Scammers Scam Gmail Scam Filters

This amused me. A scam message got through Gmail’s eagle-eyed scam filters telling me to update my account details. That’s not unusual. But was it because the scammers added their own assurance that they had already done the filtering?

image

It says:

**************************************************************************
This footnote confirms that this email message has been scanned by New Google Mail-SeCure for the presence of malicious code, vandals & computer viruses.
**************************************************************************

Well that’s alright then.

The Gmail Phish: Why Publicize, and Why Now?

This Google Gmail phishing case has gotten quite a bit of attention, so I thought I’d throw in my two cents’ worth. (These are notes I collated for a segment I did for Al Jazeera earlier today. I didn’t do a particularly good job of getting these points across, and some of the stuff came in after it was done. )

Google says the attack appears to originate from Jinan, but doesn’t offer evidence to support that. I think it would be good if they did. Jinan is the capital of Shandong Province, but it’s also a military region and one of at least six where the PLA has one of its technical reconnaissance bureaus. These are responsible for, among other things, exploitation of foreign networks, which might include this kind of thing. The city is also where the Lanxiang Vocational School is based, which was linked to the December 2009 attacks on Google’s back end systems. That also targeted human rights activists. Lanxiang has denied any involvement the 2009 attacks.

I’d be very surprised if this kind of thing wasn’t going on all the time. And I’m very surprised that senior government officials from the U.S., Korea and elsewhere are supposedly using something like Gmail. There are more secure ways to communicate out there. I think it’s worth pointing out that this particular attack was first identified by Mila Parkour, a researcher, back in February. Screenshots on her blog suggest that at least three U.S. government entities were targeted.

I asked her what she thought of the release of the news now, four months later. Does this mean, I asked, that it took Google a while to figure it out?

As for any other vendor, investigations take time especially if they do not wish to alert the actors and make sure they shut down all the suspicious accounts.

And why, I asked, are they making it public now?

I think it is great they took time to unravel and find more victims and try to trace it. Looks like they exhausted all the leads and found out as much as they could to address it before going public . It has been three months and considering that hundreds of victims [are] involved, it is not too long.

This is not the first time that Google and other email accounts have been hacked in this way, and it’s probably not the last. It’s part of a much bigger battle going on. Well, two: one pits China–who are almost certainly behind it, or at least the ultimate beneficiaries of any data stolen, against regional and other rivals–and the other is Google making these things public. For Google it’s a chance to point out the kind of pressures it and other companies are under in China. Google in January 2010 said it and other companies had been under attack using tricks that exploited vulnerabilities in Google’s network to gain unauthorized access.

Google says it went public because it wants to keep its users safe. This from Myriam Boublil, Head of Communications & Public Affairs at Google Southeast Asia:

“We think users should be aware of the disturbing campaign we’ve uncovered to collect user passwords and monitor user email.  Our focus now is on protecting our users and making sure everyone knows how to stay safe online”

This  attack is not particularly sophisticated, but it involves what is called spear phishing, which does involve quite extensive social engineering techniques and reveals the object of the attacker’s interest is not random, but very, very specific. If you judge a perpetrator of a crime by their victim, you don’t have to be a rocket scientist to figure out who is the ultimate recipient of any intelligence gathered.

Facebook Messaging Fail

Searching messages Yoko Kobayashi  Error

Is it me or does Facebook messaging suck? I thought they were hoping to turn it into something special, a Gmail killer, but every time I look for an old message I get the above.

New in Gmail Labs: Smart Labels

New in Gmail Labs: Smart Labels

Wednesday, March 09, 2011 | 10:00 AM

Posted by Stanley Chen, Software Engineer

People get a lot of email these days. On top of personal messages, there are group mailing lists, social network notifications, credit card statements, newsletters you might have signed up for, and promotional email from a shopping site you used once months ago. Gmail’s filters and labels were invented to help manage the deluge, but while I have about 100 filters that triage and label my incoming mail, most of my friends and family have all their messages in a giant unfiltered inbox.

