The Philosophy of Nate

Blaming Internet Explorer

The news of the cyber attacks against Google, primarily its GMail service, have been circulating the Internet for some time. Read more here about the original attack: Google’s New Position on China

All that was known about these attacks originally was that they originated from China and were more sophisticated than most other publicized attacks. (Attacks such as those against Google aren’t uncommon, however they are generally unpublished). As more research into the issue was done, it appears that the hacking was made possible due to a security flaw in Microsoft Internet Explorer, a fact that has been confirmed by several security companies including McAfee. The flaw has been confirmed for Internet Explorer versions 6, 7, and 8 and from the sounds of it focus around the user falling for a phishing attack. McAfee:

These attacks will look like they come from a ...

Google's New Position on China

Google has announced that it may shut down Google.cn, its site for Chinese users after some attacks on GMail originating in China. The attacks happened in December 2009 and some intellectual property was stolen from Google; from my understanding there were no user compromises other than a specific few.

As with any other online company, Google experiences hacking attempts fairly often. However, the attack from China was much more targeted, much more sophisticated, and with a significantly different intent. Other sites were attacked as well as Google, mainly those involved with the Internet, finance, technology, media and chemicals. Appropriate authorities were notified and the affected businesses were/are being contacted about the security breach. Google states that GMail accounts that were compromised in the attack were specific to human rights activists in China; only two accounts were accessed and the only information stolen was the date of account creation and email su...

File Storage from Google

As many of us know, Google has provided a variety of online services for some time; starting with the well-known search engine, and now GMail, Google Docs, Google Groups, Google Sites, Google Voice, and all manner of other things.

However, where Google has lagged behind many other services is its lack of dedicated file storage. Windows Live has provided online storage for some time now and recently bumped its capacity to 25 gig. Various other sites dedicated to file storage have cropped up as well, such as the well-known Box.net and Dropbox.com to name just a few. In the meantime, Google has introduced other services for storing and sharing photos (2 gig), and steadily increased the space allotment for GMail which currently hovers close to 7 gig.

As of a recent announcement from Google, this is about to change as Google finally plans to provide a unified system for file storage, rather than its currently segregated systems for email, documents, and photos. Accordi...

Simplicity Vs. Security

Statement 1: It takes longer to type and remember complex passwords with characters such as @,#,$,%, etc.

Statement 2: The general recommendation for passwords states that they should have complex characters.

From my experience, this leads to a compromise for some users- ease of use rather than security. I am online on mobile devices a significant amount of time myself, and my Facebook especially reflects the fact in my status updates; “Via Facebook Mobile”

The issue is that ease of use seems to often take a higher priority than security for many people. As mobile devices with admittedly crappy keyboards become increasingly prevalent, crappy passwords follow. That’s not to say that all mobile devices are difficult to type on since more and more sport full QWERTY keyboards in some form or another. Remembering and typing also plays a role- obviously it’s much easier to remember a simple (and easily hackable) password such as...

Interesting Tidbits of 2009

2009 has come and gone and being the day before New Years Eve it seems like an appropriate time to look back at some of the more interesting posts of the year (if my tracking is any indication of interestingness).The most popular by far were the ones regarding personal and online information:

Do You Know Where you Are?

• A post about the extent of sites that personal information can spread to across the Internet.

Where on Earth is Your Data?

• Where in the world (literally!) your personal information could reside.

Next up, the most searched for:

• The Pros and Cons of Social Networking

Next in line were the reviews of...

Microsoft Loses Patent Ruling

A Canadian software company based in Toronto sued Microsoft in 2007 due to a patented XML editing tool included in Microsoft Word 2007.

After a legal battle between Microsoft and i4i Incorporated, a federal appeals court ruled against Microsoft, ordering the company to pay $290 million for patent violation and requires them to stop selling Microsoft Word as of January 11, 2010. Copies of MS Word sold before January 11 are not affected by the injunction and the 2010 version has been released for testing and will be finalized in 2010 so there shouldn’t be any issues for users of MS Word. Word 2010 will not contain the code in question and Microsoft is already working to remove the code.

i4i Inc. sued Microsoft claiming to own the technology behind the XML editing tool. A Texas jury ruled that Microsoft had willfully infringed the patent on the software technology and the US Court of Appeals upheld the ruling. Microsoft states that it may appeal further to the Suprem...

Where on Earth is your data?

As most of us know, the Internet isn’t based in a single country, it’s global. Major web companies such as Yahoo and Google have servers based around the globe. In order to maintain their services and to provide a fair amount of reliability, they store information across multiple servers.

Any online information, once publicized to any degree is out of the control of its owner- contact information can be managed by any number of sites, for example. With regards to physical location, many users of online services don’t have a perception of what happens to the information they upload. The Cloud seems magical to end users but there are real, physical locations and hardware that keep it running.

Most services keep information stored geographically as close to users as possible- Google’s GMail went down a while back due to an issue with that and Yahoo once offered to move my data to Australia (Opera Mobile uses a proxy service most likely based there). I personally stor...

Facebook's New Privacy Controls

Facebook has rolled out a new set of privacy controls to its users as an attempt to simplify the controls so that more people can more effectively protect their information.

The change has created a significant amount of negative hype across the Internet as users complain that the new controls are less effective and actually encourage users to publicize more of their profile. These complaints are due to confusion from the controls Facebook provides to migrate user settings to the new controls. Facebook is not clear in explaining that the transition tool is NOT the actual privacy panel- it allows users to select Facebook’s recommendations for settings or to keep their old settings.

The new privacy panel is as powerful as the old one, though it is laid out more simply. It can be accessed the same way as the old panel; by hovering over the “Settings” menu on the blue bar at the top of the page and clicking on “Privacy”. All of the settings from the old panel can stil...

Facebook Privacy Update

Facebook will be making some changes to the way its users control who can see their information within the next few weeks, which include changes to the privacy pages and networks.

…as Facebook has grown, some of these regional networks now have millions of members and we’ve concluded that this is no longer the best way for you to control your privacy.

The first plans for Facebook’s new privacy system is to remove regional networks.  As Facebook founder Mark Zuckerberg notes, networks worked well for privacy before the site had millions of users; in the beginning the user base was mainly students, so each school had its own network.  From then, networks have expanded to engulf entire regions in some cases.  The vastness of these networks makes them unusable from the standpoint of using networks to control privacy.

In addition to the removal of regional networks, a new set of privacy controls will be introduced which, ac...

Reviews of Select OpenID: In Summary

Of the OpenID providers I reviewed (see the posts in their full glory:  Chi.mp, Verisign Personal Identity Portal [and an Update], Your Internet ID (YIID), MyOpenID), here’s my opinion on them (one being best, four being the worst)

Trustworthiness:

1. Verisign Personal Identity Portal
2. MyOpenID
3. Chi.mp
4. YIID