Do you remember when a technology company in the media spotlight usually meant something exciting and shiny was being announced? Those days seem so distant now. Back then, Jobs was giving us “one more thing,” Google was actually trying to not be evil, Flash was still doing amazing things on the web, Facebook was connecting us with long-lost friends and relatives, and Yahoo was the darling search engine and homepage for millions. Unfortunately for all involved, their present-day state reads like a click-bait-y “Where are they now?” article, and it’s just as depressing as you might think, at least as far as Yahoo Mail is concerned.
So where is Yahoo now?
The former internet giant was divvied up in 2015 between Oath Inc (aka Verizon) and a new company called Altaba. Oath took over the ailing portal and email services, while the more profitable parts of the business, including Yahoo! Japan and their investments in Alibaba were consolidated under Altaba. While it may be hard to comprehend why anyone, let alone Verizon, would pay to take over Yahoo Mail, apparently the revenue potential of millions of eyeballs trying to read emails surrounded by advertising whetted someone’s appetite. Whatever tantalizing profit potential that might have existed, it’s considerably less thanks to a $35M fine handed down by the SEC for the company’s failure to inform its investors of the 2014 breach, which, keep in mind, was a paltry 500M accounts breached as compared to the 3 billion accounts breached in the previous year. Oh, and don’t forget, it’s also highly likely that the US government scanned your Ymail for terrorist activity as well. Would you think less of me if I started calling this service “Why-mail”? Or maybe “Y-R-U-still-using-this-mail”. Oh, how the might-Y have fallen. Alright, I’ll stop now, please don’t unsubscribe!
It had all the trappings of a Hollywood blockbuster: a massive data breach, hackers hired by Russian spies, and a secret operation that went on for years undetected. Except for one rather pedestrian and crucial element. According to indictments handed down by the US Federal Bureau of Investigation, the hackers penetrated Yahoo’s security not through some sophisticated cyber-tango of caffeine-fueled hacker artistry. There weren’t any high-tech micro computers covertly implanted into neon-lit server racks following a series of cleverly choreographed hi-jinks. No, the largest single leak of Personally Identifying Information was enabled by a Yahoo employee falling for a spear phishing attack.
Here comes the email security soapbox again!
What’s a spear phishing attack and what makes it different from the rest of the spam you get in your email? Typical spam and phishing emails are sent to as many people as possible in the hopes that a small percentage will click the link or open the attachment, whereas spear phishing is designed to target a very specific audience or even a particular individual. They are typically several levels more sophisticated than the usual garbage clogging our email as the content is custom-tailored to appear believable to the target. While I’m sure many of you are scratching your heads at how a single click on a fake email could lead to the largest breach in history against a storied dot-com darling, keep in mind that in the ongoing plate-spinning war of internet security, the good guys only win if they can keep all the plates spinning, and the bad guys win if even a single plate falls.
There are many lessons to be learned from this incident, but perhaps the most important one of all still remains: all security systems are only as strong as the weakest link, and many times that weakest link is a human. Given enough resources, time and determination, any security system can be hacked, and any company or organization can be breached. What’s a business owner to do in light of a seemingly unstoppable force? Just like preparing for two other famously unavoidable eventualities, planning for security breach will prepare you to react properly and deliberately rather than a mad scramble for recovery. Not sure how to get started? Pick up the phone and let C2 give you a leg up on getting ready.
The good ship Yahoo is still battling troubled waters on its journey to the safe harbor of a Verizon purchase. Reuters has just released a massive bombshell that may blockade if not outright scuttle the $4.8bln deal: two former employees of the beleagured media company have alleged that Yahoo complied with a classified directive from a government agency to directly surveil the millions of email accounts hosted by Yahoo in 2015. According to the Reuter sources, the decision to open Yahoo Mail’s kimono was made behind closed doors, excluding Yahoo’s then Chief Information Security Officer, who apparently resigned because of this incident.
Whiskey Tango Foxtrot, Yahoo?
