Google Turns on Gmail Encryption to Protect Wi-Fi Users

via Wired.com

Google is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.
The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.
All Gmail users will now default to using HTTPS, the secure, encrypted method for communicating with a remote server, for their entire e-mail sessions, not just for log-in. Session-long HTTPS has been an official option for Gmail users since 2008 (and unofficial for much longer), but Google says it hesitated turning it on for all since the encryption does slow down the service.
“Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,” Gmail Engineering Director Sam Schillace wrote in the Gmail blog.
This option often wasn’t necessary when people used fixed and trusted connections, such as their home or office DSL or cable lines. But as Wi-Fi connections, especially public ones, became more popular, hackers began using simple sniffing software to snoop on people’s online activities with the goal of stealing passwords.
Still, the switch doesn’t encrypt  e-mail — it simply encrypts the communications in transit between Google’s servers and a user’s computer — the same as when you use your bank’s website. E-mails sent to other people are transmitted in the clear as they have always been. True encrypted e-mail can only be read by the sender and receiver, regardless of how they move across the internet.
For those whose schools or workplaces that routinely monitor employee or student internet usage, the change also shields their e-mails from the IT department.
A coalition of privacy and security experts called on Google publicly to make the change last June, saying that Google was putting millions of people at risk by not using encryption as the default for their so-called cloud computing services.
Users who find the service slows them down or determine that it’s overkill for their needs can turn the HTTPS off in their account settings.
Rival free e-mail from Yahoo and Microsoft do not use HTTPS throughout their sessions, nor do social networking sites or other so-called cloud-computing services.
Instead, most of those services use the secure “HTTPS” protocol only for logging in, and fall back to unencrypted browsing thereafter.Failing to use HTTPS full time increases one’s vulnerability to a host of nasty hack attacks when using an open or badly secured network, particularly a public Wi-Fi spot.

Read More

Posted using ShareThis

Another new year and a new focus

So I've had 1 post in the last year. That really pathetic. After looking at the last year or two in happenings and other things, I will post some hints and tips on personal technology and security. There's been a few friends that have had their Yahoo, Facebook, GMail, and other online accounts hacked.  The worst thing is that the hacker is exploiting the relationship that person has with their friends/followers/contacts to extort money or other things.  Lets see how this goes.

Lost in mobileland

I think that I've given up on my Palm Treo 680. It's lived a good life, but it has failed me. I put it in the beach bag the other day at the pool so as not to get it wet. But according to Murphy, it'll get wet somehow and it did. Nothing too awful, just looked like a few well placed drips onto the case. The battery was dead at the time so I went to charge it. After a while I came back to it to check it out.... it was trying to sync. Hmmm..... so let's throw the cable on it and let it sync. OK. Now take the cable off, and it tries to sync again. Not good. After a few rounds of this, I've determined the phone is shorted out on syncing, hence unusable. So I throw my SIM card into an old Moto Razr of my wife's. Alright. I have a phone.
After a few minutes, I understand how awful this really is. I go to text a buddy of mine... and my address book is still on my palm and sync'd with Google, but not on this phone. Can I get my address book on there? Probably not. So I just look up his number on Google and then text him.
Then one of my twitter friends tweets something interesting with a web link. Alright, this this has a web browser. I go to the link and get a 413 error. (basically, this means the web site isn't compatible with a dinky Razr web browser). Darnit! Strike 2.
Then I get this text. "Wanna have a few beers?" Great. Sure! Uh Oh... who's phone number is this? Back to Google. Oh. Ok. It's one of my other buddies. Sure.
Then I want to tweet something. I've done it through text before, no big deal and plus, Twitter updates my Facebook status automatically. So I tweet......... About an hour later, not literally, but not too far off, I have tweeted two sentences! Wow. This is really starting to bother me.
The bottom line is that I have been pretty spoiled about having a smartphone with a full QWERTY keyboard. I can't live without another one. I can't surf, text, tweet, facebook, play games, use apps, take video, or store alot of things on this darn phone. I don't even have 60 texts in it and it says the memory is almost full. Boo. I'm definitely spoiled.

Looking at the New Year

Wow. I really can't organize myself to have at least a post a week? I would really love that. I guess I have my answer to the question "What will my new year's resolution be?" I get so consumed in work and home that my other endeavors suffer. Well, no more. I am going to give myself a boot in the a$$ and put the nose to the grindstone when it comes to other endeavors. I will be trying to document my steps here on my blog so stay tuned.
I'm still using most of my stuff on Google. Google Notepad and Google Documents have been valuable resources. I've been using Google Documents to create notebooks about stuff. One notebook has ideas, tasks and other things about my garage. Another has stuff about trying to make a Linux home computer and what packages to put on it. Yet another is a few recipes that I clip off the internet. My wife and I love trying new things at dinner.
Google notebook is something I use more for web-clipping than anything else. I also track changes that I make in the presentation of this blog. I know there's a little convergence in the two programs right now, but that'll get ironed out later.
I still have not found a good tasks program for Google. Now they just did implement Google Tasks in GMail. You can read about it here. I have not yet used that feature. I have been using Remember the Milk with a little bit of success, but I'm not fully sold. I cannot sync it with my Palm Treo 680 and would really love to have that feature.
And awa-a-ay we go!

