I get emails from people who have had their online email accounts hacked, and spam email is issued. Normally, I just send them an email and hear nothing of it. But today I got a message (via another mechanism) that they were going to trash their email account.
The rest of this post is my message back to them. On reflection, I should have considered that their password was leaked internally from their email provider (one of the “big few” – i.e. google, hotmail or yahoo). And that this could happen from a rogue employee ($0.10 per email, here’s a text file) or from hackers getting illegitimate access.
But here goes:
I don’t think you need to discard the email account, but there are a couple of things to consider
How did you get hacked? Was it malware on your PC (you can pick up malware infections just from things like Adobe Flash-based adverts if there’s a security problem in the flash plugin, for example) or was it someone picking up a session cookie if you were using unencrypted WiFi (coffee shop/hotel) (read this post on cookie hijacking to see how it works). Or did you use someone else’s computer (colleague, internet cafe?) These are the three main categories (I’m discounting you turning into a spammer.)
No matter how it happened, visit https://browsercheck.qualys.com/ on a weekly basis – or more frequently – to check your browser(s) and plugins are up to date – you need to do this for each browser that you use, on each computer that you use.
So, how do you tell which one happened to you? I’d get some anti-virus and scan your PCs and see if they detect anything. If you’re technical enough, then the SysInternals “autoruns” tool tells you *everything* that starts when you start your PC and log in. You can google the various process names shown in Task Manager and ensure they are benign too.
So, if you have malware, the only totally secure thing to do is to wipe and reinstall your OS and applications – although you might want to trust antivirus to detect and repair, it’s not guaranteed. And if you can, try more than one anti-virus product (free versions available for several) but you might have to install one, scan your PC, uninstall it and then install another – they might not co-exist nicely.
If you’re PC is clean, but you use public Wifi, chances are that you have been victim of a cookie hijack. The solution is to either always use HTTPS (which is encrypted so no-one can “sniff” your cookie.) (Most sites now offer it, and I expect your email provider is one of them; google is now offering HTTPS for searches, let alone email/calendar/etc.), OR, if you have one available, *always* use a VPN (Virtual private network), which encrypts everything (including normal unencrypted http traffic, although your VPN provider can “sniff” stuff). Maybe your employer has a VPN, otherwise you can buy the service, I believe. And, best of all, if it was a cookie hijack, you can just log on and change your password, the hijacked cookie will be invalid afterwards. Maybe ask where you were accessing the net in the days immediately before the spam started – can you correlate a location with the date/time.
And if you think you’re the victim of a keylogger, it should appear as malware. Let me tell you that one thing I do when I’m using someone else’s computer is to *not* enter my password in one go. I use the *mouse* to move the cursor between keypresses, and build up my password. So if my password was 12345678, I might start by entering “56” then click (don’t use the keyboard, keystrokes might be logged, including the cursor keys) at the beginning and add “23”, then at click the end and add 8, then between the 3rd and 4th character and add the 4. It takes a bit of mental juggling, and I rarely use a PC I don’t trust.
So, depending on how you were hacked, is anything else at stake? If it’s malware, chances are that a keylogger has been installed, and so every keypress might have been recorded and then might have been transmitted. If you use the same password for many things, e.g. online email, work email, online banking, then you are at greater risk than if you use a different one for each service – even if the usernames are different, your identity might be linked to an account via publically available search info.I use a three-tier system – one password for sites I really don’t care if someone impersonates me on, a second for a few other things (access to my server, and email, and so on), and a third tier, where I use a different password for each system – things like online banking, the UK Government Gateway, etc.
So, the bottom line is that
1: Stopping using the account might not be enough
2: Stopping using the account might not be neccesary
And that’s what I sent. Did I miss anything apart from the password-leak-from-provider?
Update: I added
3: change all your important passwords anyway. Consider a 2/3-tier system.
