26000 email address and password combinations found published on French Website

ECLAT Technologically IT Security AlertOnline security is the name of the game, but just how secure are you when you browse the web? There are a multitude of ways to protect yourself, but TOO many people do little if anything to secure their information on the internet. The consequences can be profound. Consider, for a moment, the implications for losing control of your email address and password. Do you get emails from your bank, there? Bingo. Your bank account is now accessible by the bad guys. How about your stock portfolio? Confidential medical or other financial data? Customer data? Loans? Credit Cards? Business advertising accounts. How about really embarrassing personal data? Plus your name, date of birth, list of family members… the list goes on. If you’re not securing your data, there is a world of hurt waiting to come your way, and your life can lay in ruins in its wake.

Now, in case you’re wondering just how accessible your email address and password are, consider this. Earlier today I was trying to decipher a hand written note and typed in an email address from that note into a Google search. I clicked a few links and imagine my surprise when I found was a list of 25,970 email addresses and passwords. How long have they been out there? Who put them there? How did they get the list? It’s really hard to say, though some of the contents of the page make it look like these were from phishing sites, possibly made to look like the user was logging into their own email, or a similar site. But the cleanup from that kind of theft has got to be immense.

Here’s what I did to address the issue when I found their data:

  • I copied the list and the url of the site I found the list on
  • stripped the passwords
  • parsed the domains
    • 1572 Gmail Accounts
    • 16572 Microsoft customer email accounts including Microsoft Live, Windows Live, hotmail.com and MSN.com
    • 3620 yahoo email accounts
    • 400 AOL.com and aim.com accounts
    • thousands of others from private companies and educational institutions alike
  • contacted the security from most of those domains (the full list is impossible)
  • provided them with the list of compromised accounts and the source (as I have it)
  • contacted a few individuals who were not part of big lists (like gmail, hotmail, yahoo etc.)
  • and now I’m telling you.

This is a big list. 25,000 accounts. That’s a lot of people. And it’s just a drop in the bucket of the list of accounts that have been compromised. Are you one of them? Are you doing all that you can to secure your data? Do you even know if you are? These are all points that may keep you up at night if you haven’t consulted someone to ensure that you are properly protected. Don’t wait until it’s too late. Call someone now!

Sprocket Rocket

Don’t hit the Panic button in your Linked-In account just yet

Linked In Offices PhotoNumerous reports are floating around the internet that LinkedIn, a social networking site for professionals, has been hit by hackers and some 6.46 passwords potentially exposed. But don’t go running out and closing down your LinkedIn account just yet. You probably aren’t affected. And, even if you are, you’ll know it the next time you try to login to your LinkedIn Account.

That said, there are basically two things you can do.

Change your password – tomorrow

Changing your password regularly is a good idea anyway. But with the high number of people trying to change their passwords today, your attempt is likely to lead only frustration and a forgotten password. Instead, take a deep breath, and consider that the stolen files are encrypted, and it will take time to decrypt them. That gives you some time to develop a plan to put your new password into play -tomorrow. In the meanwhile, here’s what you should do:

  1. Change your email account password (TODAY)
  2. Make a list of all the sites you use the same password on, with special emphasis on :
    1. Email Accounts
    2. Bank Accounts
      1. Checking/Credit Card/PayPal etc.
    3. Investment Accounts
    4. Vendor Accounts
      1. eBay, Sears, NewEgg, etc.
    5. Membership Accounts (especially those you pay for, or that can identify you)
      1. Facebook, Google Plus, Gym Memberships, Golf Clubs, etc).
  3. Skip the random email link prompting you to change your password (it could just as easily be a hoax or phishing)
  4. Plan your new password with five future changes in mind
    1. Try putting together a random, yet memorable, string of words, numbers, and syllables. Then you can change them later. Like this :
      1. FishGumboIs2Good!
      2. 2GoodIsFishGumbo!
      3. IsFishGumboGood2!
      4. FishIsGumbo!2Good
      5. 2!IsGumboFishGood
    2. As you can see, the content is the same, but the sequence can be changed 5 times and you’re likely to be on the same track. Come up with your own strategy – please don’t use these – make it something you can remember.
  5. Set aside an hour on your calendar tomorrow (and not a day later) to start logging in on those sites and changing your password.
  6. Put a reminder on your calendar to do this every 4 – 6 months.

Change other passwords? Are you crazy?

Any time that your email address and password may be at risk, you should change other passwords, and start with your email. Why?

  • People often use the same password everywhere, and the first place for a hacker to try your newly discovered username and password is your email.
    • The ramifications are huge. Just think about it. Your bank sends you email updates about your account. Now the hacker knows which bank you use.
    • Your contacts can now receive phishing emails from the hacker that appear to be from you.
    • And the list goes on.
  • Change all your passwords, starting with your email. Don’t forget your phone, and any linked accounts.

