James Fallows on what it's like to have your webmail hacked
November 5, 2011 5:45 PM   Subscribe

jesus, this would be a nightmare for me.
posted by jcm at 5:47 PM on November 5, 2011

I don’t understand how anyone trusts any cloud based service with their data, but everyone has different needs. I know people who just start all over every time they buy a computer. I’ve had people ask me "Can you just copy my itunes music over to my new computer? If not it’s no big deal. I don’t need anything else".
posted by bongo_x at 5:52 PM on November 5, 2011 [4 favorites]

Well bongo_x, if you trust cloud-based services with your data, you don't need to pay your nephew $50 to copy those files onto your new computer.
posted by floam at 6:01 PM on November 5, 2011 [1 favorite]

i dont have a phone sorry :(
posted by This, of course, alludes to you at 6:01 PM on November 5, 2011 [1 favorite]

Sooner or later, a better, easier, more reliable system of verifying identity will become widespread. It could be “biometric”

What I feel would be more appropriate, is one or two people in Nigeria working for the US on contract. Just my opinion.
posted by nervousfritz at 6:02 PM on November 5, 2011 [2 favorites]

Wait, relatives will pay for computer service?

But yeah, don't trust the cloud. Put it on your own machine. Behind your own firewall. And back it up to your own device. That you carry around. Thumb drives are cheap.
posted by DU at 6:04 PM on November 5, 2011

That two-step verification is a bitch. I think reasonable security precautions and a nice long passphrase should be really be enough.
posted by floam at 6:05 PM on November 5, 2011

bongo_x: I don’t understand how anyone trusts any cloud based service with their data, but everyone has different needs.

I know MeFi users aren't exactly representative of the population at large (ha!), but hosting your own email accounts is still pretty rare, and the people that do almost certainly don't have multiple redundant backups, 99.9% uptime, half a dozen access methods and so on. I mean, sure, have your own backups in the event of data loss, but being able to access your stuff from anywhere is a pretty fantastic upside.
posted by jaffacakerhubarb at 6:06 PM on November 5, 2011 [10 favorites]

I wondered how far down the article I'd have to scroll before I got to the part where Fallows uses his influence to get his wife's email restored via some sort of special dispensation unavailable to mortals.

About halfway, for the record.
posted by killdevil at 6:07 PM on November 5, 2011 [32 favorites]

...being able to access your stuff from anywhere is a pretty fantastic upside.

ssh + text-based email

Program or be programmed.
posted by DU at 6:09 PM on November 5, 2011 [10 favorites]

Meh. Fearfilter. Use IMAP, keep a local copy and a backup.

You're fine, barring the very low probability of someone hacking your account and causing your backups to fail.
posted by Blazecock Pileon at 6:11 PM on November 5, 2011 [15 favorites]

Things like this exactly why I don't use gmail for anything important. It's a free service and they're under not obligation to get two figs about your email.

And what the hell does he mean by "in the cloud". IMAP has been around years?
posted by Brandon Blatcher at 6:11 PM on November 5, 2011 [2 favorites]

That two-step verification is a bitch. I think reasonable security precautions and a nice long passphrase should be really be enough.

Two-factor authentication should be required. It's insane that I can enable this for an e-mail provider when my bank has yet to even consider it.

I'm curious what you find inconvenient about Google's two-factor authentication. You can enter the code once every 30 days on registered computers. I don't opt for this, and I still don't find it inconvenient in the slightest.
posted by odinsdream at 6:12 PM on November 5, 2011 [6 favorites]

This is why it's terrible to trust data to other people's servers. Thankfully unlike pretty much everyone else's cloud data, google actually does allow you to download all your data from google's servers. They have google takeout for some of their stuff and instructions for the rest of their service on dataliberation.org.

here are their instructions for Gmail, for example. You have to use pop or IMAP but once you get that figured out you should be able to download everything to Mozilla Thunderbird or any other mail client.

But beyond that I really don't like the new 'cloud architecture' where most services are provided by a single company with a single data center (or perhaps multiple data centers, but all under the control of one group)

If something happens to facebook, or or twitter or flickr or whatever... you're screwed.

The way the internet used to work, everyone used a small server, and those servers all talked together. Centralization makes sense, but it has it's downsides.

I have a small Linux server I setup years ago for personal projects. It costs maybe $19 a month? I honestly don't even remember. But other then developer tools there aren't really that many webapps that let you specify your own server, rather then using one that's centrally controlled. And setting up a Linux server is way to hard for the average person right now.

What I've always wanted to see is a simple web-based system with 'apps' that you can install and activate as easily as buying something from the Android market except through an administration web page rather then the phone. Instead you end up installing from a repository using command line tools if you're lucky, otherwise you're downloading and extracting tarballs for the newest stuff. Configuration is all done through through text files and so on. It's not hard if you have a lot of experience with computers, but it's not what the average user is used too.

Making the software that you can use to take control of your own life inaccessible to the masses has resulted in said masses using proprietary, centralized servers which you now have to join (facebook, twitter, etc) in order to communicate with them.

It could still happen. Diaspora and other open source social networks are out there, but there is a massive lead held by centralized servers that would be difficult to catch up to at this point, and now people are going to be using more and more centralized devices rather then general purpose computers. Stuff like the iPad, Kindle and so on are going to replace the general purpose computer for a lot of people.

---

That said I do use tons of google products. I assume my computers and passwords are secure enough for me not to have to worry about people hacking my account.
posted by delmoi at 6:13 PM on November 5, 2011 [10 favorites]

DU: ssh + text-based email

Text-based email is still somewhere other than on your device, and SSH entry is still an access method, it's just an extremely inefficient one. 'Program or be programmed'? I like to think that the invention of the GUI was an innovation, not a regressive step.
posted by jaffacakerhubarb at 6:15 PM on November 5, 2011 [2 favorites]

Searching Google for "email security tips" yields "about 218,000,000 results (0.27 seconds)".

