Triona's Tech Tips

Apparently the phishing scam that netted usernames and passwords for thousands of Hotmail accounts was wider than previously thought. The latest news indicates that Gmail, AOL, Comcast, and Yahoo! users, among others, may also be affected.

My advice to everyone is to make today Password Change Day. Get out there and change the passwords for all of your accounts. Use a combination of numbers, letters and symbols (where allowed) and be sure to use a different password on every system. Again, you can follow my password tip sheet (PDF) for guidelines on creating strong passwords.

I am often asked, “what does it matter?” accompanied by the protestation, “I don’t have anything important in my email anyway.” I would like to respond that you should care if:

• You want to avoid identity theft. Many people use the same password or set of passwords for all systems. If someone gains access to your email password, even an old one, they will try to use it to get into your other, juicier accounts, like your bank. And they will probably succeed.
• You hate viruses. Most viruses are distributed through compromised computers (called zombies).
• You hate spam. Most spam is sent from compromised computers. Your email address book is a gold mine for spammers because it’s a list of guaranteed good email addresses.
• You want your computer to work properly. Nothing slows a computer down like being zombied (see above).
• You don’t want someone else surfing the Internet on your dime. If you use an email account from your Internet provider, the same password is used both for email and to authenticate you to your provider’s network. If you use a common dictionary word without symbols as the password–shazam! instant access.
• You don’t want to go to jail for someone else’s crimes. Take the above scenario and imagine that the person who’s hijacked your Internet account is dealing in pirated software or child pornography. Unless you can prove it wasn’t you (and that may be difficult), you could be held liable. People committing crimes on the Internet use other people’s accounts for exactly this reason.

Although some people advocate that you not write your passwords down, I say it’s okay as long as you keep the written record somewhere secure, like a locked drawer or safe. (NOT on a sticky note on your monitor or under the keyboard, please!) Excel spreadsheets and other computerized means of tracking passwords are not good ideas, because the first thing a virus will do is check for convenient lists of the rest of your passwords. You might as well hand out your passwords on your business cards. And no, password-protecting the spreadsheet doesn’t work either; those are cake to crack. Properly encrypted password managers do work, but I favor the old-fashioned paper approach, as long as it’s kept out of sight.

It really isn’t that difficult to maintain different passwords on every system. I’ve done it for decades. If we would all follow the basic, simple practice of secure password management, we could cut down on the viruses, spam and other problems that plague us all.

You should also be aware of the kinds of scams that caused these breaches in the first place. Try the SonicWall Phishing Quiz to test your skills on identifying phishing attempts, when a hacker emulates the login page of a site to con you into entering your username and password.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

This is why I started Triona’s Tech Tips – because there are murky things going on in the computer world that consumers have no way of detecting. Today it’s your Internet service providers, who are once again doing things without telling their subscribers.

In starting this blog, I naturally added its address to my email signature:

www.guidryconsulting.com/techtips

In the course of checking my Monday morning mail, I sent a reply to a client with whom I’ve worked for years. Imagine my surprise at the following bounce message:

PERM_FAILURE: Rejected by the recipient domain. The error that the other server returned was:
554 554-: (HVU:B1)http://postmaster.info.aol.com/errors/554hvub1.html
554 TRANSACTION FAILED.

I recognized the error because it’s an unusual one, and because I’d just seen it over the weekend when sending a non-work-related email. I immediately recognized the commonalities: both emails were addressed to AOL users, and happened to have links to Blogspot blogs.

A little web sleuthing came up with this:
http://blogging.nitecruzr.net/2008/05/aol-vs-blogspot.html

It appears AOL has decided, without telling its users, that it’s no longer going to accept email messages that happen to contain Blogspot links. And Blogspot happens to be owned by Google.

This is a horrible precident, one that echoes the arguments in favor of net neutrality. If it’s okay for an Internet provider to decide which links it will allow in email, what’s to stop them from, say, refusing all emails from non-affiliated providers? Imagine if your cell phone company decided you couldn’t receive calls from another company’s customers!

This isn’t going to provide computer security for AOL users, as the error message implies. It’s going to send those users – who are already plenty ticked about their degrading service, especially dial-up – straight into the arms of some other provider.

If you’re an AOL user and suddenly not receiving some emails, this may be part of your answer. And if you are emailing AOL users, you’ll have to break up the “blogspot” address, like this:

b l o g s p o t . c o m

Otherwise your message may never reach your recipient, and you may never know why.