There’s no end in sight for Telecom email users. While the company’s move to require the use of SSL for email access (Really, all those email passwords were transmitted in the clear over those WiFi access points around the world up until now?) is a Good Move™, the fact they got the SSL certificate with the wrong server name is troubling.
Apparently this certificate was issued to pop3r.xtra.co.nz instead of pop3.xtra.co.nz. People are accepting this certificate just so they can get to their emails. This is bad because I’ve seen comments such as “just accept it I need to get to my emails”.
@freitasm That would explain a lot. Had to add an exception for the cert when my Mum started shouting at Thunderbird.— Indy (@Indy_Griffiths) March 17, 2014
Not everyone is seeing this error, which points to multiple servers having a good certificate and at least one of them having a bad certificate.
What happens next time these users see a certificate error? They will repeat the “just accept it” routine, thinking it’s just another small problem? Do these people actually know the implication of accepting SSL certs left, right and centre? Probably not. And here is the problem.
Windows XP was released mid-2001. It was a different world then. Things changed a lot in terms of security, safety and privacy online over these 13 years and the OS needs updating to front the new, more evolved risks as well as the avalanche of data we now receive.
I was surprised someone on Twitter posted “This Windows XP update exists solely to tell you that it is Windows XP and Microsoft wants you to pay more money to upgrade.”
Interesting way of putting it. Apple launched OS X 10.0 around the same time of Windows XP and they have been launching new versions of OS X over the years, and every few versions software need to be updated or it won’t run properly. But I never read anyone saying “they’re doing it to get people to pay more”.
A big difference here is that software that run on Windows XP will most likely continue to run on Windows 7 and Windows 8, with few exceptions including drivers (if you have devices that old they are probably reaching the end of their lives anyway).
For users of Microsoft’s platform this is good and bad. It’s good because reduces the cost of going to newer OS versions. It’s bad because (some argue) newer OS versions need to keep supporting these older software and APIs, keeping the OS rather large and the maintenance costs (in both time and number of developers) adding over time.
It’s also bad because adding security safeguards to old OS versions is not always possible, due to limits in the original implementation.
For consumers who still haven’t received the message about security, safety and privacy Windows XP still seems a pretty good OS. Most of the current software still run on this old OS, it doesn’t need big hardware and it’s pretty easy to use. The end result? From January 2014 – March 2014 around 29% of Internet-connected computers were still running Windows XP (down from 39% the year before). This shift is not moving fast enough.
The next Windows Update for Windows XP will add a message that will be presented to users to let them know this OS is no longer supported.
Still, many people using pirated copies of Windows don’t get updates anyway (security or otherwise) and most likely don’t care. And I guess most will just click the box “Don’t show this message again” and be done with it.
Microsoft has extended support for its anti-malware software until July 2015. For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.
Also note this end of support doesn’t apply only to Windows XP but Windows Server 2003 as well.
Someone commented that the malware developers need only reverse engineer the first few security updates released for Windows 7/8 but not for Windows XP to create new tools to attack and control those unprotected machines. Let’s see what happens in June 2014.
Yahoo! has acquired Vizify… And it proceed to do what it’s done with 30 startups it previously bought: close the service down. According to people following the tech industry this means the company has closed 31 out of 38 startups it acquired since Marissa Mayer took the helm. But this doesn’t happen on Yahoo! only. All other large tech companies acquire technology to incorporate into their own products and differentiate themselves in the market. If this works out well for consumers or not is another story.
But that’s not what I am thinking about here. I am thinking about your online security. Every now and then I take ten minutes to go through the Twitter authorised apps list and remove some of them:
I also do this on Facebook and LinkedIn. My reasoning? Who knows what is going to happen with those tokens granting account access that are stored in these databases? How do I know the new owners can be trusted?
Sure, you’d say “It’s Yahoo!, they won’t go around spamming your followers from your account”.
My original “contract” was not with the new owners and I have no idea of their plans. The best thing, the safe thing, to do when a service is acquired is to revoke those tokens. Go through your Twitter Apps list (Twitter | Settings | Apps) and look through it. See the number of apps you gave permission to access your information, impersonate yourself to post in your stream, read your friends/followers lists, etc?
