Could You be Hacked Like Twitter?

The French hacker who broke into Twitter's Google Apps and stole more than 300 private company documents has revealed in detail how he did it. Using a method known as "cracking," the man who goes by the name Hacker Croll was able to break down Twitter security by trolling the Web for publicly available information, according to TechCrunch. Eventually, Croll found one weakness many of us are guilty of -- using one password for everything -- and Twitter's security was compromised. Read on to see how Hacker Croll did it, and consider whether access to your digital life could be breached by his methods.

Croll Cracks Twitter

Hacker Croll started by building a profile of his target company, in this case Twitter. Basically, he assembled a list of employees, their positions within the company, and their associated e-mail addresses. After the basic information was accumulated, Croll built a small profile for each employee with their birth date, names of pets, and so on.

After Croll had created these profiles, he just went about knocking on doors until one fell down. That's exactly what happened when he did a password recovery process for a Twitter employee's personal Gmail account. Croll discovered that the secondary account attached to this person's Gmail was a Hotmail account. The problem was that Hotmail account had been deleted and recycled due to inactivity -- a longstanding policy on Hotmail. Now, all Hacker Croll had to do was reregister the Hotmail account for himself, go back and do the Gmail password recovery, and then Gmail sent the password reset information straight to the bad guy.

But it's not over yet. Gmail asked Hacker Croll to reset the password of the Twitter employee's personal e-mail account, which he did. But now the original user was locked out of their account, which would send up an obvious red flag. So all Croll did was search the Gmail account itself for passwords from the person's other active services. Then he entered a commonly used password he'd found, and waited to see if the person began using their account normally. Croll now had access to the Gmail account from behind the scenes, and was able to access information undetected. Making life even eaiser, the Twitter employee used the same password on her business and personal accounts, so the hacker now had access to both, and the rest was history.

Are You Vulnerable to the Same Crack?

The alarming thing about Croll's methods is they could happen to anyone. I checked my own Google account last week, and discovered I was open to the same security flaw the Twitter employee was. I had registered my Gmail account so long ago, that I'd forgotten all about my secondary e-mail address. Just like the Twitter employee, the secondary email attached to my Google Account was defunct and possibly open to re-registering by anyone. That has since been changed. I also did a search within my own email for passwords I've used, and I was amazed at how many results were returned. Do a search in your e-mail account using your most common passwords, and see what turns up. You might be surprised.

But there are a myriad of other ways a hacker could get your information. Have you ever received a Happy Birthday greeting on a public service like Twitter? Have you ever sent someone your phone number or any other information that way? What information is sitting on your social networking sites? Are your MySpace and Facebook accounts closed off, or can anyone view them who searches for you? Does your Facebook page have your birthdate, the past schools you've attended, your pet's name? Could your mother's maiden name -- a common security question -- be discovered through your social network account? What about the myriad of other services you use? If you think it's unlikely that someone could find this information, then try searching for yourself in the so-called "Deep Web" search engines like Pipl or Spokeo and see what comes up. You may find online accounts you'd completely forgotten about.

Webmail Security Similar

The other problem is that most of the major e-mail services use similar recovery methods to Google's. Hotmail is almost exactly the same as Gmail. Yahoo is even easier, since if you tell Yahoo you can't access your secondary e-mail account you can answer a secret question. Those security measures are what made it possible for a student to hack hack into Alaska Gov. Sarah Palin's Yahoo Mail account last year. In my tests of Yahoo Mail's recovery page, I got what seemed like an unlimited number of opportunities to guess my Yahoo Mail secret question. AOL Mail isn't much better, since you have a choice of entering your secondary e-mail (you have to know it or guess) or you can enter your exact birthdate plus your Zip code on file with AOL. The Zip code barrier makes it harder for someone to break in, but by no means impossible.

If you've discovered you're open to the same flaws that Twitter was, then consider this your wake-up call. You must regularly check the security settings on your various online accounts so that you remain in control of your security information since it's so easy to forget what you entered years ago. Pay special attention to secondary e-mail accounts connected to your primary e-mail address; consider giving a bogus answer (that only you remember) to security questions; and regularly change your passwords, either by your own invention or with a random password generator like GRC or Strong Password Generator. You could also get away from using just one or two passwords, and use password managers like Clipperz, KeePass or Yubico to remember your details instead. But perhaps most importantly, search for the most common passwords you use in your own webmail accounts and delete those messages. If the worst happens and your account is compromised, you'll be glad you did.

eBay Expert Tips: How to Find What You Want and Win Your Auctions

eBay is the world's biggest continuous auction. These tips and tricks will help you stay on top of eBay's daily goings-on and will give you the know-how you need for buying low and selling high.

You can buy and sell just about anything on eBay. Millions of people use it every day. But few of them know all the ins and outs of using the world's biggest and best Internet auction site. The following tools will put you well on your way toward becoming an expert.

Find rare items as soon as they are listed: If you're looking for something specific and your searches come up empty, give eBay's saved searches (in the My Account section) a try. Once you set up a saved search, eBay will e-mail you daily for up to one year when new items that match your search appear.

