Seems there’s an “industry-wide” attempt to phish passwords from unsuspecting web mail users. As you many know, online email account access is gold for phishers, because they (to paraphrase what I wrote yesterday) the foundation for the online existence of a lot of people. Gain access to a web mail account, and you pretty much gain access to the owner’s social networking accounts, and even more important (and potentially lucrative) services like their PayPal. Impersonating other people is also much easier if you have full control over their web mail.

Google at least hasn’t been sitting on its hands. According to the BBC:

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

The firm stressed that the scam was “not a breach of Gmail security” but rather “a scam to get users to give away their personal information to hackers”.

And that’s exactly the point: while I like Gmail more than Hotmail, I don’t think it’s more secure than any other web mail service out there (again, Gmail just provides better functionality). Hopefully incidents like this remind users that they should practice better security, such as using different passwords for their different online accounts, and regularly changing these passwords. I plan to write a quick how to on creating very secure passwords without forgetting about them. Watch out for it soon!

Post from: The Gadget Blog

Even if this report turns out to be false, it’s still a good reminder to change your web email password now, regardless of what service you’re using. For something that’s literally the foundation of the online existence of millions, it’s amazing how few practice good security and change it on a regular basis. For hotmail users, may I also remind them not to accidentally visit hotmale.com?

Which accounts are affected? According to Neowin: “Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts”. The site has done the right thing and contacted Microsoft PR reps in the US and UK to keep them in the loop and possibly elicit feedback regarding the situation.

Technology Viewer suggests that, after those who are allegedly affected change their passwords, they should switch to Gmail ASAP. Personally, I find that sound advice, but I’m not sure what can be done for online services that don’t allow email changes.

Post from: The Gadget Blog

As explained by User Experience Designer Michael Leggett, Gmail holds your message for five seconds, and I agree: that’s enough time for your sensible self to kick in, and immediately pull back messages written from the hip. And don’t you hate accidentally sending confident info to the wrong person? That’s something that I’ve done at least twice, unfortunately.

But it isn’t clear if this new features is available on mobile platforms. At the very least, they could apply it to their Java app. I bet that a growing number of those oops mails are sent away from the computer.

More importantly though, where’s that browser-free Gmail client I so very want?

Post from: The Gadget Blog

This might be overkill for some, but for those who just can’t memorize Gmail’s keyboard shortcuts, the folks over at the Googleplex have quite a deal for you. Just send a self-addressed envelope to Send me some Gmail stickers already, P.O. Box 391420, Mountain View, CA 94039-1420. You’ll receive some vinyl overlays for your keys, as well as some artsy-fartsy Gmail-themed stickies.

According to Google’s blog, “The adhesive is a bit more removable than standard stickiness, so you can take them off once you’ve trained your fingers.” Google will ship this set even to outside the US—check out the full post for more details.

(Image via Google)

Post from: The Gadget Blog

I’ve been using Gmail for over two years now, for a wide variety of reasons (like conversations and inbox archiving for instance). Apparently, so do a lot of domain owners, who woke up one day to find that their online properties were stolen.

Here’s a summary: a hacker manages to gain access to a Gmail account, just enough to modify its Filters. The end result is that any emails sent by the domain registrar—including ones sent due to a “Forgot my Password” request—are forwarded to the hacker. This allows said hacker to grab control of the domain, and demand money for its return.

Thanks to online WhoIS services, which reveal the owner of a website and their email, pulling it off seems relatively easy. I’m honestly not sure if Gmail really suffers from a security flaw, but you can check out the complete details here—and check your Gmail filters just to be safe. It takes only a few seconds after all.

Post from: The Gadget Blog