LinkMoney.org

Archive for the ‘security’ Category

We had a freak weather situation here yesterday.  I almost never have the TV on and for some reason I turned it on during a light slow drizzle of a nice rain storm.  All of a sudden TORNADO WARNINGS and we were exactly in the center of the path.  From 4 to 6 pm it got really weird around here with storm dark howling noises, driving winds and rain varying from a roar to extremely silent and then back to thunder boomers and howling again.

I know now what I hold most sacred because without thinking I gathered up my last 4 notebooks, my smallest laptop, did a quick backup of my main system on to my external hard drive, a digital camera, threw them all in a duffle bag to take with me, and made a nest in the smallest bedroom for me and the 3 dogs and cat.

It did howl like crazy nearby but we were untouched and I have not seen the news yet this morning but I bet it did hit nearby. We almost never have anything like that around here in this part of Upstate New York.  Once I was driving across country and was going from Nebraska up to Pierre, SD to visit people and the car radio was warning of tornado possibilities near Pierre, and I actually saw two different funnels ahead of me, one on the left and one on the right at the same time.  Very scary and they do a lot of damage.

It was funny after the fact what I decided were the most precious possessions and what was the most important to save.  There are lots of very valuable family heirloom antiques around here and I did not think about one of them.  What would you decide was the most precious things to take with you and are you ready?

Update: The tornado did hit just over the next mountain only a couple of miles away and destroyed a house and some barns and some horses were lost on a nearby Amish farm.  I knew I could hear it nearby but could not see it.  Our neighbors will pitch in and help them rebuild I am sure.  Be prepared!

Technorati Profile

The recent spate of domain thefts that has occurred and some of which was reported here on LinkMoney (dot org,) has caused me to revisit my Gmail account and analyze whether or not I want to make any changes in my email security settings or in the use of Gmail for secure information.

When you are thinking about setting up a web based email account and you start thinking about things like “google mail com” you will obviously come to the “Gmail Register” page.  I have to admit, I Love Gmail. I was an early adopter and really loved the convenience of using Gmail accounts for all of my various and sundry Internet forays.  It is very easy to set up.  Once you obtain a Gmail address it is used throughout all of the Google domains, such as Adsense, Analytics, Calendar, Search, and on and on…

In other words, you open your complete identification and every single move to the Google bots.  No problem as long as you don’t care about what information a giant all encompassing humongous network of computers, all controlled by one company, collects data on you, like forever…

I live a pretty clean legal lifestyle and don’t really have anything to hide.  But, do I really want all of this stuff out there in the cloud completely columnarized and searchable by any one that has access to the data?  I think not, but alas it is already too late for me.

That said, there are SOME things that I think might be better deleted from my Google history.  I decided to start with the situation that made me delve into this train of thought to begin with.  That is my association with GoDaddy.

In each of the recent cases of domain theft that was storied a plenty, like HERE:  I Can Steal Your Website and HERE:  Stolen Website Returned and dozens of other places, it was reported that in all cases that  the  GoDaddy account holders that had been compromised also had been using Gmail addresses.

Hmmm.  Could it be a Gmail problem?  Matt Cutts from Google said that their security division was looking into it, and a few days ago on one of the mail lists that I subscribe to there was an announcement purported to be from Google that there was no security flaw in Gmail.

Well I am going to tell you about one very scary flaw that I discovered this morning on my own machine, but first I want to continue with my first train of thought.  So I decided that just in case, maybe it would be better to tighten things up a bit.

First, I changed my Gmail password, which hadn’t been changed in over a dozen or so years, maybe longer, ever since I had an account.   Now that doesn’t sound too difficult but it is a pain in the butt for every time you login from a new source or an offsite computer, or check your account setting, or sign into Adsense or sign into Analytics, etc., you have to go through the whole procedure over and over.  No problem, small price to pay if it makes you more secure right?

Second I went to GoDaddy and changed the password of my account there. Good, felt better.  Don’t get too complacent yet.

Then I got to thinking, why not go through all of my old Gmail messages and filter all of the GoDaddy messages, then archive them somewhere, and then delete them all from my Gmail account?

Guess what?  You can’t do that.  There is no method that I have been able to find that allows you to bulk forward, or save to your hard disk, any archived messages.  I checked in my control panel, online Google help, Gmail forums and anywhere else I could think of.  As a matter of fact in one of the Gmail FAQs they specifically say that you can not do that.  Bummer.  That is not exactly a great feature Google.  Duh.

So here is what I did for the past three hours.  I created a Gmail filter for all mail that came from GoDaddy and created a command that will forward ALL FUTURE messages from GD to my https secure email address that came with my ISP hosting account.  The operative word here is “future.”   There is no way to bulk forward all of the previous messages.

Not wanting to be beat by this, I went through each and every previous message from GD and manually forwarded them to my ISP email account, and after I heard the reassuring little blunk sound from Outlook Express that a new email had been received I then manually deleted that Gmail version.

