Monday, August 06, 2007

Use GMail or Yahoo! Mail? Change Bookmarks for Better Security

This is Robert Graham posing with the GMail website open on his laptop.

Rob demonstrated to a live audience how he can successfully hack into web based email programs like GMail, Yahoo Mail! or Hotmail using the IP Address and user name (login) without requiring any password.

Let's not go in the very technical details but he used some sniffing tools called Ferret (to copy the GMail cookies to his computers) and Hamster (to use the cookies in his browser). [Details at ZDNet, TG Daily]

What can you do to prevent someone else from reading your GMail or Yahoo Mail ?

Rob's method works when you are using the HTTP mode to access your email (http://www.gmail.com/). Therefore the trick is to always use Secure Login.

Here's what you can do to safeguard your email in public wi-fi hotspots - use https:// instead of http:// - the entire session will be encrypted and the cloning cookies method will fail:

For GMail: https://mail.google.com/mail/

For iGoogle: https://www.google.com/ig

For basic HTML version of GMail - https://mail.google.com/mail/?ui=html

yahoo mail secure website Alternatively, you can install the CustomizeGoogle extension of Firefox that will always force the SSL mode in GMail incase you forget to manually type the https:// GMail URLs.

Highly recommended also because Customize Google will also encrypt your Google Docs, Google Reader, Google Web History and Google Calendar session incase these Google services share the same cookie with GMail.

For Yahoo! Mail - Check the Secure Mode link that's available just beneath the "Sign In" button.

Related: Recover Yahoo! or GMail Passwords

Read More...

Friday, August 03, 2007

Second Life (finally) gets a direct competitor: Multiverse

multiverse.jpg The brainchild of several ex-Netscape execs, the Mountain View start-up Multiverse, as the name suggests, isn't a single online world, but a platform for creating games and other 3D experiences with the company's development tools, which are then run on its servers. (Like Dark Horizons, a sci-fi MMORPG pictured here.) Version 1.0 was just rolled out yesterday, and though it's too early to know how it'll fare, one thing is official: after 4 years of being the only user-created 3D online world on the commercial market, Second Life now has competition.

The system and revenue model is markedly different from SL, however: instead of fostering user-created content in a single world, Multiverse is a network of worlds accessible by the client software. It comes with e-commerce tools built into the system, so developer's can earn an income, while Multiverse makes money by taking a 10% cut of that revenue.

I haven't yet had a chance to check it out first hand (the client is cantankerous with my Vista machine), but I'll be keeping a close eye on its progress. Multiverse's advisory board includes Avatar director James Cameron and some other Hollywood heavyweights, so you have to think movie-to-MMO tie-ins are planned. (Indeed, a Multiverse version of the cult TV show Firefly was announced last year.) What's more, famed MMO academic Ed Castronova is already using Multiverse to develop the education-oriented MMO Arden.

My writing career has been tied up in Second Life on one level or another since 2003, so you might think I'd consider Multiverse a threat to my livelihood. Actually, I'm relieved. There are some truly impressive and popular mini-MMOs built within SL, like City of Lost Angels and Midgar, but they've largely succeeded in spite of Second Life, which is still far from ideal as a platform for game development. It's never healthy for any one company to dominate a space for so long, and an active competition to attract and retain new users and developers can only benefit us all.

Read More...

Intel accelerates 45nm plans, hitting the market Q4 '07

from Engadget by Paul Miller Echoes of "take that, haters!" could be heard on Intel corporate Facebook accounts this morning as the company steals some thunder from AMD's recently announced roadmap and fancy fresh antitrust lawsuit. Intel will be launching new four core 45nm Intel Core Extreme "Penryn" processors in Q4 2007, a few months ahead of schedule. The top of the line proc is likely to hit 3.33GHz, run a 1333MHz system bus and hold 12MB of L2 cache. Only about 2-3% of Intel's chips will go 45nm in 2007, but that number should double by around Q2 2008, and it seems Intel needed to accelerate things to head off competition from AMD's upcoming Phenom processors. Prices and other precise launch dates are still a mystery at this point. [Via Silicon Investor]

Read | Permalink | Email this | Comments

Read More...

Meizu M8 gets unwelcome price hike, dodgy release details

Filed under: , ,

Sure hope you weren't counting on getting your palms around Meizu's oh-so-familiar M8 anytime soon, as it now looks like the handset may not even be available to purchase until mid-next year. Granted, the 667MHz CPU, 128MB of RAM, GSM connectivity, 3.4-inch VGA touchscreen, video output, and built-in Bluetooth 2.0 / WiFi sure are appealing, but those still willing to wait this one out will apparently be paying even more than previously expected. The latest on the street pegs the forthcoming 8GB iteration at around $400, but if money ain't a thang, you may as well continue on pinching those pennies for the 16GB (and potentially 3G-enabled) flavor. [Via MeizuMe]

Read More...