Last year, we launched Priority Inbox to automatically sort incoming email and help you focus on the messages that matter most. Today, we’re launching a complementary feature in Gmail Labs called Smart Labels, which helps you classify and organize your email. Once you turn it on from the Labs tab in Settings, Smart Labels automatically categorizes incoming Bulk, Notification and Forum messages, and labels them as such. “Bulk” mail includes any kind of mass mailing (such as newsletters and promotional email) and gets filtered out of your inbox by default (where you can easily read it later), “Notifications” are messages sent to you directly (like account statements and receipts), and email from group mailing lists gets labeled as “Forums.”

If you already use filters and labels to organize your mail, you may find that you can replace your existing filters with Smart Labels. If you’re picky like me and still want to hold on to your current organization system, Smart Labels play nice with other labels and filters too. On the Filters tab under Settings, you’ll find that these filters can be edited just like any others. From there, you can also edit your existing filters to avoid having them Smart Labeled or change whether mail in a Smart Label skips your inbox (which you can also do by just clicking on the label, then selecting or unselecting the checkbox in the top right corner).

Labs in Gmail are a great testing ground for experimental features, and we hope Smart Labels help you more effortlessly get through your inbox. If you notice a message that was automatically labeled incorrectly and want to help us troubleshoot, you can report miscategorizations from the drop down menu on each message (in doing so, you’ll donate the full message to our engineers so that we can improve the feature). Give it a try and send us feedback on how we can make it work better for you!

This could be interesting. One day they’ll use Bayesian filters and we won’t even have to set up filters of our own. One day.

Google’s Missteps

By Jeremy Wagstaff

This one needed some correcting, for which apologies, and also, unsurprisingly, attracted some opprobrium. It’s Google Notebook, not Notes, and Jaiku’s founders are Finnish, not Swedish.

I’m a big fan of Google. A big fan. But I’ve finally realized what its problem is. It doesn’t know what the hell it’s doing.

Take its recent decision to close something called Google Wave.

Google Wave was introduced to much fanfare back in May 2009. I can’t really describe what it is, but I can tell you what Google called it. Email killer, a new version of the web, etc etc. “Wave is what email would look like if it were invented today,” said one of its creators.

Then, a few weeks back, they killed it. CEO Eric Schmidt said: “We liked the (user interface) and we liked a lot of the new features in it,” he was quoted as saying,  “(but) didn’t get enough traction, so we are taking those technologies and applying them to new technologies that are not announced.”

Schmidt explained Google’s policy like this: “Our policy is we try things. We celebrate our failures. This is a company where it is absolutely OK to try something that is very hard, have it not be successful, take the learning and apply it to something new.”

The point is not that Wave was rubbish. Or great. It’s that we never really got to try it out. When Schmidt says that “we tend to sort of release them and then see what happens” he’s telling the truth. Only it’s not really something he should be too proud about.

Quite a few of us worked quite hard to make Wave part of our lives. Not many of us, admittedly, but enough. Enough to be somewhat peeved to find it’s not going to be around much longer.

This isn’t the first time Google has done this. Google Notes Notebook was a way to collect snippets from the web and save them in the browser. Great, but Google killed that one off. They bought and killed off something called Jaiku, a better-than-Twitter service developed by some guys in Sweden Finland (thanks, Gabe,Adewale Oshineye and others). Of course, like Wave, they don’t actually shoot these things dead, they just go to some weird twilight zone where new people can’t sign up and existing users look kinda passé.

Like people who overstay a party that never really took off.

Who’s going to continue using a product that could disappear at any minute?

This, arguably, is fine when you’re not actually paying for the product. Well, not directly. But what happens when you shell out $500 for it?

That’s what happened when fools bought into Google’s foray into the cellphone world with their fancy Nexus One phone. What it called the Superphone, with plans to make lots more. “Imagine a thousand gphones!” said Schmidt

So people went out and bought it and yay! less than a year later Google closes down the online store where you can buy the thing and then, a few weeks after that, said that it’s not making any more phones.

Of course, Mr. Schmidt put a positive spin on it all.