Automate last-minute bidding: As eBay veterans know, due to the phenomenon known as "sniping," the only bidding that matters in an online auction happens during the final moments. Free application JBidWatcher tracks multiple auctions and submits your maximum-offer, last-minute bids in sequence automatically. You can also arrange for the app to refrain from bidding on any remaining auctions in a series of related auctions the moment you win one.

Track your profits and losses: If selling on eBay is more of a vocation than a hobby for you, head over toProfBay, a Web site that tracks and graphs your eBay profit margins after subtracting your listing, shipping, and other selling fees from the equation.

Bring eBay to your desktop: eBay may have lived out the first 10+ years of its life in your browser, but nowadays the best eBay experience comes in the form of eBay Desktop, the auction site's free desktop application. Not only is it faster than the eBay you're used to, but also it supplies a real-time auction counter (so you don't have to refresh your browser in order to see how much time is left), built-in item reminders, and alerts when you've been outbid. And eBay Desktop updates automatically, so you never have to refresh your browser.

Get a great deal on misspelled items: The most important thing a seller can do is to make sure that potential buyers can find the item being auctioned. But for buyers, a misspelled auction title spells G-R-E-A-T D-E-A-L. The Typo Buddy site searches eBay (and Craigslist) for all the possible misspellings of your search term--meaning that if you're lucky, you may discover a mislabeled auction that eludes everyone else.

Get cash back on Buy It Now purchases:Microsoft's new Bing search engine is doing everything it can to attract new users from Google, even paying people to use it. Right now if you search for an eBay item through Bing, you can get up to $200 cash back on qualifying Buy It Now items. You have to click through to the eBay item from Bing, keeping an eye out for a gold cash-back icon, so it's a little more complicated than just buying straight from eBay, but under the right circumstances the savings may be worth it.

Developer's Choice: Refine Your Searches

"[O]ne of the best tools for refining searches is the ‘Refine Search' box on the left-hand side on the first page of search results. This box provides drill-down options for lower-level categories where the item you seek may be located, reducing the need to scroll through long lists of items that may not be related directly to the item for which you search."

Five Reasons Chrome OS Will Succeed

There's little doubt in my mind that Google will not fail with Chrome OS. (For the opposite view, see "Five Reasons Google Chrome OS Will Fail" by my mistaken colleague, David Coursey.) Sure, the company's been known for a few misses, but it's already proven that it can build a solid operating system -- not to mention a Web browser, cloud computing suite, and the best search engine in the world. If you're not sold on track record alone, here are five reasons Chrome OS will succeed:

Brand Name

Even before Android found its way into any devices, it had street cred. That's paying off now, as smartphone manufacturers jump on board with the open OS with the easily-recognizable brand. Expect Google to get the same traction with Chrome OS, with both consumers and manufacturers. The average user may be frightened by Linux, but soothed by the open arms of Google.

Price

Google hasn't announced how much Chrome OS will cost, but I'm willing to bet it will be cheaper than Windows XP, even at Microsoft's discounted netbook rate. Because its bread-and-butter remains in search ads, Google can afford to undercut Microsoft, which is already sacrificing OS profits to hang onto market share.

Good Specs Allowed

With Microsoft allegedly limiting the power and size of discount Windows XP-licensed netbooks, the door is open for Chrome OS to back better machines. Imagine, a netbook with 2GB of RAM and hybrid HDD/SSD storage. It could happen if Google convinces manufacturers to offer hardware upgrades for Chrome OS models.

Netbook Market Shift

Intel desperately wants consumers to know that netbooks aren't the same as full-powered PCs, because the cheap mini-notebooks are cannibalizing sales of their more expensive processors. Chrome OS will help send the message home with a simple, Web-only device, just in time for the rush of consumer ultra-low voltage PCs that offer cheap yet more powerful computing. The netbook market will change, and Google will be in perfect position.

Faster, Smarter

In short, Chrome OS will do everything that Linux couldn't do on its own. With Google promising continued support for new hardware devices and support for developers to build apps, Chrome OS will look more attractive than Linux, and even Ubuntu. Add the simplicity and security that Google wants to provide, and Windows XP starts to seem like a second-tier offering.

Five Reasons Google Chrome OS Will Fail

As smart and popular as Google may be, the success of Chrome OS is not a fait accompli. Sometimes the smartest and most popular kid at school simply falls on his face. Google Chrome OS could very well turn out to be that kid.

Will Chrome OS be the promising upstart that fails to thrive in the real world? It's much too early to tell, but here are five reasons that Chrome OS could fail:

(For an opposing view, read "5 Reasons Chrome OS Will Succeed" by my esteemed, but misguided, colleague Jared Newman.)

1. Netbooks aren't the world

Netbooks may be important, but they remain a tiny part of the world's PC sales. Google's bet is predicated on strong demand for weak computers. It also takes advantage of a kink in Microsoft's armor: MS actually needs to sell its operating systems while Google can, for now, afford to just give Chrome away.

