Latest Articles | nakedsecurity.sophos.com


Firefox 17 protects your privacy while enhancing the Facebook experience

by Chester Wisniewski on October 24

Firefox 17 protects your privacy while enhancing the Facebook experience

The latest beta release of Mozilla’s popular Firefox browser has introduced a new social media API. Can a web browser make it easier to use social media while protecing your privacy? Mozilla hopes so.

Offensive Facebook email leads to Blackhole malware attack

Offensive Facebook email leads to Blackhole malware attack

Facebook users are warned to be on their guard against unsolicited emails they might receive suggesting that someone has left an offensive comment about them on their wall.

Huawei UK makes a blunder with its online careers page

Huawei UK makes a blunder with its online careers page

Chinese technology giant Huawei, under the spotlight following US concerns that its technology could be used for undercover surveillance, has made an elementary mistake in regards to its UK careers page.

‘Parasite’ porn websites steal and spread images and videos of young people

Parasite sites are snatching and disseminating sexually explicit images of young people

A new study shows that 88% of sexually explicit photos and videos of children and other young people found online have been lifted from legitimate source sites, including social networking sites such as Facebook, video sites such as YouTube, or stolen/lost phones.

FTC smacks down security sloppiness by web analytics company Compete

ftc-250-blue

The FTC has settled with web analytics company Compete, Inc. over poor security. Compete has agreed not to do it again, and to audit itself every two years for 20 years.

What do you think? Is that a stiff enough penalty? Have your say in our comments section…

Awesomely Effective Email Communication

The real purpose behind communication is the exchange of information in a way that both parties involved clearly understand the shared intelligence. If the email messages you send aren’t clear, then the recipients of those messages will not be clear either, and they will not be able to interpret what you want or what they need to do as a response to the email.

Think about the number of times you have received an email message that made you wonder what the sending person meant — or why you even got the message in the first place. Now on the opposite end of the spectrum, think about the times you’ve sent an email that returned to you with a bunch of questions because you didn’t take the time to write it clearly. This is where productive communication breaks down with office email. This is the snag.

Productive communication can be greatly improved by implementing a simple mental checklist that you can run through before you hit the “send” button for each and every email that you write. This simple set of rules will grade your email (so to speak) and let you know whether it has passed or failed the test. The process is designed to help you think about what it is you are trying to communicate before sending the email off, ensuring that the recipient will understand what you are striving to communicate. In addition, by writing more effective email messages you will greatly reduce the quantity of emails you receive each day.

The process is called the PASS process of effective email communication. The PASS process will assist you in writing clearly defined emails that produce effective action on the side of the recipients.


autoroute à emails...

Most organizations believe email is one of their biggest productivity snags even though email is probably the most important office communication tool available.  The technology has eliminated many of our personal boundaries. Some of us have even allowed email to drive our actions when in reality, our communications should be driven by our goals and the tasks required to accomplish them. What we have forgotten is the fact that email is a communication tool.

The real purpose behind communication is the exchange of information in a way that both parties involved clearly understand the shared intelligence. If the email messages you send aren’t clear, then the recipients of those messages will not be clear either, and they will not be able to interpret what you want or what they need to do as a response to the email.

Think about the number of times you have received an email message that made you wonder what the sending person meant — or why you even got the message in the first place. Now on the opposite end of the spectrum, think about the times you’ve sent an email that returned to you with a bunch of questions because you didn’t take the time to write it clearly. This is where productive communication breaks down with office email. This is the snag.

Productive communication can be greatly improved by implementing a simple mental checklist that you can run through before you hit the “send” button for each and every email that you write.  This simple set of rules will grade your email (so to speak) and let you know whether it has passed or failed the test.  The process is designed to help you think about what it is you are trying to communicate before sending the email off, ensuring that the recipient will understand what you are striving to communicate. In addition, by writing more effective email messages you will greatly reduce the quantity of emails you receive each day.

The process is called the PASS process of effective email communication. The PASS  process will assist you in writing clearly defined emails that produce effective action on the side of the recipients. Leer más “Awesomely Effective Email Communication”

Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords

Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month– but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security:


Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month— but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security: Leer más “Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords”

OK, maybe not so urgent

National IT team for this pilot fish’s organization sends out an urgent security alert to forward to all local users — with a message attached.

“The message was a phishing spam,” says fish. “And a poorly disguised one at that, full of misspellings in its instructions to follow a link and fill in a form to reactivate e-mail.

“But the alert message contained the live link, and there was no way I was going to send this to my users. So I waited to see what developed.”

A few moments later, fish’s regional manager forwards the same message, with the same live link, and instructs everyone on the mailing list to warn their local users.


National IT team for this pilot fish’s organization sends out an urgent security alert to forward to all local users — with a message attached.

“The message was a phishing spam,” says fish. “And a poorly disguised one at that, full of misspellings in its instructions to follow a link and fill in a form to reactivate e-mail.

“But the alert message contained the live link, and there was no way I was going to send this to my users. So I waited to see what developed.”

A few moments later, fish’s regional manager forwards the same message, with the same live link, and instructs everyone on the mailing list to warn their local users. Leer más “OK, maybe not so urgent”

Friday Bite Size Digital: More of Your e-DMs Could Be Spam Bound

Due to email overload, Gmail last week released an email filtering & sorting system called Priority Inbox. It attempts to find out which emails are more important & more spam like. It does this by using “predictive signals” & user engagement factors.
Hotmail also announced it will use new engagement metrics that filter based on how actively a user interacts with messages from specific senders.