Normally, I don’t urge folks to get out the pitchforks and torches, but on reading this I actually used language not normally heard in polite company. Thus far the government agencies named are declining comment. If the allegation proves accurate, I’d say Yahoo customers had their Fourth Amendment rights violated and thoroughly trod upon any trust they might have had left with their still substantial customer base. Coupled with the recent massive breach they experienced in 2014 and the debacle that was their conversion to a new email platform in 2013, it’s no wonder Yahoo has gone from an Internet powerhouse to second-tier media company up for sale. If you are still using Yahoo as a primary email provider for work, you should stop doing so immediately, not only for security issues that they can’t seem to get ahead of, but now for serious breaches of privacy and trust.
Unless you’ve been living under a rock for the past year, most will leap to the conclusion that I’m writing about the ongoing government snooping that seems to permeate the internet these days. Unfortunately, another of the tech industry’s dirty little secrets is being dragged out into the light of day, and it’s something you’ve probably known all along but didn’t want to acknowledge: Your email is not private. Microsoft recently underlined and highlighted this fact by releasing details on an investigation into an ex-employee’s attempt to sell confidential information. The individual in question was identify primarily through the contents of his Hotmail account, which Microsoft openly admits to reading. While this may seem to be a blatant and gross invasion of privacy (it is), it’s also well within Microsoft’s rights as outlined in the Terms of Service every single customer agrees to when creating and using the free webmail account.
What this means for you:
Before you think this is a Microsoft bashing party, Google and Yahoo have the same sort of Terms of Service, as does just about any other email provider out there. They can read your email any time they want to, and they don’t have to get a search warrant like law enforcement supposedly has to do. They own the equipment, software and data services that deliver your email, and they assert openly in the Terms of Service in one way or another that your email is not yours to keep private. You might also want to review your employer’s information security policy: it’s highly likely that they advise you that any email transmitted through their servers is company property, and is subject to review at any time. This is not something new – policies like this have been around since email first started being used in large organizations that could afford lawyers.
The only way to keep email truly private is to use end-to-end encryption, a process that most people find daunting to establish, and inconvenient to use. Until there is a radical change in how we communicate on the internet, the only way to truly keep things away from prying eyes is to not put them on the internet in the first place.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Last week, Google made a change to it’s widely used webmail platform Gmail: instead of asking if you want to “show images” in emails, Gmail will automatically display them by default instead of asking permission. This particular behavior is also seen in the other two webmail titans (Yahoo and Microsoft), as well as a common feature in mail clients like Outlook. Why aren’t images loaded by default? Primarily because when you open that email full of graphics and you actually want to see them, the mail client (or webpage) makes a request to the server hosting the images, which is usually the same server that sent the email in the first place.
If that sounds like a sneaky way to confirm that you’ve opened a particular email, that’s because it is. This process reveals certain data about the recipient, including date and time of opening, what browser or mail client you are using to view the email, as well as some rough geographical data about your location, based upon your IP address. So why is Google loading images by default? It’s because now they are caching the images to their own server, and then showing them to you, which effectively acts as a proxy between you and the sender, and blinds many marketers who were relying on the image requests to track you.
What this means for you:
Whether you realized it or not, your email client’s annoying tendency to not show you images in emails was actually in your best interests. Because displaying images required you to actively “opt in” by choosing to view the graphics, if that email was sent by a marketer, you sent them a nice packet of data and a positive affirmation that you saw the email, whether you intended to or not. With Gmail’s image caching, some of that data is no longer being unwittingly sent by its customers, however, notice that I wrote “some.” The more clever marketers out there (including Mailchimp, the service I use for my own email) tag email images individually, so they can still track opens, as Gmail still has to load the image to its servers before showing it to you. In my case, this is merely so I can tell if anyone is reading my newsletters, but even that one point of data is still valuable information to email marketers, and you can bet they will find other ways to track your online activity.