While nobody deserves this sort of email vandalism, at the same time it appears there was never even the slightest effort to backup her oh-so precious emails. I don't know much about Fallows other than his bio, but as killdevil just noted, he at least has enough influence to get all the way into the inner workings of Google. If he has that much influence, maybe an article about how dumb he was not to have listened to advice that has been all over the net for the past 20 years as opposed to making it sound like he just uncovered the holy grail of data security.

His 7,800 word article could be just as effective with a few lines...

1) Back your stuff up
2) Change your password often
3) Be wary of cloud based computer especially when it is free.
4) Read this page - http://www.google.com/search?hl=en&source=hp&biw=1440&bih=787&q=email+securty+tips

Or maybe he was stuck thinking up something to write about.
posted by lampshade at 6:20 PM on November 5, 2011 [5 favorites]

Text-based email is still somewhere other than on your device...

That depends on where you are sshing to. I download to my home machine, then ssh in to a dyndns thing.

SSH entry is still an access method, it's just an extremely inefficient one...

Typing one password is inefficient? With GNU screen running I don't even have to launch my email reader. Everything is already set up. Even if I'm halfway through editing an email it's still sitting there when I get to, say, work.

I like to think that the invention of the GUI was an innovation, not a regressive step.

Your likes do not dictate reality. Unless you are viewing an actual image, you should probably be using text mode/cli.
posted by DU at 6:21 PM on November 5, 2011 [3 favorites]

ssh + text-based email

There will always be carrier pigeons and one-time pads. I'll use SSL, in the meantime.
posted by Blazecock Pileon at 6:21 PM on November 5, 2011

I'll use SSL, in the meantime.

Good luck with that
posted by DU at 6:26 PM on November 5, 2011

maybe an article about how dumb he was not to have listened to advice that has been all over the net for the past 20 years as opposed to making it sound like he just uncovered the holy grail of data security.

HIS accounts were backed. His wife never bothered to back up hers, hence the problem.
posted by Brandon Blatcher at 6:28 PM on November 5, 2011

The exact same kind of attack happened to me- the details are very similar- the same "mugging" email to all my contacts, forwarding all my email, changing the "reply to" to a similar looking email address, etc. The hardest part was responding to all the alarmed phone calls from people who weren't sure whether it was a scam.
In short:
1. All my emails are backed up constantly to my own computer, so I had no concern about losing old emails.
2. Google restored my deleted emails anyway, so their backups worked just fine.
3. Google customer service was great- I had to provide some validating information (addresses of people who I email regularly etc) to get my password reset.
4. Various lists of things to check that I found online were very helpful, and I followed instructions to make sure I had re-set everything, checked all the nefarious forwarding/deleting/etc settings the hackers had put into place.

As with Fallows' wife, the hackers read just far enough into my email to see that I generally use a nickname, not the full name on email account- so the scam/phish emails were signed the equivalent of "cushie" rather than my full name (that I barely use), "cusherelda." This may have made it moderately more convincing but not enough to fool anyone.

In short: Download emails to your own computer, follow online instructions if this happens to you, don't panic!

This was a pain for a few hours of my life- everything was back to normal very quickly.
posted by cushie at 6:28 PM on November 5, 2011 [3 favorites]

You get used to 2-factor auth pretty quickly. I have no choice on my corporate account anyway, so I've been using it even before it was publicly available, and it's just background noise to me now. And it is definitely more secure than just a password, regardless of what kind of password you use.
posted by wildcrdj at 6:35 PM on November 5, 2011

Good luck with that

Part of the risk of having an online life, I guess. It's either that or live off the grid in a copper shipping container somewhere in the desert.
posted by Blazecock Pileon at 6:36 PM on November 5, 2011 [3 favorites]

Or use ssh.
posted by DU at 6:39 PM on November 5, 2011

Not to diminish the loss of emotionally important communications, but it's not like the pre-Internet era was free from fire, flood, burglary or the 50 bajillion other ways important data could be lost forever. While I use the three-legged backup method (primary copy, secondary hard copy, off-site copy), I'm comfortable keeping my vital information in the cloud if for no other reason than losing or having stolen my computer or phone is a lot more likely than my data being destroyed by a hacker.

Another thing that's pretty unusual even in the e-mail era: effectively unlimited space for old messages. You probably don't need 9/10ths of what you're saving. I took this opportunity both to hook up 2-step verification and go through and delete e-mails I didn't need anymore ... that feels liberating.
posted by Apropos of Something at 6:41 PM on November 5, 2011 [1 favorite]

I can't believe I have the same solution to something as DU. That never happens!
posted by flaterik at 6:42 PM on November 5, 2011

Or use ssh

Most of the implementations of SSH on personal computers aren't exactly impervious to attack, either. I'd probably trust SSH on a random computer less than any given SSL session, given how far behind SSH clients and servers can get over time.
posted by Blazecock Pileon at 6:49 PM on November 5, 2011

This is why I don't use random computers.
posted by DU at 6:50 PM on November 5, 2011 [1 favorite]

I'm curious what you find inconvenient about Google's two-factor authentication.

Everything involved other than just typing out my password, particularly the part that assumes I always have my cellphone with me (I don't) or that I have a landline (I don't) or that I have a work phone (I don't). Yeah, you got it. I'm not a big fan of telephones. No, rephrase that. I'm not a big fan of telephone service providers.
posted by philip-random at 6:57 PM on November 5, 2011 [5 favorites]

Maybe this article isn't for us "tech heads" who should just "fuck off", but at least I learned that you can use google's 2-factor authentication with ssh. I'll have to look into this further.
posted by jepler at 6:58 PM on November 5, 2011 [4 favorites]

HIS accounts were backed. His wife never bothered to back up hers, hence the problem.

I noted that two lines above your reference.
posted by lampshade at 7:08 PM on November 5, 2011

Maybe this article isn't for us "tech heads" who should just "fuck off", but at least I learned that you can use google's 2-factor authentication with ssh. I'll have to look into this further.