1: Deep Purple – Made in Japan. I would normally choose the more difficult to find “In Concert” recorded by the BBC around the same time as this, I love Deep Purple because they are all awesome musicians, and live they exhibit this in excess. My representative track would be “Lazy”, showcasing Blackmore and Lord’s skills on guitar and organ respectively. Unlike many bands(E.g. AC/DC) the guitar parts are NOT simple riffs repeated each verse; there is true creativity in the guitar and organ parts. Kudos to my ami Bish who inadvertently hummed the intro to this song the other day.
2: Pink Flyod – The – Wall. This was such an important album for me as I was growing up. The guitar parts are relatively easy to learn and I spent a lot of time on top of the bing near my home playing these songs on my twelve-string acoustic guitar. My representative track has to be “Comfortably Numb” due ti the awesome solo.
3: Def Leppard – Hysteria. The most interesting thing about his album is that I hated it, initially. I seemed to have my own value system for music, and this was way down the “authentic” scale. Of course, I’ve grown out of that phase and fallen in love with this album. It was the first album after drummer Rick Allen lost an arm in a car accident. Representative track : Love Bites (and it did 🙂 )
3: Joe Satriani – The Extremist. This is an instrumental album, the guy plays guitar mainly. I like this because each song is very different, and (this is important) they all sound like their titles. So “War” is full-on and messy. “Motorcycle Driver” ups the pulse by invoking high-speed emotions, etc. Representative track: “Rubina’s Blue Sky Happiness” is a beautiful song that will make me feel good when I hear it.
4: Runrig – Once in a Lifetime. This band is Scotland embodified. Their lyrics touch on the life of crofters on western Isles, but they are more deeply rooted in the Scottish psyche. Embarassingly, I don’t currently own this album, as it’s difficult to get hold of, but it is a fantastic listen. There’s a related video, which was broadcast on STV, but, if the tape still exists at my dad’s house, it’s on Betamax, not VHS. Representative track – Loch Lomond (Why not jazz up an oldie?)
5: Jools Holland – Solo Piano. It’s just what it says, Jools Holland playing piano alone. And the dude can play. His instrumentalship (I’m pretty sure that’s a new word) is awesome, the guy can play piano like no other. . I see this CD is collectible and is going for £60 a shot – If you break in and raid the loft, and leave it in a better state than it is, then I might be prepared to part with it. Representative track: Bumble Boogie
6: Rush: Power Windows. Rush were the defining music as I grew up. They are a mega-band, but have their stuff together as they don’t tour all the time. I love their albums 2112 and A Farewell to Kings, but they are a little old-fashioned no. I chose this one as it was one of the first CDs I bought, in HK at the time. The lyrics are beautiful in nearly every song, drummer Neil Peart is a true poet. If I can break the rules, my favourite track is “Losing It” from the “Signals” album, an album that I don’t really like, but that song is really poingant.
7: David Crowder Band – Illuminate. These guys kind of personify modern worship music. They are all awesome, multi-skilled musos, and the songs they play are trully worshipful. They have released several albums since this one, and even announced their retirement, but this album is more “easy listening” than the subsequent ones. The later albums have totally awesome songs, better than any on this album, but as a whole, this album is a nice place to revert to when you need to know what’s coming,. Representative track : Here is Our King, or, on other albums I like the “metal” tracks like “You are my Joy” from “A collision” or “God Almighty None Compares” from “Church Music.” Google them – they rock!!!.
8: Well, let’s be open-minded abut this. Let’s revisit in a year or two, eh?
the BBC has been broadcasting Desert Island Discs for decades. It’s an interview programme, where the the interviewee nominates his or her favoutite songs as one of the eight they would have available if they were marooned on a lonely isle.
I have just listened to the Olympic gold-medal winner Michael Johnson on this weeks programme. And, for a change, I could resonate with many of his choices – many people on the show are older than I am, and their taste in music (which I am suspicious of; I think many are being facetious) is out of my regular repotoire. But Mr Johnson was much more up-to-date than the actors, dancers, etc. that are normally interviewed.