The History

Let’s take a moment to look at the data so far :

  1. The claim came in from reports of a “user on a Russian forum” who said they had downloaded the encrypted password file.
  2. Various sites reported the claim, including ZDNet, Cert-Fi, USA Today, and so on.
  3. Linked In reported via LinkedIn that it was investigating the reports, but could not confirm an actual breach.
  4. Vicente Silveira posted about Security Best Practices.
  5. Vicente Silveira confirmed the breach and the documented the action being taken.

The Good

There is good in all of this. Specifically, LinkedIn does care about security. How doe we know?

  • Ganesh Krishnan was talking about security and LinkedIn back on May 23rd.
  • The total time from report to public action <= one day

Hopefully this will encourage LinkedIn to look at their various applications and tighten the security on them, too.

In the meanwhile, hopefully it motivates you to tighten your own online security; lest some hacker gain access to your account in a much less public manner.

Certainty and Uncertainty of Autism in Oregon and SB1568

Oregon State Capitol Building 900 Court Street Salem Oregon Today, February 10th, 2012, Senate Bill 1568 will be discussed at the Senate Health Care Committee hearing. It may proceed to a workshop, it may be voted out of committee and on to its next legislative step, or it may be rejected outright; the outcome is uncertain.

Some things, however, are certain. It is certain, that between today, and February 10th, 2013, more than 600 children will be diagnosed on the Autism Spectrum. It is certain, that more than 1200 parents will begin an emotional, and financial roller coaster. It is certain, that those 1200 parents, with their 2400 parents, will begin a discussion of who will sacrifice what for their children, and grandchildren. It is certain that those 3600+ people will have to decide who will quit their job to take on the full time task of running from therapist to therapist, and tending to the enormous task of caring for a newly diagnosed child on the Autism Spectrum. It is certain that the person who doesn’t work will stop paying into the insurance system. And it is certain, that the strain on those families will be enormous.

The good news is that IF SB1568 succeeds in 2013, the strain those 3600 plus people will feel will be greatly reduced, and those families, plus thousands more like them, will feel a great weight lifted; the weight of having to become medical practitioners themselves, or fail their children. Trained professionals will, finally, be able to provide a significant service to a community that desperately needs it, fewer of those professionals will see people default on their medical bills, and insurance companies that provide coverage, will see greater enrollment in their plans by members of the autism community.

Oregon is one of the last states to address autism treatment by insurance companies

(Image by Autism Votes)

Another certainty, however, is that if SB1568 does not succeed in the Oregon Senate this year, then nothing will change for at least another year, and Oregon will definitely continue to be the state with the second highest incidence of Autism, and one of the diminishing numbers of states that still has no requirement for insurance companies to pay for treatment. And, for another year, Oregon families will continue to feel the financial strain of paying for treatment out of pocket, or waiting far past the time medical experts say is most effective, relying on the school system to take on what they can.

After that, the certainty ends. Will that relief help to bring the divorce rate for the community down from some 70%? Will improved access medical treatment, paid for by medical insurance companies, help avoid foreclosures and bankruptcies? Will schools begin to see a decline in the number of children needing services for Autism? Will more young adults then emerge from academia and enter productive lives? It’s hard to say, but that is the hope that this bill carries with it, so I am inclined to say Yes.

Adding Reminders in Microsoft Outlook 2010

To add a “tickler” or reminder to follow up on an email in Microsoft Outlook 2010 you can :

  1. Flag an email in Outlook by :
    1. Finding where it says “Follow up” and clicking Add Reminder.
    2. In Outlook Flag an Email and Add Reminder

    3. Then set a date.

     

    Sometimes (as in, when using an IMAP connection) the “Add Reminder” option isn’t available, like this :

    In Outlook 2010 an IMAP account email has no Add Reminder Option

    When “Add Reminder” is not an option you can :

  2. Use your calendar, instead by
    1. creating a “meeting.”
    2.  

      In Outlook 2010 Use an appointment as a reminder to follow up to an email

       

      By default, this will send them an appointment to add to their calendar. If you don’t want to include the sender in the “meeting,” you can :

      1. click “Cancel Invitation.”
      2. In Outlook 2010 Cancel an Invitation for a meeting to appear only on your calendar

         

      3. Now the appointment shows only on your calendar.

       

    3. Now, set the date and time that you want to do this by clicking the downward pointing triangle to the right of “Start time:” and the date:
    4. In Outlook 2010 set the Start Date for your meeting

    5. Next, click on whatever date you want. Next, click the time you want to start, and end, this “meeting.”
    6. In Outlook 2010 Set the Start Time for your Appointment or Meeting

    7. Almost done. This is the real “tickler.” You can set a “Reminder” that will pop up on your screen to tell you that you need to “do” or “follow up” on this “meeting.”
    8. In Outlook 2010 Set a reminder to alert you at or before the scheduled start of a meeting.