Oooh! Interesting! I'll have to try this out.

I'm not a big fan of telephones. No, rephrase that. I'm not a big fan of telephone service providers.

Fair enough. I'd love it if Google supported something like the YubiKey. I can understand why it's easier for them to tie into an existing smart device that most users are likely to have.

We really need to move beyond passwords, though. Humans are just plain awful at them.
posted by odinsdream at 7:13 PM on November 5, 2011

I'm curious what you find inconvenient about Google's two-factor authentication.

Everything involved other than just typing out my password, particularly the part that assumes I always have my cellphone with me (I don't)

Yeah, well, you and the 1%, grandpa.

For the 99% of gmail customers who do, not having to try and pick an ultra-strong password and being able to rely on getting a text as the second factor is easier.
posted by rodgerd at 7:23 PM on November 5, 2011 [3 favorites]

I've been on POP since my first email account - and I will never use any email as my primary if I can't get POP (or similar download). My data is on my harddrive (and my backup harddrive, and the terabyte drive downstairs...). I was interested in gmail - and now use it - only because they allow POP.

I have always downloaded my email for a simple practical reason: I'm not always connected to the Internet. Whether it was because I was on dialup and wanted to free up the phone line, or using a laptop with no wireless available, I have always had times when I would want to read and write email while offline. The same goes for the rest of my data: I will never store files in the cloud, because I want to access them anytime. And really, who wants to be uploading and downloading big files all the time?

Of course, there is always the loss of online data - I'm not afraid of hackers, but I am afraid of service providers deleting stuff to save room or when my contract is at an end.
posted by jb at 7:30 PM on November 5, 2011

...getting a text as the second factor is easier.

You can also use a dedicated app on your smartphone rather than receiving texts. When Google started with two-factor, it was only via text message. If you're still using the text message system, you'll need to disable two-factor in your account, then re-enable it to be able to use the smartphone application.

I greatly prefer the smartphone app, since it works even if I'm in a spot where I can't receive text messages. As long as the phone has accurate time it works.
posted by odinsdream at 7:32 PM on November 5, 2011

Ah a good reminder to make my yearly "all my gmail" backup.
posted by jessamyn at 7:36 PM on November 5, 2011 [2 favorites]

For reasons too complex to explain here, even some systems, like Gmail’s, that don’t allow intruders to make millions of random guesses at a password can still be vulnerable to brute-force attacks.

I really wish I could know more about this. Does it work by the fact many people use the same username (gmail address) and password combo so if they find a site that will let them bounce millions of guesses off of it, they can use the success to get into gmail?

Yikes. I just googled "gmail brute force" and there's all these video tutorials from people showing little apps that seem to be able to easily get into google (or Hotmail or Yahoo) w/o requiring any real time or effort. All you need is the email address. Some of these videos might be fake -- and the demo'd apps might actually be malware. But if it is half as easy as it looks in the videos, it seems like there's a serious problem. I don't understand how this can happen, shouldn't Gmail lock out the account when it gets hit by a brute force attack?
posted by birdherder at 7:38 PM on November 5, 2011 [1 favorite]

At Google I asked Byrant Gehring, of Gmail’s consumer-operations team, how often attacks occur. “Probably in the low thousands,” he said. “Per month?,” I asked. “No, per day."

Considering Gmail's size, I think the real number is "Per second".
posted by ymgve at 7:41 PM on November 5, 2011

Your likes do not dictate reality. Unless you are viewing an actual image, you should probably be using text mode/cli.
This... doesn't actually have anything to do with anything. You can self-host an IMAP server and set up a VPN if you're really concerned about security; CLI vs. GUI is a red herring.

Unless you're Richard Stallman, and you insist on using raw SSH connections for everything, including hand-downloading HTML documents. Maybe it will catch on, and it'll be like the new digital Amish movement.
posted by verb at 7:47 PM on November 5, 2011 [11 favorites]

Fastmail.fm allows you to use Yubikey. It also allows a number of alternative login methods, including temporary / one-time-use passwords for when you need to access via an untrusted machine. And you can also set it up to send you a temporary password via SMS.

For the particularly paranoid/wary/fastidious, you can regularly view a log of locations (IP addresses) from which attempts to login were made.

Fastmail is awesome. Pop, IMAP, webmail ; file storage, accessible via HTTPS or DAV; boatloads of aliases; sooooo much more.
posted by armoir from antproof case at 7:50 PM on November 5, 2011 [1 favorite]

Considering Gmail's size, I think the real number is "Per second".

I was reading something yesterday that estimated that something like 500,000 facebook accounts get hacked per day. Ah, here it is, make that 600,000.
posted by markr at 7:52 PM on November 5, 2011

They have google takeout for some of their stuff and instructions for the rest of their service on dataliberation.org.

And now a word from the leader of the Data Liberation Front.

http://www.youtube.com/watch?v=QP4NI5o-WUw
posted by jeanmari at 7:53 PM on November 5, 2011 [1 favorite]

I'm sure these ideas are a little naive, but why doesn't this happen, given the level of criminality? 1) No Internet for Nigeria - fuck you guys, your privileges are cancelled if you can't play nice. 2) No Western Union to Nigeria, too much of it is illegal. Maybe a whitelist that allows proven honest traffic in both cases.
posted by Meatbomb at 8:06 PM on November 5, 2011 [1 favorite]

Surely the amount of honest business coming from there is negligible in both cases?
posted by Meatbomb at 8:07 PM on November 5, 2011 [1 favorite]

Regarding re-using passwords: AFAIK it's not possible, Google are saving hashes of your old passwords. It is however possible to reuse the password with any modification.
posted by ysangkok at 8:08 PM on November 5, 2011

Interesting. I got stalled at the first step in the set-up: Japan isn't on the drop-down list for where you enter your phone number.