Halloween

It's a little late for Halloween, but what the heck. I end up rockin' it like Rosie Greer for the month before halloween. I make as much as I can for all the family costumes. We're not the "buy it off the shelf and wear it" type of people. We scavenge, sew, create, improvise and just about do anything to get that look we want. This year, the wife and I went as Beetlejuice and Lydia (the wedding scene).
I was pretty intimidated by the makeup part, but I think that I scooted by. I used a relatively cheap Beetlejuice wig/cap and enhanced it a bit with real moss from a craft store and some white face makeup. I found the vintage 70's tux complete with ruffled shirt at a local antique/vintage store. That was one awesome find. As for the wife, the dress part is bought, but I made the veil/train with some tuile from the local fabric store and the sewing machine. The tiera is from HS when she was homecoming queen. The choker is from an older costume.
The kids weren't that hard or elaborate. My son was ObiWan Kenobi and my daughter was Willy Wonka. For my son, I sewed together a top from a few patterns online. (There's a plethera of Star Wars geeks online that well tell you how to sew a "proper" Jedi costume) We then get a "monk's robe", cut it up a little, a pair of sweats and some boots and viola. My daughter was even easier. At the goodwill store, we found a black button down shirt, a maroon/purplish trenchcoat and a pair of old black penny loafers. The I picked up a brunette "supermodel" bob wig and I had an old top hat from an old costume. There. Willy Wonka!

Work - Life balance in a connected world

A friend of mine posts a blog entry the other day about work-life balance and it got me thinking. These days, competition is fierce, the Fortune 500 companies are locking down their employees as if they own them. State and Federal governments are even worse! This really breeds a workforce that is pretty separated from their employer. We are pretty much locked into a 9 to 5 world when we are living in a 24-7 world. Not the best for morale, productivity, efficiency, effectiveness, and motivation.
With me being a geek's geek, I have the answer. A 24-7 job. Now stay with me here, this is where it gets complicated. We all have the tools to go mobile; laptops, iPhones, Blackberrys, Windows Mobile smartphones. Some of us even have other tools that are pretty cool; cellular "network" cards for the laptops, cool bluetooth accessories that help us out, GPS units, multi-mode phones that also connect to Wi-Fi hotspots. Now taking all this into account, you are virtually connected anywhere and anytime, right? Why would your average CEO not leverage this technology to allow their workers to work from anywhere?
Let's think this scenario all the way through. We have Average Worker X. Let's make it complicated and let's say he's an IT worker. I'm going to use the IT worker example since there aren't that many roadblocks to encounter when your function exists in marketing, sales, accounting, or a few other places. Manufacturing would be an exception to this idea. If you give the worker the tools to connect from anywhere, you might not get all the "face time" that we are all accustomed to, but in turn you have a worker that is more willing to devote time and effort into their workday because they are allowed to have the day to day distractions of chatting with friends, attending other things that are part of their personal life, and the general satisfaction of that if something comes up, they aren't "chained" to their desk. This means you're not working the traditional 9 to 5. You're working 24-7. You have a better ROI on your employees since they are more willing to stay with your company. You have less costs in searching for new talent and you have the tools to retain your top talent. Is this not a win-win for everyone?

Web 2.0 Mobile

I've always been a geek. I'm geekier than most geeks, but I'm a man's geek. Lately though I've been ashamed of my geekiness. I'm lagging behind in the mobile world. I had mobile internet before there was mobile internet. I'd hook my old Palm 3C up to my Nokia 8210 via infrared, have the palm dial up some numbers and viola... mobile internet on my Palm 3C! A few phones later, I have a Palm Treo 680. This thing is the greatest thing since sliced bread, but because I'm a loser lately, I haven't done any customization.
Now that I'm moving my life to Google, I need to do mobile too. Now with the palm, I get the Palm Desktop, but I want to do everything over-the-air. GMail is easy. You just create the Versamail account according to the instructions found here. Now for the calendar, I use GooSync. Pretty easay to set up, not alot of extraneous features and pretty straight forward.

Next up, to-do's, memos, and other trivial things that I can sync.

Stay tuned.....
Average Guy X~~~~~