However, operating systems have been given away for years now and Microsoft has persisted. Linux accounts for about 1 percent of the OS market today, and has already lost the battle for netbooks. And there is a reason for that: It isn't Windows.

Google is counting on users of small computers not being tied to specific applications and being willing to accept low cost and, perhaps, ease of use over a more familiar and more powerful environment.

Some doubtless are, but enough to really challenge Microsoft? Not anytime soon.

2. Microsoft Can Shoot to Kill

I'm Steve Ballmer and here's what I say: Windows 7 NB (for netbooks) will be free through all of 2010. Starting right now. Anything Google can do, Microsoft can--at least theoretically--do better. Google wants to give away a netbook operating system? So can Microsoft.

It will be hard for regulators to complain as Microsoft is now reacting to a powerful competitor's frontal assault on Windows. And placing and end date on the freebie--which can always be extended--allows MS to charge once Chrome is vanquished.

But, does Microsoft even have to do this? No. There is strong evidence--Linux on netbooks, for example--that Microsoft can still successfully charge for what other's give away.

Do not underestimate what can happen when Microsoft gets mad. The company's biggest enemy in recent years has been itself. A new external threat may help Ballmer & Co. sharpen their thinking and respond like an angry immune system to isolate and overwhelm a foreign organism, like Google.

3. Google Docs is the best they can do

So far, Googles efforts at creating cloud applications have been pretty feeble. Look at all the things Google Docs don't do that people need, at least occasionally. Google needs to prove that applications-as-a-service can match those users install. So far, it hasn't come close.

Google's cloud computing strategy so far is "applications lite," which may be fine for occasional use, just like a netbook, but don't meet enough needs to be a real solution.

4. Chrome isn't a "real" operating system

If I were building Chrome, I'd do everything possible to hide the operating system and hope users don't notice what's been left out.

But is that possible? At what point must something that looks and acts like an operating system be presented to users? How much functionality can be sacrificed to provide ease-of-use? Google describes Chrome almost as though an operating system can do all its work behind-the-scenes. I am not sure this is as possible as Google might like to believe.

The closer Chrome comes to being a "real" OS, the more Linux-y it will become. Oops! A one-way ticket on the Voyage to the Bottom of the Market awaits.

5. Compatibility matters

Compatibility, both hardware and software was the major reason why the world anointed Microsoft its King of Computing. You may not remember the days of incompatible word processors, spreadsheets, and file systems, but I do.

Microsoft became a monopoly because a single vendor could best meet the needs of the largest number customers by imposing standards. Customers voted Microsoft the winner and they like not having to worry about compatibility issues.

My sense is that Chrome will be a lowest-common-denominator operating system for computers so small and inexpensive as to be essentially disposable.

It is true such a computer will do 80 percent of what I need to accomplish each day, but the other 20 percent requires specialized software, sometimes specialized hardware, and maybe more horsepower than a netbook can possess.

Compatibility really matters and while Chrome's world may be complete as far as it reaches, there is always more. That's why Windows, frustrating as it may be, will prevail. The "20" in the 80/20 Rule matters a lot more than proponents of "80 is good enough" like to think.

The example I use, and this applies equally to Macintosh, is the large number of specialized apps that exist only for Windows. They could be written for Mac or Linux but because Windows is so dominant, developers see no reason to build for other platforms.

I am about to buy a netbook primarily to replace a Windows laptop for carry-around use with an application that doesn't require a lot of horsepower, but for which only Windows software is available.

Chrome will have to become more popular than I can today imagine for this software to be ported over anytime soon. Some people just need Windows and it will be a long time before Chrome can negate that.

I am not predicting Chrome's doom even before it starts shipping, but it's important to think about the challenges any new operating system faces. They are considerable and, so far, no one has come close to clearing them. (Even Microsoft, some will say).

Google Chrome OS: Win or Fail?

Google has always been a threat to Microsoft. After unseating the software giant from the browser space, Google began hammering Microsoft's position in Web mail, chipping away at Office's features, and then pushing into the competitive browser market. Now Google is bringing out the big guns with Chrome OS, a cloud-based operating system clearly aimed at taking out Microsoft's main fortress, Windows.

News of Google Chrome OS has sparked some heated debate here at PCW, and there's plenty of disagreement about how the future will play out. Will Chrome's cloud-based model finally push Web-based office apps into the mainstream and change the way we all work? Or will Microsoft's long-held dominance dispose of Google's new pet project just as it has kicked aside so many threats from Linux variants in the past?

There are good arguments on both sides of the question, and of course, this battle is just starting to heat up.

Hands On With Google Voice -This Is Really Cool

Chances are you've heard or read about Google's phone management system Google Voice, but you're not really sure what it does. There's a good reason for this aura of mystery. Google Voice got its start as a phone service called GrandCentral, which the search giant bought in 2007. It's been in beta ever since -- but unlike other Google betas that are open to the general public, this one was limited to former GrandCentral users and a select group of industry elite.

But now Google is opening up the service to a limited number of new users, many of whom I'm sure will be as impressed as I am with Google Voice's power and elegance. Even better, Google Voice is free -- at least for now. It's likely that Google will need to monetize the service at some point, either via subscription fees, advertising, or some sort of newfangled revenue scheme. But for the lucky few using the service today, there's no charge.