Some of those you only used once. Some of those you don’t even remember what they are.
Go on, clean up the mess and you will be safer.
Getting to Auckland was easier said than done, with the Wellington airport being closed due to a fog that came down and lasted for more than 12 hours, resulting in almost all morning flights being cancelled. Even so I managed to take off only two hours later than originally planned.
Netguide’s Sean Mitchell said there was a record number of votes this year (290,000 for all categories in the whole competition if I’m correct), so it is great to be able to receive this award. It is really our great community that make it happen and keep it pumping, with help from our team of volunteer moderators. So it’s really for all of us, not just me. Well done folks.
The event was fully packed at the Hilton Hotel where people in attendance had the opportunity to mingle before the doors opened to the conference room. After the event I had dinner with the ESET NZ team, including Steve Smith who had earlier taken this photo:
Telecom's decision to stick with Yahoo! as a mail provider after a review in 2013 was wrong and email accounts hacks happened three times since that decision.
It's time they start a serious project to protect their customers. At this rate we may soon see more than just spam being sent out but successful phishing attempts leading to loses from both sides.
It will be a long project. No one likes moving a million email mailboxes, but it must be done. Now.
Just received an email from someone saying “I am not a spammer” and immediately offering SEO services (most of SEO services are spammers, with few exception). Rule of thumb if someone starts by saying “I’m not a spammer”, then they are.
Immediately after that I received a LinkedIn connection request. Hmmm, I don’t recognise the name (and I usually don’t add people on LinkedIn if I haven’t met or least corresponded a few times) but let’s have a look… Wow, she’s good looking. Sure, I am going to link now and… WAIT A MINUTE! SPAMMER RADAR ALERT!
Folks, I introduce you Angela Newton who is, according to her LinkedIn profile an accountant in London, UK. But there’s no background information, no previous work, in fact the only relation to me is a shared connection, someone who I assume accepted the request because either thought she was good looking or wanted to increase the number of connections (the old fallacy of having a large number of followers, etc, etc).
Google images is your friend, so I use that avatar and search for similar photos. This is what I get:
Would be possible that “Angela Newton” is actually using someone else’s photo? Well, it looks like… Because these are the other search results for similar images:
It seems Dr Tara had her photos professionally taken to improve her business profile around the web (well done) and some scumbag spammer decided to use those photos to lure more people into their fake LinkedIn profile.
Again folks, if you don’t know the person requesting a connection, don’t do it. At minimum you will start getting messages offering services, at most you will get involved in some scam.
Don’t think for a moment this is something that happens on LinkedIn only though. I see more and more of this on Facebook and even more on Twitter, where a web of robots follow each other to give the impression of being actual human beings.
Only found about this one today, but it’s a funny one so posting anyway… It must be a very compelling economical reason for Verizon Wireless to commission the filming of a TV ad here in Wellington, New Zealand for their mobile network in the USA:
Free support for products with a huge user based can’t scale well. Large companies (including Microsoft and Google) realise this and most of the times reply with “post in our forums”, where a large group of users try to help other users and eventually someone from the company will try answering some questions.
Years ago I was a paying Google Apps customer and despite having a PIN to access support via email the reply was “please post in our forums”. I cancelled the service and moved to Office 365 (back then Microsoft BPOS) and never looked back. Microsoft’s paid support is excellent. Office 365 is very good and the Microsoft Premier engineers are very good. Microsoft folks on IIS.Net are excellent (and I had one of the IIS people in Seattle actually help fixing a problem related to Dynamic IP Restrictions by remote accessing one of our servers).
But talk consumer products and things go down… Posts in support forums such as Google and Microsoft’s own forums are mostly answered by other users with the occasional official word coming in. Some of the answers are pretty good but most threads seem to go unanswered or replies are just more people reporting similar problems.
Then there’s Twitter. Large companies are monitoring Twitter for keywords but the fact 140 medium is limiting to describe problems, some people monitoring don’t seem to understand a question and what you see a lot is either links to completely unrelated answers or… “post in our forums’.