But it’s not good enough.

I was one of those people who bought the phone because I love Google’s email service, its photo service, its online documents service, its RSS reader, its chat program, its maps. Its search engine. Pretty much everything it puts out. And I thought to myself: all this in a phone, made by the same guys, it’ll be heaven!

Only it wasn’t. The phone is good, but not great. I still use it, but my hope was that Google would be serious about all its products and pulling them together into one seamless service.

Never happened. And now, clearly, never will. Yes, Google make the operating system—the Android OS—so they still have a dog in the fight, but clearly they’ve decided that spending more time on the cellphone thing isn’t worth it for them.

Now these are the gripes of someone who feels a bit like a mug. But they’re also the ramblings of someone who feels there’s a fundamental problem with Google’s approach to the post-search world.

They don’t seem to get it. Buzz, their version of Twitter, is awful. It ignores the fundamentals of the service: it’s personal while also being impersonal, it’s chatty while at the same time having to be succinct. It’s not the same as email, and the people we share tweets with are not, necessarily, the people we email. So putting it together with Gmail was dumb.

Google has got to tread carefully. It’s not really had a hit for a while—since Gmail, probably, back in 2004. Yes, its Google Docs are good, but they’re not taking over the world. And the things they thought might take over the world—such as Wave—are poorly thought out, poorly promoted, poorly supported, and killed off with an insouciance that doesn’t only upset those people like me who took time and effort to build them into our workflow. It’ll also upset two other key groups: business users and investors.

No business user is going to start playing around with a Google product thinking it might be good for their company, because who knows when Mr.. Schmidt is going to pull out his hunting knife? And investors? Well, we’ve seen plenty of tech behemoths who were one- or two-hit wonders.

It’s not time up yet for Google. They’ve just launched a sort of phone service that could be a Skype killer, but who’s going to ditch Skype in their office for something that might not be around in a year’s time? They not only need to come up with good new products. They need to find ways to convince their users they’re not just playthings, given and taken back on a whim.

The Proud Legacy of the New Web

My weekly column for the Loose Wire Servce.

A few things I had to do this week brought me to the same conclusion: Companies that don’t get simplicity are struggling.

First off, I have been writing a paper on social media. What we used to call Web 2.0, basically. Now that everything we do is Web 2.0 it’s kind of silly to call it that. And nerdy. But next time you use Facebook, or Twitter, or any web service that uses a clean, simple interface—nothing ugly, no bullying error messages—then you can thank Web 2.0.

Every time you are pleasantly surprised when the service you use—for free—adds more cool features and doesn’t try to sting you for it, thank Web 2.0.

Web 2.0 made things simpler, more user-centric. Its principles were share, create, collaborate (against the old world’s hoard, consume, compete.)

If you want to read more on this, download the Cluetrain Manifesto, a book written by a cluster of visionaries. A great read and a sort of call to arms for the Web 2.0 generation.

We know this. Researching the paper reminded me of just how influential Web 2.0 has been. But everything else I’ve done this week has reminded me how few companies still don’t get it.

First off, I had to set up a mailing list. You know, sending out lots of emails to people. It’s fiddly if you want to do it right. Before, you’d download software and painstakingly fiddle with spreadsheets and stuff.

Now you can do it online. But not all online services are alike. I tried one, Constant Contact (which doesn’t, actually. sound that appealing a concept. Sounds like an STD or one those annoying kids who follow you around at school.)

ConstantContact was OK, I suppose. But it was fiddly. No way was this going to be fun. Then I tried something called MailChimp. The look and feel of the site was pure Web 2.0. Big buttons, nice colors, the sort of site that makes you want to get yourself a coffee and browse around.

Sure enough, the whole thing was not only a breeze, but a joy. Not perfect—they like their simian jokes, those guys at MailChimp–but so different it brought home how Web 2.0 isn’t a set of tools but a mindset. “How can we make this easier, and fun? And cheaper?”