The Basics

Google Voice provides a single phone number, such as 415-555-1212, for all your cell, home, and work numbers, and lets you manage your voice services online. Unlike a landline service, a Google Voice number isn't tied to a geographical location. Unlike a cellular service, it's not linked to a specific handset. And unlike a VoIP line, it's not matched with an IP address. Rather, it's tied to you. So if you move, change jobs, or switch wireless carriers, your Google Voice number stays with you. One drawback: you can't port your current number to Google Voice, although that option may be added in the near future, the company says.

This isn't a Skype-type service either. You don't use your computer to make phone calls, and there's no additional software or hardware to install or buy. (You can, however, use the Click2Call feature from the Google Voice website to place calls.) Is it perfect? No, it's got a few quirks, and the myriad of configuration options can be confusing at times. But Google's onto something big here. A service that helps manage the multiple phone lines in our lives should have universal appeal.

Google Voice provides a powerful suite of communications tools, including the ability to:

• Forward calls from your Google Voice number to one or more phones, or directly to voicemail. Based on who's calling, you can select which of your phones will ring.
• Receive text (SMS) alerts when you get a call.
• Transcribe voicemails, which Google Voice will send as email and/or text messages to your cell phone.
• Listen to voicemail messages as they're being recorded-a great throwback to the home answering achine.
• Screen callers by asking for and recording their names.
• Block annoying callers by playing a number-not-in-service recording when they call.
• Vary personalized greetings by caller.
• Record phone conversations and listen to them in your Google Voice inbox.
• Switch phones during a call.
• Use the free GOOG 411 service to say the name and location of a business, and have your call connected for free.
• Phone U.S. numbers for free.

Getting Started

Since Google Voice is a browser-based service, you won't need to install software on your Mac or Windows PC (or mobile phone) to get started. Like most Google apps, Voice has a clean, no-frills interface that's easy to learn. The Settings page provides easy access to the rich set of phone tools.

The setup experience is best via a traditional browser on a desktop or laptop PC. You can access all the core features via a smarphone at www.google.com/voice/m, but the mobile interface is shoehorned into a smaller screen. I found Google Voice very easy to navigate on a Windows laptop running the Google Chrome browser, but a real challenge using a Samsung Rant phone.

To get started, you'll need to enter one or more phones to your Google Voice account. As the screen below indicates, this is a snap. (Note: I added the black smudge to the left of "Send feedback" to obscure the account's real user name and phone number.)

The setup process does raise security concerns. What's to prevent you from adding any phone number you want? Well, once you've entered a number, Google Voice calls it. An automated voice prompts you to enter a two-digit verification code (e.g., 80).

I added three phone numbers, two mobile and one home. Despite a couple of verification hiccups, the process was easy. What went wrong? With two of the lines (one home, one mobile), I had to verify the numbers twice. After the first tries, Google Voice posted this message in my browser: "We could not verify your phone. Please try again." I may have hung up too early after entering the digits on the first try, but I'm not sure.

Call Routing Good, Transcripts Bad

Google Voice's flexibility is fantastic. You can route incoming calls from your Google number to one or more phones, or send them directly to voicemail. You also can record custom greetings for individuals or groups, such as family, friends, or co-workers. If you're a Gmail or Google Talk user, your contacts will automatically appear on your Google Voice site. Also, any updates made to your contacts in Google Voice (such as changing a phone number) will appear in your other Google services as well.

Importing contacts from non-Google services isn't as easy, however, and there's room for improvement here. To transfer an address book from, say, Yahoo Mail or Microsoft Outlook, you'll need to export the data to a CSV file and import it into Google Voice. While this isn't too difficult for those who know their way around a spreadsheet program like Microsoft Excel, it's not exactly seamless either. You can only import 3000 contacts at a time, which shouldn't be a problem for most users.

Unfortunately, Voicemail Transcripts is one of those features that looks great on paper but isn't ready for the real world. Here's how it works: When you receive a voicemail, Google Voice automatically transcribes it into text. These transcriptions appear in your inbox, and the service will email or text them to you if you want. Problem is, the transcriptions are often full of inaccuracies, a fact that Google admits in its tutorial.

Here's my transcription of a message I left for myself:

"Hey, Bob, just calling to give you directions to the meeting. Take the 101 exit at Fallbrook and turn right. Then take a left on Downey. The Westlake Building is at 101 Downey, and it has a green awning in front. You can't miss it. Okay, see you at five. Bye"

Here's Google Voice's transcription:

"hey bob just calling to give you directions to the meeting take the 101 accidents all work in turn right then take a left on down the the Westlake building is at 101downy and it has a green on tenyon front you can't miss it okay see you would 5 bye"

As you can see, Voicemail Transcriptions can't be trusted for relaying important information like driving directions. So in many cases you're better off listening to the original voicemail, which, of course, is easy to access as well.