Oh well. Long passphrase for me, I suppose.
posted by MShades at 8:11 PM on November 5, 2011

meatbomb, 160 million people live in nigeria. they're not all internet scammers.
posted by modernnomad at 8:31 PM on November 5, 2011 [18 favorites]

One nice little addon is that lastpass have just added google authenticator support - i.e. the android/iOS/blackberry/WindowsPhone/symbian/WebOS mobile app that google use for gmail two factor authentication, as an alternative to the various other two-factor methods they do.

You can specify trusted computers that don't require it, but anyone who somehow gets your password (say, a keylogger or trojan), they still won't be able to get in without access to your phone.

So now I'll have two-factor auth for my bank, my password store, and my email*. Which is pretty damn secure.

(*Note, google 2-factor auth doesn't work with IMAP logins, android google account sync etc, so you generate device/application specific passwords that you use instead of your normal password, and these can be revoked)
posted by ArkhanJG at 8:31 PM on November 5, 2011 [1 favorite]

I'm curious what you find inconvenient about Google's two-factor authentication. You can enter the code once every 30 days on registered computers. I don't opt for this, and I still don't find it inconvenient in the slightest.

Anytime you use client software that connects through an interface like IMAP that doesn't support two-factor authentication, you need to spend 5 minutes generating a password for just that piece of protocol using a kind of legacy interface. It's a minor pain in the ass. If the authenticator app is having problems, I'm having problems. I don't really see how I'm likely to get hacked with mutliple-word passphrases that change often-enough that aren't shared among multiple services. I turned the two-factor verification off the first time my phone was dead and I couldn't access something important. Indeed there are the backup tokens I probably should have had in my wallet, but I just don't see the point for careful people.

Being logged in for 30 days on the web interface via cookies is a security problem if someone has hacked your computer. I don't have that potential problem at all right now.
posted by floam at 8:32 PM on November 5, 2011 [1 favorite]

Also, it doesn't work with 1password, or didn't.
posted by floam at 8:33 PM on November 5, 2011

As an aside; your email account is really worth protecting. How many other sites - such as shopping sites - can you reset your password from with your email account? I'm guessing it's virtually all of them. Your email account is your defacto ID online for virtually everything nowadays, apart from banking. It's worth a bit of extra effort to keep it secure.
posted by ArkhanJG at 8:43 PM on November 5, 2011 [6 favorites]

something like 500,000 facebook accounts get hacked per day. Ah, here it is, make that 600,000

which is exactly why I'm about to roll KeePass out to every workstation at the school I sysadmin, and make a concerted effort to get students taught to use it.

Personal password safes with inbuilt high-entropy password generators make logon security pretty much a solved problem. They're easy, convenient and effective, and it's about time using them became as normal as using web browsers.
posted by flabdablet at 8:50 PM on November 5, 2011 [4 favorites]

The people this article is meant for are not (for the most part) the people who are commenting in this thread. Most people do not use SSH, or even know what it is. Most people will not run their own mail servers, for god's sake. Most people are extremely unlikely (unless told why it is important, like with this sort of article, and given an essentially magic painless way to do so) to back up their email. And most critically, while most people do understand that their personal email account is more important to their well-being than most of their account and at least try to pick harder, unique passwords ... most people fail to actually do so.

This article is for them. It is well-written, gives some nice background into what is actually going on rather than the usual hand-wavey "bad guys can do bad things with hacking" crap you get in most media, and it's just scary enough to motivate folks to take the few key security precautions it spells out, which are totally reasonable, not too onerous, and have a way better protection-to-annoyance ratio than most security advice.

ArkhanJG: EXACTLY. And to everybody who's all "I have a multiword passphrase I recycle monthly", I say a. good for you! you're not normal. and b. i hope you vet your security questions, b/c that shit's often wide open. (Though to be fair, G does a better job than many of picking hard-to-research security questions).
posted by feckless at 8:57 PM on November 5, 2011 [9 favorites]

Thumb drives are cheap
The last time I used a thumb drive was to cut some zipties off of a bridle for a horse... They really work good for that.

But yeah idiots use the cloud blank Reg had it right.
posted by mrgroweler at 9:08 PM on November 5, 2011

Nthing using Google Takeout to back up all the stuff hidden in your Google account, especially if you have an Android phone linked to your account.
posted by benzenedream at 9:12 PM on November 5, 2011 [4 favorites]

to be fair, G does a better job than many of picking hard-to-research security questions

And they let you write your own. Mine is "What is your password recovery password?"
posted by flabdablet at 9:16 PM on November 5, 2011 [8 favorites]

Personal password safes with inbuilt high-entropy password generators make logon security pretty much a solved problem.

flabdablet (or anyone who uses KeePass), I was wondering about using KeePass myself. I have to keep a keepass archive file somewhere on my computer, right? So does this mean that without that file, I wouldn't be able to log in to sites?

I could store the file on Dropbox, I guess, but I'm still worried that at some point I might be out of the office and need to login to a site (e.g. Flickr, evernote) and not be able to login. Is this a problem for users normally?
posted by theyexpectresults at 9:58 PM on November 5, 2011

flabdablet (or anyone who uses KeePass), I was wondering about using KeePass myself. I have to keep a keepass archive file somewhere on my computer, right? So does this mean that without that file, I wouldn't be able to log in to sites?

I could store the file on Dropbox, I guess, but I'm still worried that at some point I might be out of the office and need to login to a site (e.g. Flickr, evernote) and not be able to login. Is this a problem for users normally?

I am not a KeePass user, but am a 1password user, and the two programs work in basically he same way.

1) yes, they store all your passwords for all your accounts in an encrypted file that you need to store somewhere.

2) Yes, you can keep a copy of that file in dropbox (I do).

3) If you're trying to access your encrypted passwords on dropbox, you will need the KeePass (or in my case, 1Password) software to do so, otherwise you'll just have an encrypted file that you can't read. I handle this problem by keeping one copy of my passwords on my laptop, one in Dropbox, and one on my phone. Both the phone and the laptop sync to Dropbox and so I have access to all my passwords as long as I have either my phone, or my laptop. Interestingly, if I lose these both simultaneously, I am completely screwed, as my Dropbox password is only stored in 1Password.

