noel alanguilan

this is what i saw when i logged in to my yahoo mail this morning. new interface. and that’s not the only thing that’s new. if you look closely near the bottom left, partially covered by the pop-up window, is the applications section. you’re already familiar with calendar and notepad but there are new things there. the first one (covered) is called big sender–tagged as “The better way to send files – large files, videos, photos, and entire folders.” next is edit photos–“Connect right to your Yahoo! Mail and Flickr for basic photo fixes, collages and amazing effects, plus touch up tools, tons of fonts, oodles of shapes and stickers.” then there’s my photos–“See, share, and organize your photos right inside your Yahoo! Mail.” then the last one is the paypal application.

there are a couple more applications–automatic organizer, flickr, photobucker and yahoo! greetings–that you can add to the section. and i’m almost sure that more will be added in the coming months.

the new interface is not available with yahoo! business mail yet. but i expect to follow in a couple of months.

looks like i have something new to play with, at least for a couple of hours.

p.s. a happy birthday to lito

this is a follow up post to securing your gmail.

google has made it easier for you to permanently use https when you access your gmail account. that’s from login and logout and everything in between. in gmail, click on your “settings” located on the upper right hand of the browser screen. this will bring you to the general settings of your gmail account. scroll down to the bottom and you will see “browser connection“. click on the “always use https” and then click on “save changes“.

and you’re done. easy.

please understand that doing this will make your gmail session a tiny bit slower because of all the encryption/decryption that’s going on between your browser and google mail. the upside is you secure your gmail account.

there exist a tool that can “automaticaly steal ids of non-encrypted sessions and breaks into google mail accounts” and it will be released to the public in a few weeks. the tool was presented in the recent hackers’ conference in las vegas called defcon. click on the link above if you want more technical details.

essentially what the tool does is to allow a hacker (unsuspecting or otherwise) to get into your gmail account and do what s/he pleases — like change the password. scary stuff.

the solution is simple enough — encrypt your entire gmail session and not just the login portion. to do that both the server (google mail) and the client (your browser) have to talk to each other via ssl (secure sockets layer) all the time. fortunately, google was informed of the vulnerability about a year ago so they took steps to implement ssl on their side of the fence. browsers has ssl-support built in.

all you have to is to add an “s” to the “http” portion of the google mail address making it look like “https” (without the quotes of course) and you’re done. preferably, you should do this at the start of your gmail session when you log in.

yahoo mail suddenly acted up — web access to both the free yahoo mail and the bizmail part is not working. i don’t know if its a maintenance thing and if it is then yahoo should really inform their user base. as of this writing, there’s no mention of the downtime in the yahoo mail blog. logging in to yahoo mail classic doesn’t work either.

other services — at least, the ones i use like webhosting, yahoo groups — appear to be working fine. only the mail services appear to be down.

bummer. really.

update: 2008.06.26: Y! mail is back online. from what i have gathered, yahoo mail moved the javascript serving duties to another domain (yimg.com) which noscript — a firefox add-on for the paranoid — was blocking. i just unblocked the site and everything’s good again.

every once in a while it happens. i get an e-mail that looks legit but on closer inspection it turns out that its not. here’s one of the ways i find out if an e-mail is bogus or not.

this first e-mail (shown below) appear to be from rapidshare.com — a webhosting provider. the e-mail provides a link to “reactivate my disabled account”. when i put the mouse over the link, the firefox status bar tells me it points to another domain and not back to rapidshare.com. this alone should trigger some alarm bells.

out of curiosity, i clicked on the link and after a redirect it showed me the screen below. note that the page is asking the user’s login details for a rapidshare.com premium account but the real domain name shown on the browser’s address and status bars are not from rapidshare.com but from another webhosting service based in poland (az.pl). the alarm bells should be loud enough at this point.

the lesson here is to look before clicking. check if the link points to the proper domain by putting the mouse over the link and see if the status bar is showing the right domain.