Cool Call Recording

If you need to record calls for personal or business use, Google Voice is a great alternative to physical recorders that attach to a phone line. (And it's cheaper too.) To begin recording a call, simply press 4 on your phone. Once the call is complete, you can listen to the recording in Google Voice, which also saves a copy of the audio file.

This feature raises privacy concerns, of course. Depending on where you live, it may be illegal to record a call without the other party's knowledge. As a precaution, Google Voice plays a "Call recording on" message when the recording begins. When the recording stops, you hear "Call recording off."

I really like how Google implemented call recording. It's very easy to use, and the ability to archive recorded calls as you would voicemail messages is very convenient. There are some limitations, however. For instance, you can only record calls you receive on your Google Voice number. So if you get a work call that comes in via your regular business line, you can't record it. Also, you can't record calls that you initiate using Click2Call or the Return Call features on the Google Voice site.

A Great Deal

Google Voice has so many features that I've barely scratched the surface of what it can do. Is it worth trying? Absolutely. Since it's free, you've got nothing to lose by giving it a whirl.

Google Voice: 5 Reasons to Use It, 5 Reasons to Think Twice

After weeks of anticipation, Google is finally accepting a limited number of new users into its Google Voice phone system. Google Voice allows you to unite all of your phones under a single number and then use a powerful set of controls to determine how calls are handled. It packs plenty of other impressive functionality, too, including voicemail-to-text transcribing and advanced call-screening.

(Check out PC World's review of Google Voice)

At the same time, though, adopting Google Voice as your communications commander introduces some potential negatives, ranging from privacy-related concerns to questions about reliability. Here's a breakdown of five pros and five cons to help you determine whether the service is right for you.

Google Voice: 5 Reasons to Use It

1. Routing power

Google Voice eliminates the problem of having multiple numbers for multiple purposes. Once you sign up and receive a phone number, you input all of your existing numbers--your cell phone, work phone, home phone, and anything else--into the control panel. Then, when you receive a call, all of your phones will ring (or a smaller subset, if you choose), and you can answer on whichever one is most convenient at the time.

The true power, though, comes with Google Voice's advanced routing options. You can set your preferences so that certain calls will ring only certain phones. If, for example, you wanted your spouse's calls to go straight through to your cell phone, or your mother's calls to ring only on your home phone, you could make those specifications. You could even set certain callers to be routed directly into your voicemail.

2. Screening power

Once a call comes through, you have a whole new set of options. When you pick up the call, and while the caller still hears ringing, you'll be presented with the person's name and four options: answer the call, send it to voicemail, send it to voicemail and listen in live, or answer and record the call.

Google Voice uses information from your address book to tell you who's calling. If the caller isn't in your contacts list, Google Voice can ask for their name and play it back for you when you pick up.

3. Voicemail power

As mentioned above, Google Voice's voicemail system allows you to listen in while someone is recording a message. If you decide to pick up midmessage, you simply press the star key and begin talking.

Google Voice's voicemail is fully accessible over the Web, too: You can listen to voicemail online, forward voice messages to other users, and even embed them on other Web sites. Google Voice also offers text transcriptions of your voice messages and the ability to receive them via e-mail or text message.

4. SMS power

SMS is fully integrated into Google Voice. If someone sends a message to your Google number, the service will route it to any mobile phones you have connected. You can reply to text messages from any phone as well, or via the Google Voice Web interface.

Google Voice can also store all of your text messages within its Web interface for permanent archiving. That means every text you've ever sent or received can be filed, searched, and kept forever--as if it were e-mail. Like Gmail, the Google Voice Web system displays back-and-forth messages as conversations to make following dialogues easier.

5. Midcall power

Google Voice gives you added power while you're in the middle of a call, too. You can start and stop recording calls with the touch of a single button, and then access those recordings online. You can also switch phones without having to interrupt the call: You simply press the star key while talking, and your other connected phones will begin to ring. At that point, you can pick any of them up, hang the original phone up, and go about your conversation as if nothing had happened.

Google Voice: 5 Reasons to Think Twice

1. Privacy

As is the case with many Google products, privacy is a hot topic within discussions of Google Voice. By using Google Voice to control all of your phone activity, you're exposing a vast amount of personal information to Google. Everything from whom you call to what you discuss--yes, even in hazy late-night text messages you yourself may not remember--is stored on Google's servers. Together with the other various data Google may have on you, all of that could create quite a portfolio.

Is Google suddenly going to publish your entire life on the Web? Of course not. Like other Google services, Google Voice is governed by a privacy policy that explains what can and can't happen with your data (and, I think it's safe to say, selling your 3 a.m. texts to Penthouse Forum is not one of the approved options).

Still, the data is in someone else's hands, and it could be used for certain purposes outside of your own personal perusal. Some privacy advocates have expressed concerns that Google Voice may lead to "increased profiling and tracking of users without safeguards." Whether that's a problem is largely up to you, and how comfortable you feel with the situation.

2. Advertisements

As of now, Google Voice is completely cost-free and ad-free. The ad-free part could easily change, however. Just this week, one analyst told the New York Times that he expected Google to use the system to "help accelerate [its] mobile penetration by creating a larger mobile ecosystem against which Google can sell/target/monetize advertisements."