4) If there are sites that you use regularly when you will be away from your encrypted password cache, you can still remember them manually. You can choose any password you want and store it in your password management app, even if it's one you can remember. Then you can log in to Flickr either with your password manager, or by typing your password as normal. Obviously you won't do his for *every* site (I have passwords for 89 sites stored in 1Password), as it defeats the purpose of the password manager, but you can do it for a couple.

If you store your password file on Dropbox, and memorize your dropbox password, you'll always be able to recover your passwords on any computer by installing KeePass and retrieving the password file from Dropbox, opening it in KeePass, and entering the correct password.

Because I have a copy of my password file accesible in 1Password for my phone, I have never once found myself in a place that I needed to enter a password but was unable to.
posted by tylerkaraszewski at 10:17 PM on November 5, 2011 [1 favorite]

I keep the master copy of my passwords.kdb file on my computer at home, back it up on another, and keep a third copy on my keyring along with portable KeePassX for Linux and portable KeePass for Windows. I'm still using a KeePass version 1.x passwords.kdb, mainly due to inertia; I hear KeePass 2.x should work cross-platform provided the target computers have .Net or Mono installed but I have not yet played with that. Will probably do so the first time I find myself needing a password and only having access to a Mac.

The KeePass downloads page also has links to a bunch of smartphone apps that will work with the same database files.

The encryption password I use for passwords.kdb is itself a 16-character string of random gibberish. That took me a little while to learn, but it's the only passphrase I now need to remember and my fingers type it quite automatically.
posted by flabdablet at 10:42 PM on November 5, 2011 [1 favorite]

My Gmail account was accessed without authorization by someone in Poland (I'm in the US) who tried to send 5 spam emails but got shut down by Google, and the email wasn't sent and the person got locked out of my account. It was actually really impressive. When I tried to log on, I was immediately notified of suspicious activity and forced to change my password immediately.

I'd love to do the 2-step verification, but I only have a cell phone and no other phone that I can use.
posted by autoclavicle at 11:33 PM on November 5, 2011

I don't even understand why this is interesting or newsworthy in the least.

Back up your important data because it can be easily lost.

Duh.
posted by Aquaman at 11:33 PM on November 5, 2011

tylerkaraszewski, flabdablet, thanks for explaining.
posted by theyexpectresults at 11:54 PM on November 5, 2011

All I can think about while reading this thread is Tim and Eric's "All the Food Is Poison" song. That is all.
posted by treepour at 12:13 AM on November 6, 2011

I'm sure these ideas are a little naive, but why doesn't this happen, given the level of criminality? 1) No Internet for Nigeria fuck you guys, your privileges are cancelled if you can't play nice. 2) No Western Union to Nigeria, too much of it is illegal. Maybe a whitelist that allows proven honest traffic in both cases.

In 2009 people sent about 10 billion dollars to Nigeria to family members there. You want to make it illegal for people to send money to their family? Let alone cutting a country half the size of the US and Canada combined, twice as large as Germany, or 1/3rd of the size of European Union off the net because a few idiots got scammed.
posted by delmoi at 12:56 AM on November 6, 2011 [10 favorites]

Gmail it seems, is notoriously easy to hack.

A friend had his business account hacked earlier this year. The fellow who hacked it was none too bright - he just googled "how to hack gmail password."

Then he changed my friend's Google Voice number to his own cell phone number and purchased a number of e-books, including Hacking for Dummies, for some reason entering his own real home address.

Although my friend couldn't get this guy out of his account, he was able to see the hacker's entire search history, including:


10:08pm

Viewed results for how to hack a computer password


9:51pm

Searched for how to hack someones
9:48pm

Viewed results for how to hack someones facebook

8:53pm

Searched for how long does it detox for weed to work


8:36pm

Searched for can you have a discharge when you have multiple sex partners


7:43pm

Searched for phone number "google customer service"

7:34pm

Searched for pus coming out of the penis


11:21am

Searched for what can happen to the penis from having anal sex

Although the best search was this:


4:20pm Searched for louis armstrong moon
4:20pm Searched for louis armstrong lands on the moon
4:20pm Searched for louis armstrong landed on the moon
Viewed 1 result
What year did louis Armstrong land on the moon? - Yahoo! Answers
4:21pm Searched for neil armstrong landed on the moon


Even though we were easily able to find out who this person was, the police didn't do anything, and Google's customer service was painfully slow and immensely unhelpful. Much as he was loathe to do it, he had to change his business account address, thanks to a half-wit stoner VD poster child. If that guy can hack a Gmail account? ANYBODY CAN.
posted by louche mustachio at 12:58 AM on November 6, 2011 [30 favorites]

"...according to Google’s legal department, its higher and more stringent duty is to ensure that messages are erased, if whoever is in charge of an account wants them gone. Political activists in repressive countries, people who for whatever reason (@RepWeiner) want parts of their electronic correspondence to disappear—they are the ones Google, like other e‑mail providers, had in mind in designing a system optimized for deletion rather than recovery. In exceptional cases, mainly in response to government orders in criminal or anti-terrorism investigations, Google could laboriously piece together already deleted records from its tape backups..."

That's some pretty big cognitive dissonance you've got there.
posted by nakedcodemonkey at 1:10 AM on November 6, 2011 [3 favorites]

delmoi - I guess I would want to see, for comparison, how much money is being sent fraudulently.
posted by Meatbomb at 1:28 AM on November 6, 2011

4:20pm Searched for louis armstrong moon
4:20pm Searched for louis armstrong lands on the moon
4:20pm Searched for louis armstrong landed on the moon
Viewed 1 result
What year did louis Armstrong land on the moon? - Yahoo! Answers
4:21pm Searched for neil armstrong landed on the moon

And I think to myself, What a small step for man . . .
And I think to myself, What a giant leap for mankind.
posted by gompa at 1:38 AM on November 6, 2011 [8 favorites]

delmoi - I guess I would want to see, for comparison, how much money is being sent fraudulently.