    9. Finally, click “Save and Close” and that’s it – you’re done! You’ve successfully added a reminder to follow up on an email!J
    10.  

      In Outlook 2010 Save and Close your completed meeting for it to appear on the calendar.

InboxEx for Microsoft Outlook

Here are the basics from the InboxEX website :

  • Supports Outlook 2007 and 2010.
  • Absolutely free, no limitations, no spams.
  • No signup, share via your Gmail account.
  • Tightly integrated, powerful and easy to use.

According to the InboxEX website, the product also provides email search, email archive, calendar availability sharing via Google, and meeting scheduling.

The first thing that struck me was the lack of documentation. There is none – not on their website, nor on Facebook. The website’s “Forum” tab is a link to Facebook, which (at the time of my testing) had 8 followers. If all goes well on this test, maybe we’ll make it 9 by the end of this post : let’s find out.

InboxEx Testing Step 1 Setup_msiAfter first downloading the 10MB install file, I ran InboxExSetup.msi and immediately ran into The first sign of the need for better documentation; in this case, installation requirements.

InboxEx for Outlook This Setup Requires DotNet Framework Version 4“This setup requires the .NET Framework version 4.0. Please install the .NET Framework and run this setup again. The .NET Framework can be obtained from the web. Would you like to do this now?” The two responses in the dialog box are yes and no.

I see this being a show stopper for anyone who doesn’t have a technical background,  but at least it launched a web browser with a link to http://go.microsoft.com/fwlink/?LinkId=186913 which turned out to be the download for the Microsoft .NET Framework 4 (Web Installer).

Testing InboxEx Step 2 LicenseAgreement5 minutes later I had Microsoft .NET  downloaded and installed, and so I continued with setup of InboxEx.

The license was pretty standard, though I found this “Data Collection” section rather interesting :

7. DATA COLLECTION InboxEx Inc. collects anonymized data about your usage of the product and necessary data such email addresses necessary to provide InboxEx services. You agree that InboxEx Inc. may collect this data and use it for email address resolution, product improvements, research, demonstrations, or other purposes. InboxEx Inc. will not sell or release this data, nor does it aggregate personally identifiable information, except as needed to provide the services granted by the SOFTWARE PRODUCT.

Still, onward and upward.

Testing InboxEx Step 3 A Pause While InstallingNext I was surprised to find a pause. I wondered if the system hadn’t hung, so I minimized everything I had open, moved the window around – nothing. This is where documentation, or a downloading progress window would have been nice. Fortunately I waited and, after about 90 seconds I was presented with a User Account prompt to install a .msi file downloaded from the internet. I checked the certificate and confirmed it was from InboxEx Inc and, so, proceeded.

Installation proceeded as I would have expected, and completed. Keep in mind that I had Microsoft Outlook 2010 Open throughout this installation, along with some Chrome Browser windows.

Testing InboxEx Step 4 FinalizingTesting InboxEx Step 5 Installation Complete

I see nothing specifically in Microsoft Outlook. Do I need to exit Outlook and enter again? I check the Start Menu. Nothing under the new apps. Nothing under all programs.

So, I closed Outlook and reopened. All of a sudden, Outlook got REALLY busy. I checked Kaspersky Internet Security and saw that it was scanning email like mad. Outlook was next to useless, the busy wheel flashing several times a second. What is it doing? I’m not sure. Indexing, possibly. But it has me a little worried. Okay, now I see the message in the InboxEx Column : Indexing is still in progress.

Okay, so, if you can get past the flickering “Busy Wheel,” there is some functionality. I try to add a Gmail account. Tab doesn’t move from Gmail* (aka username) and Password*. At least I can click. I add the Password and click Okay.

The flickering is making me sea sick. I think I feel my eye twitching.

I go back into options. There is a checkbox I didn’t see before. “Sychronize calendar with Google.” Huh? I don’t want the whole calendar there. I’m looking for specific controls. This is the same as Google Calendar Sync with a bunch of extra stuff.

I like the conference link, and I appreciate the archiving controls. Still getting sick from the strobing busy wheel. I check my Google Calendar. Sure enough, my whole calendar is being populated up on the Google Calendar. This isn’t the option for me.

So, I Exit Outlook hoping that it will stop the process. Time to uninstall.

I run the uninstall through Add/Remove programs. One not entirely unexpected prompt to close InboxExServer.exe. I choose the Automatic option, it continues. Next is the User Account Control. Again with the 58d6e2.msi prompt. I approve and it finishes without further prompting. The service appears to be gone, and there are no unwanted Program Files folders.

I’ll try to check back with InboxEx another time. Maybe there will be another version.