What's more, the fact that Google has so much of your information could play a key role in any future monetization plan: Much as Gmail has used content from your messages to determine what ads show on the page, Google Voice could use data about your calling habits or the content of your texts to customize ads within the service.

3. Reliability

We like to think that Google will never fail us--but the fact is, technology is fallible, and things do go wrong. The world has certainly seen plenty of Google-related service outages over the years, including one last month that took almost all Google products offline for a large number of users. It's frustrating to be unable to access your e-mail or RSS feeds; but for many people, the risk of not being able to receive any calls or text messages may be far more troubling.

So what if Google Voice does go down? Even if it's a rare occasion, are you okay with it? The idea isn't completely far-fetched: During last month's Google outage, some users who were a part of early Google Voice testing say that their Google number did stop working. "My wife called my number and actually got throu gh to a stranger," one user told xconomy.com. "This has got to NEVER happen again."

Other users have reported some less extreme problems using the service, such as failed call recordings and other similar issues. All of that is important to consider before you commit to depending entirely on any new system.

4. Caller ID confusion

If you start using a Google Voice number as your primary number, be prepared for the fact that regular calls from your cell phone (or any other phone) will still show up as your old number. This may create confusion, as the number you give out won't match the number from which you actually call.

Notably, the service does offer a way to make calls that will show as coming from the Google Voice number: You can go through the Web interface and type in a number, and then have Google dial you to begin the call; or you can dial your Google Voice number directly and then place the call through it. Regardless, it's an extra step that could prove to be cumbersome.

5. Number-changing hassle

Aside from the caller ID confusion, you'll have to get people to start reaching you at a new number. Particularly with the often-permanent nature of cell phone numbers nowadays, that may prove to be easier said than done. You might have to reprint business cards or stationery, and you'd have to take the time to update your information anywhere you have a registered account (the cable company, doctors' offices, and so on).

Google says it hopes to offer the option to port an existing number into Google Voice in the future. That capability, if and when it's introduced, would cut down on some of the hassle. Until it is introduced, though, be sure to think carefully about what's involved before you decide to make the move to the new service.

So there you have it: ample food for thought as you determine whether Google Voice is right for you. Of course, you still have to get an official Google invitation first. Gauging by the number of people who signed up, that could take a while -- so you probably have plenty of time to think.

Google to Try More Security on Gmail

After prompting by a group of privacy advocates, Google said Tuesday that it plans to test a more secure version of its Gmail service to see if it is viable.

Google plans to change its back-end servers so that some users will automatically use an encrypted HTTPS (Hypertext Transfer Protocol Secure) connection when they use Gmail. Right now, everyone uses HTTPS to log in to Gmail, but after that Web pages are sent without encryption.

This is a bad thing, privacy experts say, because it means that hackers with access to a network -- say at a café with Wi-Fi -- could take over a Google account using a technique known as session hijacking. They could also read e-mail, which often contains sensitive information.

"If you wanted to steal someone's identity, the inbox is where it's at," said Christopher Soghoian, one of the experts who called on Google to make the changes.

Soghoian, a student fellow with the Berkman Center for Internet and Society at Harvard University, was one of 38 security and privacy experts who Tuesday called on Google to adopt HTTPS.

Not only does HTTPS encrypt e-mail, making it harder to read, it also provides a way of authenticating the servers, so users can be more sure that they're really talking to Google and not some phishing site.

Gmail users can already read their messages via HTTPS, but to do this they need to click a "browser connection" box at the bottom of the settings page. Under the test, HTTPS would be turned on by default. HTTPS can be used to securely connect part or all of a Web page.

Google Docs and Calendar users can connect via HTTPS as well, but there's no setting to make this permanent. Users must simply type in https:// every time they connect to these services.

Last year, Google said it didn't use HTTPS by default because it would make the Web site too slow.

Soghoian has floated the idea at privacy events over the past few weeks that Google should be pressured to adopt SSL (Secure Sockets Layer), and Google's response to him was fast.

"We'll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their e-mail," Google Software Engineer Alma Whitten said in a blog posting Tuesday. "Does it load fast enough? Is it responsive enough? Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS?"

If the test works out, then Google will "turn on HTTPS by default more broadly, hopefully for all Gmail users," Whitten said.

Google wouldn't say when it will begin testing, but the company is ahead of rivals Yahoo and Microsoft, which do not offer their users an HTTPS connection, said Jeremiah Grossman, chief technology officer with White Hat Security.

Because encrypted messages contain more information, HTTPS can slow down Web surfing, and if Google finds that performance is so bad that some users drop the service, that would be a major problem, he said.

On the other hand, HTTPS performance can be sped up by using special chips on the server, called accelerators. But that costs money.

"Free, always-on HTTPS is pretty unusual in the email business, particularly for a free email service," Whitten wrote. "But we see it as another way to make the Web safer and more useful. It's something we'd like to see all major webmail services provide."