Because it's not like Bernie Madoff alone would equal the next hundred years of Nigerian email scams.

here are some statistics for the U.S from 2009.

From January 1, 2008 – December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet
...
From the submissions, IC3 referred 72,940 complaints of crime to federal, state, and local law enforcement agencies around the country for further consideration. The vast majority of cases were fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar loss from all referred cases of fraud was $264.6 million with a median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2007.

But which countries were those scams originating from, let's see

Top Ten Countries By Count (Perpetrators)

1. United States 66.1%
2. United Kingdom 10.5%
3. Nigeria 7.5%
4. Canada 3.1%
5. China 1.6%
6. South Africa 0.7%
7. Ghana 0.6%
8. Spain 0.6%
9. Italy 0.5%
10. Romania 0.5%

So I assume you want to cut off Canada's internet access, seeing as they have twice the internet fraud rate per capita as Nigeria, right? Never mind the fact that ten times as many frauds originate in the US, right?
posted by delmoi at 1:50 AM on November 6, 2011 [6 favorites]

No, I don't. Given the tentative nature of my comments I hope it was clear that I wasn't about to be putting legislation into place or anything :) Thanks for the links, it puts it into clearer perspective.
posted by Meatbomb at 1:53 AM on November 6, 2011

I'm curious what you find inconvenient about Google's two-factor authentication.

I honestly don't have a cell phone. I have a land line they could call me on, but then they'd have to actually, you know, talk to me.

"Hi, this is Google. Is that you, pracowity?"
"Yep, hi again, it's me. Got the number?"
"Yep. Make sure no one is listening on another line."
"There's just this one line. I'm sure. Go ahead."
"Your access code is fower tree niner niner. Repeat: fower tree niner niner."
"Roger that, Google. Fower tree niner niner. "
"You have yourself a nice day, Mr Reads-the-Viagra-ads-and-browses-leather-and-whips-sites."

And I don't really want to give Google any phone number. It's hard enough to maintain any ghost of a semblance of anonymity on the net without giving people your actual telephone number. (And of course someone will eventually just hack Google and get all of the phone numbers...)
posted by pracowity at 2:25 AM on November 6, 2011 [2 favorites]

If that guy can hack a Gmail account? ANYBODY CAN

If people insist on using weak passwords with any publicly accessible service, they will likely suffer account compromises. Gmail's only real fault in this area, as far as I can see, is that the password strength evaluator on the signup page is far too eager to classify rubbish passwords as "strong".

Had your friend's Gmail password been 16 characters of machine-generated random gibberish not also used for any other purpose, his account would almost certainly not have been hijacked.

Just use KeePass, people. It really is that simple.
posted by flabdablet at 3:30 AM on November 6, 2011 [1 favorite]

All I can add to this is - two-factor on Gmail supported by the Android token-generating app has worked well for me over the past six months. By worked well, I mean

- not hacked
- tiny amount of extra work, nothing arduous to memorise
- working from a wide variety of locations and devices, including lots of very temporary VMs
- no need to use any of the (sensible, as far as I can see) back-up account access methods

I'm confident that I could put my email and password in this message, and still be safe.

Confident, but not stupid.
posted by Devonian at 4:07 AM on November 6, 2011 [2 favorites]

I've always connected to my Gmail accounts via a local client like Mail.app. Every once in awhile I do have to log into Google for some reason and get hit with the "Please give us your mobile phone number" page. Yeh...I know they say it's just for security. For now.

I'm just not trusting enough of Google to give them the number. I guess I just don't trust the motives of any faceless organization so hell-bent on sucking-up every last scrap of information possible. I would think geek-oriented organization could come-up with a strong security system that doesn't require a person to hand-over yet another piece of personal information. But, I suppose since info-harvesting (for the purposes of reaping advertising dollars) is their overarching purpose, it figures that even security would be designed to serve the goal.
posted by Thorzdad at 4:48 AM on November 6, 2011

Stupid question --
If I download all my emails from gmail to local, how do they get sorted? Do labels get treated as folders? Is there a local email client that does labels? (Sorry if these are stupid questions, but it's been a while...)
posted by inigo2 at 6:01 AM on November 6, 2011 [1 favorite]

inigo2: install Mozilla Thunderbird - it's an offline mail-reader. Set up to download from your gmail - all the settings will be on a how-to-page from gmail.

After you've downloaded, your mail will still be sorted into mailboxes by sender. I don't know if you will automatically get your sent mail; I don't know how to download that (My sent mail from my iPod or web just gets cc'd to me for download)
posted by jb at 6:11 AM on November 6, 2011 [1 favorite]

Ho hum. So this post is about securing your online email? If this is an important issue for you, then realize that you are a two legged bovine. Owned and branded. You may lock down your account and make it safe, but the fox is guarding the hen house.

Google is worth exactly what you pay for it. They are a great company with great products. They've made the internet accessible to anyone who can switch on a computer and run a browser.

The price of this convenience is your online data. To a greater or lesser degree, they own your online life. The unwashed masses gave them this when the browser became the default tool for everything and happily accepted each convenience that came along, ignoring the $0 price tag wasn't the end of the story.

It's a bit late to cry over the loss of personal data, that was given away a long time ago. Search, chrome (does it still phone home every day?), Google analytics, safebrowsing, googleapis ...probably missed a couple

Yes - promises and assurances have been given, and they will NEVER collate all this information that they have. Yeah. Right... Three problems - 1) people work there, 2) who knows what tomorrow brings. 3) Google is one of the fattest target on the internet, if you live there, you're it.

So what's it like to be the product?