So, what are my top eight tracks? The problem is that the show dates from 1942, when a disc was really a platter of vinyl, and so the playing time was limited. Although we are moving through the long-playing “LP” to a much more “track” oriented time, where people will buy individual songs, I think that the album (LP, CD) is a much better unit of recommendation than the “song” of the programme.
So, what are my top eight albums?
My next post will describe them….
Initially, I didn’t get twitter. Initially, I thought that it was phone-based, and consisted mainly of people posting messages like “I’m at club Wambo.” And I didn’t need to know that. I didn’t want to know it. And I didn’t want text messages being sent at any hour just because some Stephen Fry is on his way to the BAFTAs or something like that.
However, twitter is useful on the PC. But you need strategies to get the most out of it.
First, the basics. With twitter, you send short messages, called tweets. They are public, and get stored, and are searchable. So, every message you send is a public message (there ARE direct messages, which are not publicly viewable, being a bit like an SMS between only two people) You can subsequently delete all tweets from the database, but as they might have been seen before you got around to tweeting them, you should consider them private.
If every tweet went to every user, it would be chaos. So you choose whose messages you see by “following” them. Then, when they tweet, all followers get a copy of a tweet. Simple.
You can “mention” someone by using their twitter username – one of mine is @dumbledood so if you wanted to message me, just include @dumbledood in the message. And as I’m mentioned, twitter sends me a copy, even if you don’t follow me. (And I get an email too, but I think that’s my choice, and can be turned off.)
A hashtag is a word, abbreviation, or acronym preceded by the hash character (#). (Some Americans have been known to call this the pound symbol, and others the square. Fortunately the word hashtag has made it into popular use, so hopefully the symbol will be universally known as ‘hash’ soon. ) When you use a hashtag, you’re marking your tweet as related to that tag, whether it be a #winwinsituation or a #badafternoon. As you will find out later on, these hashtags can be used with searches. And you can make up your own, in the hope that they go into use, or just to sum up a concept in fewer words than it would take in English (or Flemish, or Tagalog). Hashtags can’t contain spaces, so they are helpful in abbreviating messages to the 140 characters that twitter allows.
If you see a particularly excellent tweet, then you can “retweet” it. Then, all your followers (in my case, a mere 44) will get this excellent tweet sent to them.
Prolific tweeters are not always good people to follow. I only want to cope with maybe 50 messages a day, in total – I’ll check with my morning cuppa, again when I get home from work, and maybe during the evening. I don’t want to follow someone who posts his every move – as I’m unlikely to be interested in their moves, I barely care about my own these days. So, before I follow someone, I check out their posting rate – if they’ve posted 40 times in the last hour, I’m not going to follow them. Also, I review my daily tweet-feast, and so sometimes I unfollow people who post too much. That gives us strategy one – limit your input.
But some people post interesting posts, and I still want to get these gems of wisdom, but I don’t want to see their conversations with other people (@otherperson messages). So, I use a program called Tweetdeck which automatically filters mentions to other people out. So, if Stephen Fry is discussing ducks with @dennis, and sexuality with @steve, then I am spared the details, but I get his latest witty post on London Taxis, which mentions no-one. So strategy two – use an app that filters the noise out.
So, I’m fairly happy with my twitter life. I follow friends, and some other people who make good posts, or tweet about things I agree with. Oh, all my followers and who I follow is public knowledge, you can view their profile, those following, and those that they follow via Twitter. This may be a configuration option, but whenever I gain a new follower, I get an email from twitter telling me about them (and how many they follow, how many follow them, and how many tweets they’ve made).