BUSINESSWEEK: Identity Theft: The 'Business Bust-Out'

Policy July 23, 2007, 11:24AM EST

The "bust-out" is just one of the schemes fraudsters use to steal your business identity, a crime that has gone largely unnoticed in a legal system focused on consumer ID theft

A criminal rents space in the same building as your company. Then he applies for corporate credit cards using your firm's name. The application passes a credit check because the company name and address match, but the cards are delivered to the criminal's mailbox. He sells them on the street and vanishes before you discover your firm's credit is wrecked.

The so-called "business bust-out" scam is one way sophisticated criminals steal business identities across the country (see BusinessWeek.com, 4/17/06, "Would I Lie to You? Five Cons Still Kicking"). Identity thieves increasingly target businesses instead of individuals, experts and law enforcement officials say, but federal law and many state statutes don't consider business identity theft a crime. That's because the raft of identity theft laws passed in the last decade apply mostly to individual consumers—not business entities.

A Gap in Statutes

While business identity theft can often be prosecuted under other statutes, like mail fraud or wire fraud, businesses victimized lose many of the protections afforded to consumers under identity theft laws, like access to information about their credit. Before California last year amended its 1997 identity theft law explicitly to include crimes targeting business entities, a business whose identity had been co-opted could not even get a police report. "We were having businesses being taken over and their names being used and I could not prosecute them, at least under ID theft statutes," California Deputy Attorney General Robert Morgester says.

It's difficult to say how many businesses have been victims of identity theft because most of the research focuses on complaints by consumers. Some studies say there were as many as 8.9 million individual victims nationwide last year, and estimated annual losses approach $50 billion. But the most sophisticated identity thieves increasingly are targeting businesses because the payoffs are bigger, Morgester says. Business accounts generally have higher credit limits and make larger purchases than consumers, so hefty charges by scammers are less likely to raise red flags. While most consumer frauds won't net a criminal more than $5,000, targeting a business can bring in 10 times that or more, he says—so "From a criminal's viewpoint, it's far more cost-effective to target a business rather than a consumer."

In a July 19 proposal, the Justice Dept. asked Congress explicitly to include businesses and organizations in the federal identity theft statute. "This is a real gap," says Betsy Broader, assistant director of the Federal Trade Commission's identity theft division. "The current federal law looks at ID theft as a crime against individuals."

Small Businesses at Risk

Small businesses in particular make ripe targets because they may be less savvy about protecting sensitive information than big companies that can afford to hire dedicated privacy officers. Often, small-business owners are just too busy to worry about identity theft—until it happens to their firm. "The worst thing a small business can do is think of themselves as a small business," says Linda Foley, co-founder of the nonprofit Identity Theft Resource Center. "You have to be a small business with a Big Business mentality."

Foley says business owners can protect themselves by keeping sensitive files under lock and key (electronic or otherwise), by restricting access only to employees who need it, and by closely watching their books. But sometimes there is little a business can do to keep from becoming a victim, as in the "business bust-out" scheme described above.

The new laws in California and the proposed federal change may give law enforcement the tools it needs to go after business identity theft. But because perpetrators can be elusive and investigators have limited resources, often the crime isn't prosecuted at all. According to a 2002 study by the Government Accountability Office, local prosecutors reported only being able to pursue a "small fraction" of reported identity thefts. Morgester says some detectives have 50 identity theft cases on their desk at once, and they must focus on the handful where they think they can make an arrest and get a conviction. If the loss is relatively small—under $10,000, he suggests—police may be reluctant to take it on. At the federal level, some U.S. attorneys have thresholds of $1 million.

Victims Must Investigate

But the best solution for businesses that have been victims of identity theft can be to do the legwork of an investigation themselves, says Morgester. Often business owners must do so anyway to recover their credit and reputation. If victims follow the paper trail and bring investigators a lead, police and prosecutors will be more willing to pursue it, he says.

"There's a lot of cases where the corporation or an individual by themselves can put together 90% of the evidence," Morgester says. "We've had a number of cases where, based on the material we had brought to us by the victims, the only last step we had to do was write a search warrant and kick down a door."

John Tozzi is an intern for BusinessWeek.com.

Read More...