this next e-mail (shown below) is a little sneakier and claims to come from e-trade.com — an online financial products and services provider. take note of the difference between the link provided in the e-mail and the one shown on the status bar. if you didn’t see any difference, take a closer look.

the difference is that the link’s domain name is etrade.com and the domain name in the status bar is thetemplab1.com. warning bells.

clicking on the link, the browser shows me a page (shown below) asking for the user’s id, password and trader’s password for etrade.com but the domain name in the address bar still shows the wrong domain name. really loud warning bells.

again, look before you click.

note: the target of these phising attempts are the clients of rapidshare.com and etrade.com. rapidshare.com and etrade.com, as far as i know, are legit websites.
disclosure: i am not connected with either company.

today i got an e-mail from someone-that-cannot-be-named in huge (about 2cm high) bold letters, “please stop sending me notices“. or something to that effect.

talking face to face with a person is different when communicating with the same person via e-mail. to express emotion in an e-mail one has to be a little creative with the use of letters and punctuation marks. a normal conversation would mean using the regular form of a sentence with a capitalized first letter, lower-case letters and a period at the end or mostly lowercase letters. a sentence using all capitalized letters means you’re shouting that sentence. then there’s the emoticons.

so the sentence above is roughly equivalent to chewing my head off. the thing is i don’t even know the person. i don’t think i would care to.

i currently manage about five lists and this is the first time that someone requested for something to be done in this manner. most of the time i get polite requests which i’m happy to oblige if i can.

it just goes to show you that getting an expensive education and/or having loads of money doesn’t really equate to having good manners.

a couple of years ago one of my hard disks crashed. it wasn’t a major crash but i lost a good number of files nonetheless. i do have backups but since then i have tried to offload most of my files from my desktop and/or laptop to the internet.

at the time, one of my fast growing files was my e-mail. i used outlook express and it fit my needs then. but as more mail slowly crept in i realized that i was hitting outlook express’ limits and the space being occupied by my mail was getting uncomfortably bigger.

so i decided, off with the pop mail and go with web-based e-mail. there are definite advantages to this move:

pluses

• i can access my mail from anywhere and on any computer with an internet connection.
• i would think that all my mails would occupy approximately 3 gigabytes of space. maybe 4. i get plenty of pictures, videos and documents and i do not delete them. that’s a lot of space for just e-mails and none of that is occupying space in my local system. outlook’s (not the express version’s) default capacity is 2 gigabytes.
• should my local hard drives or system fail my e-mail data is still safe and i can still access them.
• should i refresh or change my system i do not have to worry about restoring my mail setup and files from backup.

minuses

• no internet. no e-mail. i will not be able to access even the one’s that i’ve read already.
• security is dependent on the service provider and strength of the password. so i use several passphrases and rotate them regularly and i got (i think) a pretty good webmail service provider — yahoo!

i would think that the advantages outweigh the disadvantages. if you want more info on service providers there is a comparison of webmail providers from the wiki.

i get a lot of forwarded mails from friends containing jokes, quotes, stories and whatever. when i open the mail i see this longish list of people which forwarded the mail to their friends who forwarded to their friends, etc. until the list of recipients is nine times longer than the actual message at which point it eventually arrives in my box.

this list of people usually includes names of the recipients and, of course, their e-mail addresses. this is a valuable resource for spammers. imagine that. someone else has gathered all the information they need for their spam bots and it just arrives in their mailbox. at no cost and all with very little work. they send their thanks, by the way.

please don’t just forward that joke. take a little time to “clean it” of the e-mail addresses of others. after all, it came from a friend and you’re sending it out to your friends. give them that little courtesy along with your joke, quotes, stories and whatever.

i suggest that you place your own e-mail address in the to: field and then put all rest of the e-mail addresses of the people you’re sending that joke to in the bcc — blind copy furnish. this way, no other eyes will see the addresses of your friends.