The next step is searches. With Tweetdeck, I can search for things that are posted publicly, not just within my following/followers group. And so, I can search for posts on my favourite football team, posts that mention my village, my favourite food, whatever. I don’t have to follow these people, and they won’t know I’ve seen their message. But I can use them to see what’s going on in my village, and if (for example) if I had a commute along the M4, I might search for “M4” from about four o’clock, to get an idea of how the traffic is.
With Tweetdeck, each search goes in a separate column. You can have a column for posts by your friends, mentions, direct messages, and lots of searches, plus other stuff that I don’t use. So, I have at least 5 columns – my feed from friends; mentions – in case I miss them in my feed, because that would be rude; direct messages – although I think I’ll lose that one; a search for my village, and for the town near it.
This means that I can keep my main feed clean, only the people I’m really interested in, and still be kept up-to-date on what’s happening when people mention my village or town. You can search for any word or words, including hashtags, and, in Tweetdeck, I can filter OUT posts that match my search, so I don’t get news about children with snakes on “Britain’s got talent” when I search for my village name. (And those posts are still going on, even months later!) This gives us strategy three – exploit the power of searches.
Now, how often do I tweet? I probably post my own tweets less than five times a day, on average, unless I am replying to an @mention, but I do retweet anything that I think might interest my followers. This is because I don’t want to be the victim of strategy one, of course!
And the last thing I want to talk about is multiple identities. Here’s how I use it: I *love* Formula One, and there are lots of F1 tweeters – teams, journalists, wry observers, and, of course, just fans like me. And there are a lot of tweets. With strategy one in place (limit your input) I can’t follow them all, but, on the race weekend, if I have the time, I like to absorb these tweets when the races are broadcast. So, I don’t follow them with my main account, I use another one, specifically for following F1. (I have another one for gurning but it’s not as prominent in tweet-land.
Tweetdeck lets me manage multiple accounts really easily, so on race days, I can simply add a column that shows updates from all the F1 people that I follow (and another for mentions, as I’d hate to miss them). Tweetdeck allows me to keep my two feeds – the real me, the gurner, and the F1 nut – entirely seperate, and when I tweet, I can tweet from any of my accounts
I can also open a search for the #F1 and #BBCF1 hashtags, but, to be honest, they move far too quickly to be of any use – I reckon there might be 50 messages a second when Martin Bundle does a grid walk before a race. And, interestingly, I have even used strategy one on this account, as I had followed a lot of F1 team accounts that only posted marketing-speak spamvertisments or boring updates that were obvious from the TV coverage . So, now I’m down to some people who really interest me on that, too.
And, on this account, I post like crazy. I don’t care that people might use strategy 1 on me – I’m like a child using a hose (I literally mean a hose; this is not a strange sexual reference) in his his swimming trunks for the first time. It’s fun, and I don’t care that other people are watching, how could having this much fun be embarrassing? I use the #F1 and #BBCF1 hashtags judiciously, and I have had occasional retweets and replies from strangers, so even if I am just posting rubbish, it’s rubbish that people want, when they see it. And, I’ve come up with some fantastic ideas, all publically available on my feed. If I was into rallying, cycling, whatever, I might create accounts *just* for following a specific group of tweeters at specific times. Which gives us strategy four – exploit multiple accounts.
So, without apps like tweetdeck, the newcomer on the field, Google+ is not going to change the world. I think that their lack of openness and desire to control will be their downfall, Google will stifle apps like this unless they are developed in-house.
I should tell you that I edited that sentence, initially I started “I fear …,” and changed it to a less hackneyed phrase, but as I changed it, I realised that actually I fear that they have no downfall. They are seriously bigger, badder, and know more about you than anyone else. Everyone uses Google, their cookies are everywhere, every time a web site serves up an ad from Google, they know about it (sportswear – remember that!). We must support the underdog, and avoid everyone jumping on the best of breed at the time. Diversification is not just useful, it’s essential, how many years have we taken to throw off the DS-DOS mentality? If you want to do a good deed today, go and look for a small guy and plump him up. Please do not interpret that last sentence literally!