Posts Tagged Gmail
Google’s Internet search engine is getting more personal by highlighting information drawn from its users’ Gmail accounts on its main results page.
The feature announced Wednesday marks Google’s latest attempt to deliver data that people are seeking more quickly as it tries to maintain the dominance of its lucrative Internet search engine.
Google Inc. is initially testing the feature with 1 million Gmail users who must sign up to participate.
Gmail’s more than 425 million users already can search within their e-mail accounts to find something they need, such as an order from Amazon.com or an airline reservation.
Now, Gmail users who join the trial will be shown a list of relevant e-mails on Google’s main search results page if the correspondence contains a word entered in a search request.
Google (Nasdaq: GOOG) has begun informing certain individual users whom it believes may be the target of state-sponsored cyberattacks.
Those users will see a pink ribbon at the top of their Google pages bearing a warning notice.
However, the warning only means Google believes the account holder may be a target for phishing, malware or some other form of attack and doesn’t necessarily mean the account has been hijacked.
Google lists what users can do to protect themselves when they see the warning notice.
What Google Is Saying
Users should be careful about where they sign in to Google and should look for the URL “https://acounts.google.com/” in their browser bars because attackers often send links to fake sign-in pages to try to steal people’s passwords, Google said.
On spotting the warning ribbon, users can immediately create a unique password that has a good mix of capital and lower-case letters and punctuation marks and numbers; enable two-step verification for additional security; and update their browsers, operating systems, plugins and document editors, Google stated.
Google said the warnings weren’t triggered due to any internal systems being compromised or because of any particular attack.
Further, the company’s alerting only a subset of users whom it believes may be targets of state-sponsored attacks. However, it doesn’t state who falls within that subset. Nor does it identify the potential targets by country of residence.
Google claims its detailed analysis and victim reports strongly suggest the involvement of states or groups that are state-sponsored.
Who’s Doing What Where?
“If this were a warning coming from a small unknown company, one could speculate with good reason that it’s an attempt to get attention,” Mike Reagan, vice president of LogRhythm, told TechNewsWorld. “But it doesn’t do Google any good to be a fear-monger.”
It seems strange that a nation-state would bother to target members of the general public when attacks on specific targets would yield much richer rewards, but “it’s the shotgun effect — you spray your shot widely and you’ll hit someone,” Randy Abrams, an independent security consultant, told TechNewsWorld. “You don’t want to focus where the targets can easily protect against attacks; you go where people are searching, you statistically know where they’re searching on the Web, and you’ve got a pretty good chance of hitting them.”
Google did not respond to our request for further details.
What About the China Card?
As news of Google’s warning spread, speculation that it was aimed at the Chinese authorities began making the rounds.
There are perhaps grounds for making such an assumption. In June of 2011, Washington and Beijing locked horns over Google’s assertion that hackers in China broke into the Gmail accounts of several hundred people, including senior government officials in the United States and political activists. The White House issued a denial that its email system had been hacked. However, security experts pointed out that just because the attacks were launched from servers in China, it didn’t mean the hackers were backed by the Chinese government.
“It could be any number of countries that would like a path to hitting our economy,” LogRhythm’s Reagan said. “As it’s described, the attack has the potential to chip away at the stability and reliability of one of the leading providers of Internet services … Ultimately, albeit indirectly, the U.S. takes a hit.”
Keeping an Eye Peeled
Google said its duty is to be proactive in notifying users about attacks or potential attacks so they can protect themselves.
“Nobody’s going to hate Google for releasing the warnings,” Abrams said. “It’s a pretty easy win.”
Google is “evolving their information security infrastructure to detect sophisticated threats,” LogRhythm’s Reagan suggested. “They also recognize that it’s not a matter of if they’ll be breached but when, and they’ve readied themselves for this. Most people will give Google the benefit of the doubt and heed their warning.”
Electronic privacy advocates on Thursday weighed in on a high-stakes legal fight over online communications, arguing that a subpoena seeking an Occupy Wall Street protester’s tweets violates his rights to free speech and privacy.
The filing from the American Civil Liberties Union, the Electronic Frontier Foundation and Public Citizen, Inc. supports Twitter’s position that the individual, Occupy protestor Malcolm Harris and not Twitter itself, is the owner of the tweets and thus the proper target for any subpoena.
Manhattan Criminal Court Justice Matthew Sciarrino Jr had earlier ruled that Harris did not have the standing to challenge the subpoena, which seeks personal information and all of Harris’ tweets from September 15 through December 31, 2011.
Harris was one of 700 protesters arrested on the Brooklyn Bridge during a protest last October.
Prosecutors at the Manhattan District Attorney’s office said they to needed Harris’ information to determine if the tweets he posted while on the Brooklyn Bridge were “inconsistent with his anticipated trial defense” – that the police either led or escorted protesters into stepping into the roadway.
The case has caught the attention of privacy and free speech advocates, who fear that if the judge upholds the District Attorney’s subpoena, it will undermine a basic tenet of Internet communications in the era of social media: that the author, and not the company whose services are used, is responsible for the content.
Thursday’s brief argues that Harris should have standing to bring a First Amendment challenge because the subpoena would reveal sensitive details about him and his communications.
The motion also asserts that Harris’ Fourth Amendment right against warrantless search has been violated, because the information sought by prosecutors would impair his right to move freely without government surveillance.
Since Twitter users increasingly rely on laptops, iPads or other mobile devices likely to be logged into Twitter government could “reconstruct their movements to conduct virtually twenty-four hours surveillance of them,” the motion argued.
“Twitter has a good history” of protecting its users in court, said Ginger McCall, director of the Open Government Program at the Electronic Privacy Information Center (EPIC). “But they shouldn’t have to. The user should be able to fight for themselves.”
Thursday’s motion referenced similar cases involving Google’s Gmail and Amazon.com, in which judges rejected the argument that users had no standing to challenge demands for information.
“Everything on the Internet is held by a third party,” said Susan Freiwald, a professor of cyber law and information privacy at the University of San Francisco School of Law, who was not involved in Thursday’s motion.
“If you were to say that the third party rule retains force on the Internet, then we would have no privacy online.”