Google Removes 'Beta' Label from Gmail, Calendar, Other Services

Google is removing the "beta" label from many of its key services, including Gmail, Google Calendar, Google Docs, Google Talk, and Google Video for Business. The move is seen as a way to attract large businesses to Google Apps, its suite of messaging and productivity applications.

For most users of Gmail and Google Calendar, today's news is little more than a lifting of the "beta" label for these already-reliable Google services. But Google says removing the "beta" label is a big deal for the businesses that it hopes will switch to Web-based Google services -- and away from software-based services offered by Microsoft and IBM.

Bye Bye Beta, Hello New Features

Google says it has beefed up the Google Apps suite by adding offline access to e-mail and calendars and streamlinging access to Google Apps for BlackBerry users. Google also says that its Web-based messaging platform is now more compatible with Microsoft Outlook and it has improved contact management for Google Apps.

Google hopes large businesses will now feel more comfortable about entrusting Google with its core communications services. A Google Apps Premier Edition account, which includes Gmail, instant messaging, documents, and spreadsheets (among other apps) cost businesses $50 per user per year.

"We've come to appreciate that the beta tag just doesn't fit for large enterprises that aren't keen to run their business on software that sounds like it's still in the trial phase," wrote Rajen Sheth, senior product manager, Google Apps, in a blog post announcing the changes.

Google: The Little Guy

"No business is going to rely on a 'beta' service for something as important as e-mail," says Matt Cain, lead e-mail analyst with market research firm Gartner. But, he adds, just by lifting the beta label does not guarantee Google success.

Google may be a giant in the search engine space, but the company is only a bit player when it comes to providing e-mail to businesses. Microsoft owns about 70 percent of the e-mail market, followed by IBM with 17 percent, according to Gartner. Cain says Microsoft and IBM don't have any serious competition yet, but can expect nipping at their heels from Web-based services such as Google and a new offering from Cisco expected as a result of the company's purchase of PostPath. These services are cloud based, meaning companies don't have to host servers on site and any heavy infrastructural lifting is done by the provider offsite. Google's pitch for its communications suite also includes a claim that Google Apps can save companies 50 to 70 percent compared to "other e-mail solutions."

In recent months Google has stepped up its battle against Microsoft to win over the enterprise business market. Last month Google released a new plug-in that allows businesses to switch to Google Apps. The utility can migrate a company's e-mail, calendar, and contacts to Google's cloud while retaining the interface of Outlook.

"Google has listened to what enterprises want, and it has delivered much of that," Cain says. Google says it manage 15 million business inboxes and "tens of millions" more consumer Gmail inboxes.

Cain doesn't anticipate cloud-based e-mail management to pose a threat to offerings provided by Microsoft and IBM for another two to four years.

Bring Back the Beta!

Google representatives say by no means does the removal of the beta label mean Google will stop innovating and experimenting with new features offered through Google Labs for Gmail, Google Calendar, and other Google App services. It says existing Google Labs users can re-enable the beta label for Gmail from the Labs tab under Settings.

Zero-day ActiveX Hole in Windows XP Under Attack

Crooks are going after a new security flaw involving the Microsoft Video ActiveX Control in Windows XP and Server 2003, Microsoft today announced.

Redmond's Security Advisory 972890 details the new threat, which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected, but Microsoft still recommends that users of those operating sytems apply the workaround (see below) as a precautionary measure. Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.

There are already active attacks against the new hole, according to both the advisory and another Symantec post, which states that "thousands of websites have been compromised and are now hosting the exploit for this issue." Microsoft says there are no known legit uses for the afflicted ActiveX control, and is providing a 'Fix it' workaround solution to disable it while the company works on a patch.

To apply the fix, visit Microsoft's Knowledge base article 972890 and click the "Enable workaround" Fix it link. Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the "Disable workaround" link.

ALTERNATIVE:

The correct "workaround" is to use any other browser; never use Internet Explorer on the Internet for any purpose other than Windows Updates. It is a mess of security holes, with about as much security as a mosquito net made from chicken wire.

remember - Firefox IS open source - means: more bugs come up.. still they get fixed faster than M$ is doing it and MOST of them are fixed before people know them and can use against you..


Just use FireFox........ that's all I really have to say. Attackers haven't really set their sights on it so it'll be safe for the next 6 months or so.

Fraudsters Try to Scam Security Expert on EBay

When security expert Bruce Schneier tried to sell a used laptop on eBay, he thought it would be easy. Instead, a sale was aborted twice -- first by a scammer using a hacked eBay account and then by a buyer who tried to trick Schneier into sending her the laptop after she cancelled payment.

Schneier, the chief security technology officer at BT, is an authority on cryptography and frequently speaks and writes on security-related issues.

Schneier's first attempt to sell the used Sony Vaio TZ-series on eBay appeared to be successful within hours of its listing, but eBay cancelled the sale saying the winning bid came from a hacked account, he wrote in a blog post on Friday.

A second attempt to sell the laptop also appeared to be successful within hours of being listed on eBay. The buyer paid for the laptop using PayPal and requested that Schneier send it to her using FedEx. She then canceled the payment by disputing it with PayPal, apparently hoping that the laptop would be shipped before Schneier found out.

