JetLib News

DECula writes “In a move not communicated to its users before hand, Google’s Gmail servers were reconfigured to not connect to remote pop3 servers that have self-signed certificates, leaving folks with unencrypted connections, or no service when getting email from other services. Not good for the small folks. One suggestion was to allow placing the public keys on Google’s side in the user configuration. That would be a heck of a lot better than just dropping users into never never land.” Apparently, “valid” now means “paid someone Google approves to sign the certificate.” It’s not like commercial CAs have the best security track record either.

DavidGilbert99 writes “In an extraordinary move, the Chinese authorities have blocked access to Google.com, Gmail, Google Maps, Google Docs, and many more Google services as the Communist Party of China holds the 18th Party Congress. The blocking of these sites was reported by Chinese web monitoring site GreatFire.org, which said, ‘Never before have so many people been affected by a decision to block a website.’ The latest move in a long line of disputes between the Chinese government and Google, it is unclear yet whether this denial will be temporary (like a similar one in 2010) or permanent.”

concealment writes “A new lawsuit targets Google for reading e-mails to target ads, according to TechCrunch. But the issue isn’t that Google is reading e-mails from registered users; rather, the company is using e-mails sent from other services to Google users to target ads as well. Google has gotten the side-eye a few times in the past for using e-mail content to serve context-based ads to its Gmail users. And for those Gmail users, Google’s hide is covered: the terms of service explicitly state that users’ e-mail content determines what ads they see.”

redletterdave writes “After blocking Google’s Gmail service for a little more than a week, the Iranian government has decided to remove the digital barrier after a barrage of complaints, some of which came from Iran’s own parliament. While the Iranian government has released no official statement as to why Google’s Gmail service was blocked in the first place, several Iranian news agencies reported the ban was connected to the inflammatory anti-Islam film ‘The Innocence of Muslims,’ which had been uploaded to YouTube, one of Google Inc.’s many subsidiaries.”

legolas writes “The official state online censorship body in Iran has reported that Google and Gmail are going to be blocked effective immediately, ostensibly in response to the contentious videos that YouTube is hosting. This comes as Iran is preparing the launch of their ‘Halal’ intranet to replace the current direct (albeit highly censored) access to the global Internet. While there have been several state-organized protests for the film ‘Innocence Of Muslims’ in Iran, the public in general doesn’t seem bothered by it.”

New submitter trokez writes “Symantec has monitored the activities of a group using a specific trojan (Hydraq/Aurora) since 2009. The particular group has been connected (by Symantec) to the attack on Gmail in China, but also other high-profile attacks. ‘These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the “Elderwood Platform.” The term “Elderwood” comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits.’ The attacks seems to focus on industry espionage, with the defense industry and its suppliers at the focus.”

Ian Lamont writes “Remember LendInk, the legitimate ebook lending community that got knocked offline at the beginning of August by a mob of misguided authors? The site’s owner, Dale Porter, received a lot of support after the story went viral and last week was able to reactivate the site and his affiliate accounts with Amazon and Barnes & Noble.” The owner reportedly received a DMCA notice immediately, but a few folks dug and it appears that the “lawyer” who issued it is no lawyer at all, and probably an Internet troll (evidence includes not being listed as a lawyer in PA, using a home address, and sending the takedown from gmail). Or just a really bad lawyer.

In the wake of the hacking of Mat Honan’s accounts, Google, Facebook, Amazon, and Apple are just a few of the companies making their security policies tougher, and they are advising people to do the same. From the article: “Even as those companies’ teams moved to patch the holes, others moved to offer security tips. Matt Cutts, head of Google’s Webspam team, used his personal Website to urge Gmail users to embrace two-factor authentication. ‘Much of the story is about Amazon or Apple’s security practices, but I would still advise everyone to turn on Google’s two-factor authentication to make your Gmail account safer and less likely to get hacked,’ he wrote in the August 6 posting.”

Nerval’s Lobster writes “Between 4:52 and 5:12 on August 3, attackers used Wired writer Mat Honan’s Apple ID to wipe his MacBook, before seizing control of his Gmail and other online identities (‘My accounts were daisy-chained together,’ he wrote in an Aug. 6 postmortem on Wired), and posting a message on Twitter for all to see: ‘Clan Vv3 and Phobia hacked this twitter.’ In the wake of Honan’s high-profile hack, there are some key takeaways. Even if a typical user can’t prevent a social-engineering attack on the company hosting their cloud account, they can armor their online life in ways that make attacks more difficult. First, two-factor authentication can prevent an attacker from seizing control of those vital ‘hub’ accounts (such as Gmail) where users tend to store much of their most vital information. Google offers two-step verification for signing in, as does Facebook. The truly security-conscious can also uncouple their cloud accounts; for example, making sure that iCloud and iTunes use two different sets of credentials. That might rob daily life in the cloud of some of its convenience, but it could also make you a harder target.”

New submitter faraway writes “Microsoft has just unveiled Outlook.com, the planned successor to Hotmail.com. It includes a lot of what you’d expect from email today, including storage (images, data), a calendar, integration with other Microsoft tools, and of course a clean UI. According to ZDNet, ‘Outlook.com is integrated with Windows and Office, and can pull in Twitter, Facebook, Gmail and LinkedIn contacts. The new mail client has the Metro look and feel. And it is providing users with more granular control over which ads they see and where they see them.’”