Take consolation that sometime in the future, we'll be looking back on this as the good old days:)
posted by w.fugawe at 6:22 AM on November 6, 2011

w.fugawe, it's all well and good to roll out the profound "you're in the product"-esque statements when talking about cloud services, but there's a pretty big difference between google using the content of your emails to serve you ads and having some random person hijack your account in order to try and fleece your friends for money.
posted by modernnomad at 6:29 AM on November 6, 2011

or, "you're the product", rather. edit window please!
posted by modernnomad at 6:29 AM on November 6, 2011

louche mustachio: great story.

An example of hacking instructions: How to Hack Gmail Password or Account.

A more amusing example.
posted by russilwvong at 8:42 AM on November 6, 2011 [1 favorite]

>It's either that or live off the grid in a copper shipping container somewhere in the desert.<

Hmmm…How did you learn my plans? I’m not really kidding, except it’s not copper of course.

I know the ability to access data from everywhere is a big thing for some people, but it doesn’t really mean anything to me. I don’t have a smartphone. I don’t use random computers. So when I’m out and about and I want to access my data I have my laptop with me. If I don’t have my laptop then I don’t really need to access anything (which is most of the time).
posted by bongo_x at 11:04 AM on November 6, 2011

odinsdream: "It's insane that I can enable this for an e-mail provider when my bank has yet to even consider it."

Few people go into commercial banking because they want to build the height of technology. And there's a huge chicken & egg problem: convenient and safe might attract new deposits, but the only banks big enough to really implement this stuff while complying with banking regulations already have huge cash stockpiles. And they've dedicated their IT staff to implementing new ways to fuck depositors, like ordering drafts received overnight by largest first.

On the days I ignore the massive regulatory mess, I imagine setting up a banking system that supports:

* a web interface that doesn't proclaim IE only
* a read only OFX or other API to pull transactions into GNUCash / Mint
* delivers interest rate change notices, or at least an RSS feed.
* free overdraft when pulled from savings. Obviously you can't use that too much in a month and comply with regulation.
* publicly readable disclosures, policies and agreements repository with revision control so I can easily diff what changed
* SSL protected IMAP accounts for those annoying "Secure message from your bank". or maybe GPG encrypted mail. You'd still need the web interface, but it's a start, and you'd at least have a shot at reducing phishing.
* support for some future magic protocol that lets me update my address in one place and have everyone update to that. Probably too security critical to outsource, sadly.
* I guess two factor available, since people seem to want it. I suppose it's better than "security questions" that are easily found on facebook profiles.
posted by pwnguin at 12:18 PM on November 6, 2011 [3 favorites]

I'm just not trusting enough of Google to give them the number. I guess I just don't trust the motives of any faceless organization so hell-bent on sucking-up every last scrap of information possible. I would think geek-oriented organization could come-up with a strong security system that doesn't require a person to hand-over yet another piece of personal information. But, I suppose since info-harvesting (for the purposes of reaping advertising dollars) is their overarching purpose, it figures that even security would be designed to serve the goal.

Look, this is really simple. If you're concerned about Google knowing all about you, step one is to not use their e-mail service.

If you've already decided that you want them to host your e-mail, it behooves you to go ahead and do so in as secure a manner as possible, i.e., with two-factor authentication.
posted by odinsdream at 1:54 PM on November 6, 2011 [1 favorite]

rodgerd:

Everything involved other than just typing out my password, particularly the part that assumes I always have my cellphone with me (I don't)

Yeah, well, you and the 1%, grandpa.

Count me in those 1%. I do software development for a living, and I hate cell phones. I guess that makes me grandma?
posted by brokkr at 3:00 PM on November 6, 2011

Eh, yes. What about two-step verification for those of us who don't have a phone?

I'd even be willing to set up 4 or 5+ security questions and have to put in my (several characters long) password, an answer to one of those random questions, and a code (basically a second password when on a computer) once or twice per month.
A small price to pay for information security, no?
posted by DisreputableDog at 9:01 PM on November 6, 2011

Yeah, the problem with 2-factor is: what happen if my phone stops working, or whatever? Seems kind of risky.
posted by delmoi at 9:19 PM on November 6, 2011

This idea that your mail is somehow safer if you're hosting it yourself seems like bunkum to me. Even if you're like DU and use a mail server that prints out everything to the dot matrix printer that also acts as your console, you're still not going to be doing as a good a job of looking after your mail server as the fleet of paid mail admins that Google have looking after GMail.

Sure, they don't give *your* particular account their total attention, but unless your life is all about looking after your mail server, neither do you.

The trade off for a little less mail security is that you don't have to manage a mail server. And if you think that's a minor job that doesn't take much effort, you're doing it wrong and the chances are incredibly high that downloading all your GMail to IMAP every few months will do a better job of mail security than you're doing now.
posted by fightorflight at 1:05 AM on November 7, 2011 [2 favorites]

Yeah, the problem with 2-factor is: what happen if my phone stops working, or whatever? Seems kind of risky.

When you set up two-factor on Google you're asked to print out a set of one-time codes for this purpose. I believe it generates 10 or so initially, and you can generate more later.

This gives you 10 options for logging in without your phone. Any one of those 10 logins can be used to generate more one-time codes.

The instructions make this very clear. If you ignore them, yes, you're at risk of losing access to your account without your phone. You should definitely not enable two-factor authentication without reading and understanding the instructions.
posted by odinsdream at 5:43 AM on November 7, 2011

I'd even be willing to set up 4 or 5+ security questions and have to put in my (several characters long) password, an answer to one of those random questions, and a code (basically a second password when on a computer) once or twice per month.
A small price to pay for information security, no?

That's "wish it was two-factor" authentication. The aggregate is no more secure than a simple strong password.

Proper two-factor authentication checks that you are who you claim to be by testing for the existence of both (a) something only you know - often a password or passphrase of some sort and (b) something only you physically have - often a mobile phone or dedicated security dongle. What you've proposed is simply a less convenient method for checking for a somewhat spread-out (a).

My personal opinion with regard to my own Gmail account is that for me, two-factor auth is overkill. I'm happy to rely on my long machine-generated random login password and my long machine-generated random security question answer password.

