won't have lost control of your account data.
Posted by: Leigh Hollowell | November 05, 2009 at 08:56 PM
Yes I feel completely safe when using my laptop and being on the internet. I generally use my work laptop which I have a secure remote VPN that I must dial into where I hit my company's incredible large and fully protected MPLS network. Since we sell, support, engineer security options we may have 1 of the most secure networks in the country so I always feel secure when on the internet.
With regards to data storage, we have 10 off site data centers all across the country that are connected to the MPLS network so nothing is stored online.
Security will always be an issue as the "hackers" are never sleeping and always changing so for security options it is incredible difficult to prepare for everything.
Posted by: James Kempski | November 04, 2009 at 03:50 PM
Great Post! I also have accounts in yahoo, gmail and hotmail. It is scary to think that maybe other people can see your emails and read your profiles with the telephone number or addresses on them.
Safety and Security issues online are the most important for our day to day users. One time, I get this scam on my email and I replied unfortunately. Thank Goddess i got it fixed..otherwise my credit card would get charged.
We definitely need more security online!!We don't know who accessed to our profiles. Email address is too vulnerable!
Posted by: Ying C. | November 04, 2009 at 01:14 PM
Similar scheme is going on these days, which i think will result in another scam of password hacking, in which you get an email through which when you put in your password and email address it will tell you that which of your contacts have blocked you.
But then again email address vulnerability is a major issue, considering the amount of personal and professional data can be up there, i would still recommend that one should be cautious before putting anything out in the world of cloud computing.
Posted by: Munib Rizvi | November 04, 2009 at 01:45 AM
I don't think there will ever be complete security on the internet. There really isn't that guarantee anywhere you go...your car could be stolen when you go somewhere, your social security number could be seen on a paper at your Dr's office...the internet is not the only place which is un-secure. However, it does allow for perceived anonymity when attempting to commit a crime or fraud. You you can't immediately seen on the internet, it would seem a much easier action to try to break into something from the comfort of your laptop as opposed to physically trying to break into a bank. I think there will always be people preying on vulnerable internet denizens...no matter the precautions you put in place.
Posted by: Jeff Newton | November 03, 2009 at 08:33 PM
E-mail security is serious issue. One of my friend's yahoo id was hacked. She lost her password and after that I kept getting weird ad emails from her email account. She tried to contact yahoo mail but they couldn't help to her get her old account back.
I have seen so many online accounts which asks you to enter your email username and password to get your contact information to synchronize with their social networking site so they can automatically send emails for invitation. Doing this will also put your email account at risk. There are tons of spyware and malware all over net which can capture information from your computer and send it to the hacker. There are so many ways your email account can be at risk. Email provider like yahoo, google, hotmail can do so much to prevent this types of threats.
Posted by: Kaushik Patel | November 03, 2009 at 08:32 PM
Actually , It is a big problem . Almost every one has at least one or tow email and he / she chicks her email daily or hourly . The email become more important these days we receive important information in our email and we save it on. Also,we have some pics or personal information on it.
so, without security or with all these spam and hackers ,how can we trust email or safe our information on!
I have one email that someone just spam it and talk with my friends by rude way and they think that I am the one who speak with them, I told them NO that not me , please just get rid of him!!Also, last week I just put my apartment in craigslist,then I got an email from girl that she really like that apartment and want to rent it but she need some info and my bank account ,It is wired email I replay for her and I got the same email,when I asked some of my friends she told me it is a spam not real email !!
So, it is a scary things may happen to you >>But to avoid that , I think the best way is to change your passwords monthly , don't open any strange email,and finally don't register to any website if you are doubt about it .
Posted by: zahra | November 03, 2009 at 05:28 PM
It is really scared ,,,
I have a hotmail account and I usually got spam and hackers,,,,
Before 2 weeks I got an email from my friend {hi, how are you long time I did not see you
and there was a link at the bottom} .
The funny thing is that I really I did not see her for a while,,,
so I opened the link and guess what ,,It is a hacker ,,when sign out my hotmail starts to send the same email for all my friends ,,and one of my friend called me and said why did you send me this I just saw you I said I did not .. at the morning I got bunch of emails from my old friends ,, directly, I changed my password and I asked them to do so ,,,,,It is really funny and scary ,,we should really be careful and I think we should change our passwords between time and time
We should not trust any massage from friends I usually got some invitations to join groups or site but when I ask the one who send it I discovered that he does not have any idea about it …..
Posted by: zainab | November 03, 2009 at 04:37 PM