That was the first experience. Then I had to set up an email account on Microsoft’s online corporate web service, called Outlook Web Access (known as OWA.) The acronym should have given that away. OWA, as “Oh er” or “whoa”. After five years of Gmail using this was like going back to typewriters. And not in a good way.

Clunky, ugly, lots of annoying “Are you sure you want to do this?” type messages.

It was hell. A real reminder of what email was before Google got hold of it. (And, sorry, Yahoo!, but you’re still stuck in the slow lane. I tried your web mail offering again but it wouldn’t let me send half the emails I wanted, instead accusing me of spamming. Sending six emails makes me a spammer? That makes you my ex web mail provider.)

It’s not that Gmail is wonderful. But it’s simple. And it adds features before you’ve had time to think them up yourself. It strives to get out of your way and let you get on with stuff. Very Web 2.0-ey.

Then I had to buy a video camera. It was then I realized that Web 2.0 wasn’t just about software.

I got one of those Flip video cameras three years ago. I loved it. Barely three buttons on the thing, and perfect. An antidote to complicated video cameras and smart phones that require a PhD to use. Web 2.0 on a stick.

So I went looking for a replacement. Flip has been so popular it’s a) been bought out, and b) has lots of competitors. Even Sony have one. Yes, the guys who brought you the Walkman now offer you something called the bloggie PM5, which is basically what the Sony design people think is a better Flip.

Only it’s not. It’s Sony’s view of the world, and it’s striking how anachronistic it looks.

At first blush it’s smart. The lens swivels so you can see yourself videoing yourself. Which is good. But that’s the only thing good about it.

It’s heavy. The buttons are too many in number and aren’t intuitive—I couldn’t even find the volume adjuster, and nor could the guy in the shop—and it has all the things that reminded me why I’d never buy anything from Sony again. A proprietary USB cable slot—so you can only use a Sony cable with it. Their own memory card, which means you can’t use your other memory cards like the increasingly popular SD one.

(Oh and it only records for 30 minutes at a time. Not that the manual tells you that.)

In other words, Sony talks about the bloggie-ness of their bloggie, where you can share all your stuff on Facebook and YouTube, but still doesn’t get the bigger picture: That the Flip was supposed to make all this stuff simple. Open, fun, collaborative, about the moment rather than the fiddling. And no more closed shop. No more trying to sucker you into buying more of their stuff.

I haven’t talked about Apple in all this because the jury’s out on them. They definitely make things easier to use, but they’re still proudly disdainful of everyone else—including, I suspect, their customers. Their products are a joy to use, but I think the Cluetrain passed their stop.

So Web 2.0 is a state of mind. It’s something we should demand of all our interactions with products, services, companies, officials. Simplicity. Put yourselves in the user’s shoes. Don’t put up road blocks. Make using your product, if not a joy, then at least not a pain.

Sony, Yahoo!, Microsoft, print that last paragraph out and make a banner out of it. I guarantee it’ll work wonders for you.

Into the Light

Part of my job is explaining the world of new/social media to old media veterans. It’s not easy, either because they’re very resistant to change, or because they tend to see the changes  being wrought on their industry as somehow different to the much bigger changes taking place.

It’s not a bunch of separate revolutions—it’s one revolution. For want of a better description, it’s not unlike the transition from the Dark Ages to the High Middle Ages. That’s perhaps overstating it, but compare, if you will, this small vignette.

I was chatting with a friend on Skype just now; he had returned to Canada to be with his ailing dad. I enquired more, and he told me his father had been at the Battle of Ortona, and still suffered from Post Traumatic Stress Disorder.

I know something of PTSD, but I was ignorant of Ortona, so I looked it up while we chatted. There’s a great Wikipedia page on it, so I quickly got a sense of what his father had been through, back in 1943.

Then my friend sent me links—to a book written about it, which I could thumb through on Amazon and search for his name.

image

I was able to quickly learn a bit about the battle, about my friend’s father, and about his wounds, both external and internal. Then my friend sent me another link, this time to a YouTube page that showcased a movie about the battle.

Within a few clicks I was much, much more knowledgeable about what this man had gone through, made more personal by my friend’s messages that dropped through Skype:

All of the officers he trained with were killed. He was the only one left.