In fact I don't know either of those passwords, so in fact the authenticator Google gets to test for is, in effect, a something-I-have: a KeePass-compatible passwords.kdb file with the Gmail access secrets stored inside. On the other hand, being nothing more than a bunch of bits, my passwords.kdb is not something it can reasonably be assumed that only I could have - a black hat might have made a copy; ultimately, it's the single factor of my knowledge of the passwords.kdb decryption key that authenticates me.

But that key is itself a long machine-generated random password, and since I'm satisfied that the only way to break the encryption involves an infeasible amount of brute force, I'm happy to rely on that single factor.
posted by flabdablet at 5:58 AM on November 7, 2011

fightorflight: "This idea that your mail is somehow safer if you're hosting it yourself seems like bunkum to me. ... you're still not going to be doing as a good a job of looking after your mail server as the fleet of paid mail admins that Google have looking after GMail."

It's actually not too hard to set up a decent security. You set up fail2ban from your distribution. You set up SSL certificates (free from startcom), and put a reminder in your calender to renew them 1 year from now. Your distribution adds in pam_fail_delay to rate limit your attackers.

No idea how you protect yourself against 3 million botnet nodes. Strong passwords obviously help. Or maybe just block all traffic from outside the US destined for your mail/ssh/not-http port. Or perhaps log into your mailbox with a different username and have postfix route mail, now they have to guess your login name and your password.

Point is that most of these are up front set up and coast.
posted by pwnguin at 10:19 AM on November 7, 2011

It's not just security, though that's a big part of it. It's also hardware and storage and backups. Running in EC2 or a similar VPN gets around part of that, but then you've just shifted your cloud trust issues from Google to Amazon or Linode or similar. If the goal is to avoid those, now you're looking at installing, running, upgrading and supporting your own hardware and OS.

With GMail, they provide the massively redundant data centres, the security, the spam filtering (now very good thanks to the training of their millions of users), the web interface (inexplicably, they're still the only people to do conversations right), the mobile device interfaces and support, the activesync, the two-factor auth, and a host of other good stuff.

Joe sysop's linux box in the backroom not only doesn't compare, it's not even playing the same game.
posted by fightorflight at 2:12 PM on November 7, 2011 [1 favorite]

fightorflight: " Running in EC2 or a similar VPN gets around part of that, but then you've just shifted your cloud trust issues from Google to Amazon or Linode or similar."

In the spirit of full disclosure, I should point out that you're spot on. I use Linode because it's too much work to colocate and repair my own box, and while I do run courier, all my real mail still lives with Google =(

Mainly because I haven't figured out spam filtering, phishing filtering, or found a mail client that has stolen their conversation view, as you correctly noted. Activesync/mobile support seems less important: the server supports IMAP, your device supports IMAP, the server supports calDAV, my device supports calDAV, done deal.

Security wise though, Google's two factor auth really makes no sense to me on mobile. Something you have... my password on disk, and something you have... my cellphone. And don't worry, if you lose your phone, you can reset your password. They'll just ... contact your phone for confirmation. Not clear on the 10 I-lost-my-phone access codes, but I'm guessing you can use their two factor system invalidate those by making a new set.
posted by pwnguin at 3:26 PM on November 7, 2011

Security wise though, Google's two factor auth really makes no sense to me on mobile.

A lot of the questions in this thread about Google's two-factor system (I'll refer to it hereafter as G2F) would be cleared up by actually enabling it and trying it out. It takes a few minutes, and can easily be disabled.

When you enable G2F you're protecting the web-accessible portion. Mobile devices are handled differently. After enabling G2F, you set per-device passwords in the account settings area. So, for an Android cell phone, you add a new per-device password, title it Android Phone, and then enter that machine-generated password into the Password field on the phone's account settings page.

These passwords are only good for a single device connection - they can't be reused. So, for example, someone cannot now brute-force your web sessions by finding this password. You can also revoke these passwords - for instance if your phone is stolen.

This same method is what you use for connecting local mail clients, calendar sync tools, and all other non-web stuff. This is really important - let's say you lose your laptop. If you're not using G2F, any application you used that stored your Google password is a potential source for the thief to access your account. With G2F this is no longer a worry at all. Recovery of a per-instance password is not useful to the attacker - i.e., they can't use it to log into your account and reset your master password.

All of this is aside from the one-time-use codes that you're supposed to print out physically when you enable G2F. These are for you to use in place of the second factor in case you lose your phone. They provide full access to your account via the web, enabling you to log in without the physical device (but with the physical paper). These codes need to be treated exactly how Google instructs you to treat them, if you want to preserve the security of the whole system.
posted by odinsdream at 6:13 PM on November 7, 2011 [1 favorite]

odinsdream gives a good explanation. Sure, it's a little inconvienent at first. But it's required for everyone here at Google for a reason, and it becomes completely habitual after a while. If you don't have a phone thats different, and I think there are solutions but frankly I haven't looked into it (I mean, here you can get a hardware dongle, but I don't know if there is any way to set one of those up with external Google accounts).

Security wise though, Google's two factor auth really makes no sense to me on mobile. Something you have... my password on disk, and something you have... my cellphone.

In the case of the smartphone app for Android, for example, the assumption is that your phone is also locked with a password. So they'd have to know that as well.

And no, the ASP cannot be used to reset your master password.
posted by wildcrdj at 6:30 PM on November 7, 2011

I've been using it for the past two days or so and I have to say that once I figured out how to FIND it on Google's site, it has been not at all difficult to set up. I have the little widget on my phone that generates codes since I'm often out of cell phone signal range and the few times that I've logged on somewhere other than my desk it's been a piece of cake. The weidest thing was seeing the list of places that I'd authorized to be connected to Google, ancient Blogger accounts and connected Flickr stuff, etc. Sort of felt good to go in and turn all that stuff OFF.
posted by jessamyn at 6:34 PM on November 7, 2011 [1 favorite]