For example in the discussion below I replied to @MicrosoftAsia’s tweet about Skydrive by pointing out “Yes, I’m using it” and “I just can’t upload fast enough” as in if I could go faster I’d have even more stuff in there. Basically I said it’s working great, if i could I’d put more stuff in there.
What follows is someone from support contacting me asking if I have a problem. I say “thanks, but no it’s not a problem”. Even though there’s no problem they take the opportunity to remind me to post anything in the forums… I then take the opportunity to remind then that yes I do post in the forums, but never get answers (including a link to a topic about a windows 8 Mail app problem going on for months now without any solution). Their reply points to a “solution” that is not related to the same problem, not even the same product.
I think they must have a security policy of not opening links people send to them. Fair enough. But it also makes for frustrating “conversations”. I know it’s a small thing but trying to understand the question before replying with something completely unrelated is the least I would expect.
@MicrosoftHelps Those posts are for outlook broser-based service. The hyperlink problem is Windows 8.1 Mail. I feel folks don't read links— Mauricio Freitas (@freitasm) January 1, 2014
Just something that popped here and got me thinking… From TechDirt “Court Says Border Searches Of Your Computer Are Okay Because You Shouldn't Keep Important Info On Your Computer”:
“He goes on to suggest that since traveling internationally involves going into other countries, these same people would probably have even less privacy over their data, since other countries may be even more willing to search their computers. He even cites the situation of David Miranda having his electronics searched in the UK.
Surely, Pascal Abidor cannot be so naive to expect that when he crosses the Syrian or Lebanese border that the contents of his computer will be immune from searches and seizures at the whim of those who work for Bassar al-Assad or Hassan Nasrallah. Indeed, the New York Times recently reported on the saga of David Michael Miranda who was detained for nine hours by British authorities "while on a stop in London's Heathrow airport during a trip from Germany to Brazil."
While the judge's point is correct that other countries are unlikely to protect the privacy of travelers (sic) as well, and that means that any information on a laptop may be inherently unsafe, it seems like a bit of a weak copout to argue that since other countries have no respect for your electronic privacy, that the US shouldn't either.
He goes even further, arguing that because there's a "special need" at the border to stop bad people, that it's perfectly fine to ignore things like probable cause or reasonable suspicion -- again quoting Michael Chertoff to suggest that border laptop searches have stopped "bad people" from entering the US.”
Sure, one could think that storing data online (“cloud services” such as Microsoft Skydrive, Google Drive, Dropbox, Box and many others) then local search of an electronic device would have a much lesser impact in privacy.
But what about when the cloud service is tightly integrated into the OS, such as Microsoft Windows 8.1 and Skydrive? If you use an online account to login into Windows 8.1 then it automatically link into Skydrive and make access to it transparent (files are still stored locally only if you set those to be available offline though). Disconnecting the account is not easily done in this OS. The option would be to have a separate password or PIN to access the Skydrive app or to start downloads if the file is only available online.
Border offices wanting access to the laptop would ask for the password to the device, which could be freely given while still maintaining the files safely away. The argument here would be that border officials are inspecting the physical device crossing the border, which would be unrelated to the cloud service itself.
What do you think?
From The Guardian: Enigma codebreaker Alan Turing receives royal pardon:
Alan Turing, the second world war codebreaker who took his own life after undergoing chemical castration following a conviction for homosexual activity, has been granted a posthumous royal pardon 59 years after his death.
The brilliant mathematician, who played a major role in breaking the Enigma code – which arguably shortened the war by at least two years – has been granted a pardon under the Royal Prerogative of Mercy by the Queen, following a request from the justice secretary, Chris Grayling.
Turing was considered to be the father of modern computer science and was most famous for his work in helping to create the "bombe" that cracked messages enciphered with the German Enigma machines. He was convicted of gross indecency in 1952 after admitting a sexual relationship with a man.
About time I say. I believe he was one of the most important men in WWII and obviously the man who created the modern computer science.