Google Calendar Sync for Microsoft Outlook

One of the advantages of Cloud Computing (that’s what they call it when your stuff is stored on the internet, instead of, or in addition to, just your computer), is being able to have access to your data from another computer. It can also be very useful for a business that wants to use a calendar for its customers to schedule appointment 24 hours a day, or check your availability against their own before getting in touch.

Google Calendar is jut one example of such cloud computing. Trick is, what happens if you are blending your existing systems with such cloud systems, as in the case of using Microsoft Outlook AND Google Calendar at the same time.

Google’s Answer is an application called Google Calendar Sync for Microsoft Outlook.

Google Calendar Sync – Initial Impressions

My initial impression of the Google Calendar Sync for Microsoft Outlook is, surprisingly, only about average, but sufficient. Bear in mind that this was tested on an installation of Microsoft Outlook 2010 with Business Contact Manager enabled and installed on a laptop running Windows 7 Professional 64 Bit.

Installation of Google Calendar Sync

First impressions do count, and installation is the first impression, so I was disappointed in some of the installation instructions (I generally find Google documentation to be complete and well thought out).

Google Calendar Sync Installation Please Close Microsoft Outlook

  • First, the installation instructions do not say anything about closing Microsoft Outlook. The installation routine, however, does.
  • Now, I don’t know what the cause and effect were, but when I reached this point of the installation and tried to Exit Outlook, the Outlook service continued to run and I had to manually “End Process.”
  • Since I had canceled the installation of the plugin (and closed all other Microsoft applications, and applications linked to Outlook) in order to ensure that this wasn’t causing the problem, I restarted the installation.
  • Google Calendar Sync Installation completed fine and I selected the 2 Way Sync.
  • Next, I tried to open Outlook; which hung, again. I checked and two Outlook processes were running. Was this because the sync app had tried to open it as well? I don’t know. Either way, I now had to find a way of getting into Outlook.
    • I started by trying to stop the Google Calendar Sync by right clicking it in the system tray and choosing “Stop.” Repeated requests to stop it failed.
    • Ultimately, I resorted to forcing it to close by choosing the “GoogleCalendarSync.exe *32” in Task Manager and clicking “End Process.”
    • Since Outlook still didn’t open, I found the Outlook Process and for this chose “End Process,” too.
    • This caused the second instance of Microsoft Outlook to try to open immediately, which generated an error that another Outlook process was already open.
    • Fortunately, both processes closed immediately and I was able to open Outlook immediately thereafter.
  • Without the Google Calendar Sync running automatically, Outlook opened promptly and I then manually ran the Calendar Sync, this time choosing the option for 1 way: Google Calendar to Microsoft Outlook calendar. This appeared to work, but since I already had all the test appointments on my calendar I created a new one and ran the sync again. This appointment showed up just fine on my calendar.

The problem, for me, which would be shared by any business environment, is that I don’t want all of my personal appointments to sync as well. Having not found any options to select a secondary calendar, I went back and reviewed the Introduction, which is when I found this :

Syncing events on secondary calendars

Google Calendar Sync will only sync events from your primary Google Calendar and your default Microsoft Outlook calendar at this time. If you’ve scheduled events on a secondary calendar in Google Calendar that you’d like to sync with your Microsoft Outlook Calendar, you can either move the event to your primary calendar or export your entire secondary calendar and import the events to your primary calendar.

Since this clearly isn’t the best option for me, at least right now, I’ll just uninstall and keep looking for a solution that allows me to update both directions. I still like the functionality – it is simple, straight forward, and does exactly what it says it does. So, I will soon return to Google Calendar Sync and repeat these steps with another profile to see how it works with a bidirectional synchronization.

Uninstalling Google Calendar Sync

Kudos to Google, for great linking in their documentation.

Google Calendar Sync Uninstallation Please Close Microsoft OutlookAgain, however, there is no mention (or surprise) of needing to close Microsoft Outlook before uninstalling the sync app. It does, however, come up with this nice big bright message reading “Please Close Microsoft Outlook before continuing.”

I did, then continued, and all went well from thereon. I even checked Task Manager and confirmed that Outlook was not running. I clicked to Open Microsoft Outlook 2010 and it did so without hesitation. Right back to normal, with the additional Calendar Item that was added during testing.

Google Calendar Sync Uninstall Completed

Welcome to ECLAT Technologically

What does it mean to be ECLÁT Technologically? It means to be successful, and to achieve that success through strategic, measured use of appropriate technology. With ECLÁT Technologically as a guide, someone who has been through the trials and errors, you can succeed faster.

Most Technology goals are projects, and ECLÁT Technologically is here to help you with those projects. Sometimes you just need a tip, and the posts on this site aim to give you that extra edge.

Other times you need someone to help you along, or even take the reins of your technology project. For all those times, we’re here for you. So, call, email, or otherwise Contact Us today and let ECLÁT Technologically help you make your Technology project a success.