Now there were three pages of messages from GD so this took a while.  I did not bother with the customer satisfaction surveys and the junk mail that GoDaddy constantly sends out, but all of the registration information, account names, passwords, etc., all went to my secure account.  Then I deleted them from Gmail.

Now here is the flaw that I discovered when I started digging into this in the wee hours of this morning. I have many Gmail accounts.  I have a couple of main ones that I use depending upon which hat I am wearing, but then there are many that were set up when I started a new website and wanted to have differing addresses for.  Owning or administering over a hundred websites, this can become a quagmire.

Lo and behold as I was going down through the list of names of my Gmail accounts that I had set up, I saw one that I did not remember setting up, though it had a slight twinge of memory associated with it.  Here is what I discovered.  Someone that called them self Tamara Underwood with a Sierratel.com email address WAS IN MY LIST OF PERSONAL GMAIL ACCOUNTS! What the Hell!

How could that be? I started digging in to finding out more about this name and the email account shown and found out that she/he had been in my Gmail account list SINCE 2001 !  Then the vague memory that I mentioned above kicked in and I do sort of remember this name and that at the time I also had all kinds of computer grief.

At about that time my main computer and my laptop both got infected with multiple viruses that eventually caused me to give up, reformat and reload Windows, because all of the tools at hand were not able to remove the problems.  I never tied the name Tamara to this problem, but it must have been so.

Through searching on Google I found where the same person had posted crappy nonsense comments on dozens of Blogs and message boards during 2001-2002.  In each case the comment would tell the reader to contact them at that email address.  So probably I did so, even though I know better now and never answer anything like that, I might have back then, and that is no doubt how the viruses got on my machines.

But it still does not answer how the heck that person could have gotten their email address in my Gmail forward to mail list?  Do you think that they have been receiving copies of all of my emails for these many years?  That does not seem likely or my life would be in a much bigger mess than it is.  It seems more likely that they somehow might have access to my computer and use that account to send out spam messages.  But still it is scary.  How could it happen?

I would say that this is a security flaw Google. Someone else with a California ISP address being in my Gmail list should NOT be allowed.  I’m sure you could put the blame on me after so many years.  I just vaguely remember the situation, but I am ABSOLUTELY POSITIVE that I NEVER knowingly inserted that email address into my own account.

So what about you readers?  Do you think this is an email security problem? Did you go to the Gmail Register page?  Check your accounts.  A little housekeeping might be in order.  Our readers would love to hear from any of you that have had similar problems with email security, or if you have any questions or comments on this specific article.  Leave a Comment.

Now I have to go through and do all of the above for each of my other five domain registrars and website hosting companies.

See you in the spring.
Rich

Thanks to everyone that read this story and weighed in with your thoughts and suggestions.

The massive outpouring of support for MakeUseOf dot com was phenomenal.  The rightful owner of the blog just made a post that GoDaddy did return it after 24 hours and he said that it would not have happened without the help of all the bloggers and tweeters that kept GoGaddys feet to the flames.

We are very happy that it worked out, and again, thanks for all your support.

Rich Hill

ps:  What do you all think, should MakeUseOf initiate legal action?

This has nothing to do with ICANN the Internet Corporation for Assigned Names and Numbers, but they certainly ought to be involved in a major policy change.

The domain of the very popular website MakeUseOf.com has been STOLEN! This was reported by Daniel Scocco during the night on his Blog DailyBlogTips.com.

The report says that MakeUseOf was being hosted on GoDaddy and that GD allowed the domain to be transfered away from the owner to somewhere in Dubai. GoDaddy no doubt will cover their ass by saying all security terms were met, but I say Bull Shit! Get better security terms!

How can this happen? MakeUseOf has over 20,000 subscribers, I being one, and we all enjoy the tips and free information given out contiuously be MakeUseOf.

This is a Nightmare, a Horror Story fitting for the Halloween season for sure, but sadly true and how will it be resolved?

What would you do if your baby was stolen and taken to a foreign country?

This industry needs better security methods similar to what the online banking industry uses such as, multiple security codes, a primary image associated with the account, two security questions, a mouse pointer select keyboard, and anything else that someone could come up with.

I did notice that one method being offered by some registrars is to limit activity to a specific IP address. That way transfers could only come from one specific computer. That seem like a good idea to me, what do you think?

For now you should make sure that you use DIFFERENT passwords for all of your domains, your administration panels, your hosting company accounts, and so on. Use multiple email addresses for different accounts.

What do you think? Can anyone come up with ideas on how to make this more secure. Lets talk about it. This HAS to be fixed.

Come on GoDaddy, fix this and return MakeUseOf to the rightful owner.

Rich Hill

UPDATE – UPDATE – UPDATE:

MakeUseOf has a temporary home on blogger until this gets fixed.  go there and give them your support.

http://makeuseof-temporary.blogspot.com/2008/11/make-use-ofs-temporary-home.html