Image representing Gmail as depicted in CrunchBase
by Haysam Fahmy

Due to email overload, Gmail last week released an email filtering & sorting system called Priority Inbox. It attempts to find out which emails are more important & more spam like. It does this by using “predictive signals” & user engagement factors.

Hotmail also announced it will use new engagement metrics that filter based on how actively a user interacts with messages from specific senders.

Such email filter metrics could factor in:
· Messages read, then deleted
· Messages deleted without being read
· Messages replied to
· Email open frequency
· Decisions made in global spam filters
All which affect the open rates & click through rates (CTR) of your e-DMs. Leer más “Friday Bite Size Digital: More of Your e-DMs Could Be Spam Bound”

Google Offers Respite From Inbox Overload

The system also looks for the people you interact with on a daily basis, pushing their messages higher up the ladder. Finally the new inbox looks to see if a new e-mail was sent “directly to you, or if it is sent to other people too.”

Although Mr. Coleman said the Priority Inbox doesn’t work on mobile devices, he said people can expect it at some point in the future.

The new feature will begin appearing in beta mode on Tuesday and will be available as an option for Gmail users as it rolls out across the service. Users will begin seeing an alert allowing them to switch to Priority Inbox.

There are other services with similar approaches to the inbox problem, including Sanebox, which prioritizes Gmail’s inbox with new folders, and Xobni, which works with Microsoft’s Outlook software.

I’ve written several times before about the frustrations and anxiety my inbox causes me as messages drop into place uncontrollably.


By NICK BILTON

Priority Inbox

If you hate your inbox, if the very thought of it makes you fretful and nauseous, you’re not alone. Plenty of people who use e-mail on a daily basis feel the same.

Now Google is trying to come to the rescue with a new Gmail feature announced Tuesday called Priority Inbox, which monitors your messages and tries to organize your inbox based on a number of criteria, like how often you correspond with a particular sender.

Google explains that the first thing Priority Inbox does is split your inbox into three sections: “important and unread,” “starred” and “everything else.”

“Important” messages are judged to be the most significant, and sit at the top of your Gmail window. Next is the “starred” area, the messages you say are important. Finally, “everything else” includes those messages that can probably be dealt with later, or completely ignored — the ones that aren’t quite spam, but don’t need to clutter up your screen or your brain right now.

Keith Coleman, Google’s product management director, told me in an interview that Google has been working to solve the e-mail overload problem for the better part of a decade.

“Features like Priority Inbox were in the prerelease version of Gmail but were not ready for the public,” Mr. Coleman said. “We finally figured out how to organize and categorize e-mail in a simple and intuitive way using three different criteria.”

Surprisingly, Mr. Coleman said that one of the tools put to use in the new inbox organization is taken from the programming and algorithms used to categorize mail as spam. He said Gmail looks for terms and people that you categorize as important, or not, and decides whether those messages make it into your priority inbox accordingly.

Google

Priority Inbox

The system also looks for the people you interact with on a daily basis, pushing their messages higher up the ladder. Finally the new inbox looks to see if a new e-mail was sent “directly to you, or if it is sent to other people too.”

Although Mr. Coleman said the Priority Inbox doesn’t work on mobile devices, he said people can expect it at some point in the future.

The new feature will begin appearing in beta mode on Tuesday and will be available as an option for Gmail users as it rolls out across the service. Users will begin seeing an alert allowing them to switch to Priority Inbox.

There are other services with similar approaches to the inbox problem, including Sanebox, which prioritizes Gmail’s inbox with new folders, and Xobni, which works with Microsoft’s Outlook software.

I’ve written several times before about the frustrations and anxiety my inbox causes me as messages drop into place uncontrollably. Leer más “Google Offers Respite From Inbox Overload”

Create a Gmail Filter to Focus on your Most Important Emails

Your Gmail Inbox is overflowing with email messages. Some are newsletters that you are subscribed to, some are messages from friends and colleagues that you would like to read as soon as they arrive while the rest could be spam that managed to trick the built-in Gmail filters.

Focus on the Most Important Emails First!

When you only have a limited amount of time to process that long queue of unread messages, it is important that you prioritize your emails and defer reading stuff that is not very important and can wait (like those newsletters).

Here are two simple Gmail filters that will automatically move out all the low-priority emails out of your Inbox so that you can focus on the important ones. They should also come handy when you are checking emails on the go – the high-priority items will be delivered to your mobile device while everything else will stay in your Gmail account for you to follow up later.


Your Gmail Inbox is overflowing with email messages. Some are newsletters that you are subscribed to, some are messages from friends and colleagues that you would like to read as soon as they arrive while the rest could be spam that managed to trick the built-in Gmail filters.

Focus on the Most Important Emails First!

When you only have a limited amount of time to process that long queue of unread messages, it is important that you prioritize your emails and defer reading stuff that is not very important and can wait (like those newsletters).

Here are two simple Gmail filters that will automatically move out all the low-priority emails out of your Inbox so that you can focus on the important ones. They should also come handy when you are checking emails on the go – the high-priority items will be delivered to your mobile device while everything else will stay in your Gmail account for you to follow up later. Leer más “Create a Gmail Filter to Focus on your Most Important Emails”