He has one pal left who is still alive from those days.

It’s easy to dismiss this all as just bite-sized knowledge, without depth or perspective. But nevertheless what we have at our finger tips is so much more than was possible a few years ago—so much so that it’s no exaggeration to say that the Internet offers wisdom over darkness to those who came before it.

And for the media? Well, it’s not really about news anymore. It’s about wisdom. Information grabbed when needed to assemble an insight. The dividing line now is not between those who have access to information—everyone, more or less, has access—but between those who have the skill and interest to be able to know what they’re looking for and to find it. And then, of course, digest it.

That has huge implications for media because it transforms the market for information. It doesn’t remove it—it transforms it. We haven’t figured out how.

But we have already reached, without really making a big fuss about it, a great point of leveling, where we all can claw our way out of ignorance, topic by topic, surprisingly quickly. Whether we want to is something else entirely.

Image from SDCinematografica.it

Making Networks Do the Work

I don’t get overly excited about plug-ins but I think Xoopit may have shifted us into a new gear.

As part of a course I teach on journalist tools I do a demo of Gmail. I talk about it being the new desktop. But I’m only showing the bare bones of the thing: labels, filters, colors, stars.

For a lot of them, that’s an eye-opener in itself.

But it’s once you start talking about gadgets where you can access your calendar, your documents, your chat, then it really makes sense.

All good, but not really anything different to Outlook. Just lighter and accessible from anywhere.

But the arrival of an updated version of the plugin Xoopit, I think, really pitches webmail, well Gmail, into a new zone.

It has some basic stuff which is kinda useful. At the top is a row of picture attachments from recent emails:

image

Not that useful for me, but useful.

There are also links to videos and files: click on one and it takes you to a full listing of attachments, listable by type, date received, etc. You can even search by sender: 

image

But still that’s not what impressed me, and convinced me we’re on the threshold of something brand new.

Read an email thread and Xoopit will pluck out those people involved in the conversation. It will display them on the right hand side of the thread. Not only that; it will try to grab their Facebook profile and image—even if you’re not connected to them on Facebook:

 image

At a stroke I can now see who I’m talking to (in this case avoiding the catastrophe of misidentifying a woman as a man) and also see who we have in common:

image

To me this raises all sorts of possibilities. Suddenly my networks are beginning to talk to each other, to mine each other for data and work to close the gaps in them. I’m suddenly much better informed about the people I’m dealing with, without having to do lots of legwork.

Of course, this would be better if it was also searching LinkedIn (or maybe instead searching LinkedIn, in that I’d rather connect that way to a professional contact first.)

But it’s still the first time I’ve seen leveraging like this done in such a simple and unobtrusive way. It fits into my way of working rather than a lot of these network leveragers I’ve seen, which add to the clutter or try to automate things which should  be manual.

More on that anon.

For now, congratulations Xoopit. I count this as the first step in a bright dawn of social networks and contact lists working for me rather than the other way around.

And I think it’s further proof that Gmail—or Yahoo! Mail, or any of the rich featured webmail offerings—are actually a workplace in themselves, around which can be built all sorts of useful tools mining our other networks.

Facebook Scams: Not Out of the Woods

Facebook may have just won a theoretical warchest from a spammer, but it’s not put its house in order when it comes to scams. Indeed, I suspect they’re getting worse. Now you can get infected without even having to visit your Facebook account.

What happens is that, if you have set your profile to receive email updates when someone sends you a message on Facebook, these trojan scams actually make their way direct into your inbox. Facebook is just the vector:

Here’s a message, as it looks in Gmail:

image

Click on that link and it takes you, not to the Facebook message page, but straight to the dodgy website. In this case the website is still active. It will have a name like YuoTube:

image

and a YouTube-like interface:

image

The message in the ‘player’ says “Your version of Flash Player is out of date.” Without you doing anything the download window will appear:

image

Of course, if you install that you’re in trouble. But are you in trouble if you’ve already visited the page? I’m still working on that.