"But PayPal was faster than she expected, I think. At the same time, I received an e-mail from PayPal saying that I might have received a payment that the account holder did not authorize, and that I shouldn't ship the item until the investigation is complete," Schneier wrote.

The experience left Schneier frustrated and looking for a buyer interested in the used laptop.

"I'm willing to make Attempt 3, if just to see what kind of scam happens this time. But I still want to sell the computer, and I am pissed off at what is essentially a denial-of-service attack," he wrote.

At the time of writing, an eBay representative could not be reached for comment.

Microsoft Security Essentials: Basic, Automatic Protection

Intuitively designed security software provides free, up-to-date antivirus coverage.

Microsoft today released a limited beta version of Microsoft Security Essentials, a free antivirus application for users of Windows XP, Vista, or 7. The new app, which will replace Windows Live OneCare, aims to cover the basic security needs of home users, and its easy-to-use interface appears to be taking the right approach to the task.

It's easy to get started with Microsoft Security Essentials. When you launch it for the first time, the program will download and install Microsoft's most up-to-date virus definitions and then scan your system. Once installed, the software keeps current by automatically downloading new virus definitions daily via Windows Update.

The Microsoft Security Essentials interface is clear-cut and cleanly designed. At the top of the window, you'll see your computer's protection status--protected, partially protected, or unprotected. Everything else appears in four tabs: Home (which shows you an overview of your settings, and has a Scan Now button), Update (where you can manually update your virus-definition files), History (which logs all of the malware cleaned from your system) and Settings (self-explanatory).

You'll likely spend most of your time on the Home tab; "set it and forget it" aptly describes Microsoft Security Essentials. The default settings are appropriate for most users, though I would have expected Microsoft Security Essentials to offer some of the options-- to scan removable drives and to check for updates before scanning your system, for example--on the first run-through.

Regrettably, some of the settings are a bit cryptic. For example, on the Settings tab under 'Default actions', Microsoft Security Essentials defaults to 'Microsoft Security Essentials' recommended action' for all of the options--without identifying the recommended actions. You have to poke around in the help system to find out what the recommended actions are.

In addition, I was initially confused because Microsoft Security Essentials doesn't mention within the app that Windows Update automatically installs new virus definition files. As a result, you might suppose that you must constantly install new virus definition updates manually. A simple note on the Update tab would be a welcome clarification.

Whether this software can help Microsoft corner the PC security market remains to be seen, but Microsoft Security Essentials is a user-friendly antivirus app that should cover the basics for most users. Look for more about Microsoft Security Essentials--including malware detection and removal testing--as its official, final release approaches, and visit our Security Topic Center for ongoing coverage of security news and products.

Conficker: Forgotten but not Gone

Conficker may not dominate the headlines any longer, but it's still going strong, according to Trend Micro's Malware Blog and stats from the Conficker Working Group.

The worm/botnet grabbed plenty of attention earlier this year, and I wrote plenty about it myself. Part of that focus came from its giant infection rate, part from its sophisticated techniques, and part was pure hype. And after a ballyhooed April Fool's day threat came and went with little incident, it seemed to largely vanish from the public eye.

But it didn't go away. According to stats from the Conficker Working Group, the number of unique IPs seen infected with the first two Conficker variants has bounced around some, but has generally risen since the end of May. On 5/31 it was at 3.7 million. On 6/29, it was 5.1 million.

As Trend's post states, that puts the estimated number of actual infections at a minimum of about 1.2 million, which is a serious botnet indeed. Conficker's creators have previously used it to spread fake antivirus programs, and a botnet (a network of malware-infected PCs) can be instructed to perform a wide variety of money-making tasks for its controller, such as sending spam.

So while Conficker might not have caused the sky to fall, it's still worth keeping in mind as a real threat. Here's a simple visual test to help determine whether any given PC might be infected, and here are protection steps for keeping a computer free of the worm.

Well-honed Attacks Sneak Under the Radar

Samples of documents used in carefully prepared targeted attacks make clear that while a suspicious eye is a great security tool, some especially dangerous attacks might slide right by you.

Targeted attacks often send a carefully constructed e-mail to one or a handful of specifically chosen targets. The messages are well-written, and don't contain the tell-tale typos and errors that often accompany malware campaigns. They're far more rare, and far more dangerous, than the average attack.

The seven 'bait file' samples posted by F-Secure "have been used to infect specific individuals in different organizations in order to gain access to their computer," the company writes,and all contained exploits that would install remote-control malware on a victim PC.

But of the five I can read (one appears to be in Russian, another German), only one would immediately trigger my own warning bells. If I opened any of the other .pdf or .doc files I probably wouldn't notice anything amiss.

The good news is that even if one of these sneaky little buggers crept past you, they'd likely hit a brick wall if your software was up-to-date. Unless a targeted attack goes after an unpatched zero-day software flaw (which unfortunately does happen), its exploit payload would fizzle out if you've patched the flaw it looks for. So keep clicking yes to those automatic update notices, and fire up that Secunia PSI.