A new website entitled “HaveIBeenPwned.com” recently launched that indexes millions of accounts that have been exposed in some of the largest data breaches in the past 3 years, including the most recent data theft from Adobe, in which over 153 millions accounts were dumped onto the internet. This website allows anyone to punch in their email address to see if their credentials were a part of the haul the data thieves looted in these attacks. Interestingly enough, I punched in my personal email address and discovered (as expected) my account was one of the 153 million exposed in the Adobe breach. Other breaches covered in this database include Yahoo, Sony, Stratfor and Gawker. If you happen to use any websites from those companies, it may be worth your while to check to see if you might have a password issue.
What this means for you:
If you happen to score one or more hits in the database on this website, and you know you’ve used the same password exposed in the above data breaches on other sites, you should stop using that password immediately and head out to change your other passwords ASAP. Even if you didn’t score a hit in the database, there are data breaches happening constantly, and computers have become strong enough to crack the encryption used to store and ostensibly protect them. Where possible (and reasonable), you should be using unique, strong passwords for all your important web services, especially the ones that have access to your sensitive data and money. Programs like Passpack (what I use) and LastPass are indispensible tools to assist in making strong password use practical. Each has a bit of a learning curve and will take some getting used to, but the time spent will be a worthwhile investment in protecting yourself online.
Image courtesy of Salvatore Vuono / FreeDigitalPhotos.net.
Only seven months after a major redesign that many considered a huge flop, Yahoo has unveiled major changes to its Ymail service, and it has its users up in arms again. The new features like conversation threads, themed background images and a massive terabyte of storage are clearly following in Gmail’s footsteps, changes that weren’t unexpected, given that Yahoo’s CEO, Marissa Meyer was one of the core designers of Gmail when she was at Google.
What this means for you:
Yahoo Mail is the second largest webmail service in the world, and very close on the heels of Gmail. Feature changes like the ones above are attempting to build on Google’s successes, but as many customers have noted in the large volume of complaints, the main reason they use Yahoo Mail is because it is not Gmail. The biggest change seems to be the removal of the Mail Tabs feature, something that nearly 40K users have voted to have Yahoo reinstate. Users are also complaining about numerous bugs that appear to have never been quashed from the last time Yahoo messed with its email service. Seemingly heedless to the outpouring of complaints, Yahoo has issued press statements reiterating the need for the company to progress the development of its services into a “…more modern and personalized Yahoo!” Perhaps that development means some loyal fans will be left behind.
Many of you already know this because you, or your company has partially, or even fully embraced this concept: technology continues to expand the way businesses can take advantage of remote workforces and telecommuting. According to BusinessInsider.com, the number of people working remotely or telecommuting in the US has grown by nearly 80% from 2005 through 2012. However, the actual number of people working in this fashion (3.3m, not including the self-employed) still only comprises less than 3% of the total American workforce.
Despite the gains telecommuting has been making in the business world, many more companies still cling to the more traditional office-bound cultures, even such as Yahoo, where former Googler and now CEO Marrisa Meyer infamously rescinded Yahoo’s extensive telecommuting labor policy, citing the need for more teamwork and collaboration. This is perhaps the most popular justification for eschewing a dispersed workforce, but many successful small business, both startups as well as established business are taking advantage of the decreased overhead and a happier, more productive workforce, and the internet is making collaborating over distance easier every day.
What this means for you:
As a small business owner, or someone who is looking to shake up the culture of a more traditional work environment, the arguments for decreasing real estate expenses, infrastructure costs and administrative overhead will come fairly easily. However, be prepared to answer how you will maintain or even improve collaboration and teamwork, especially now if your staff can no longer pile (physically) into a single conference room with a few minutes notice. Security, standards compliance, quality control and performance management will also require new processes and new ways of thinking, and as we all know, change never comes easy, especially when someone’s paycheck or dividend is on the line.
All of the preceding challenges can be met with current technology that is affordable and often easy to use, but if you buy a bunch of laptops and webcams and ditch the cubicle farm without preparing both your people and your business, you may be in for a rude surprise. As is always the case, plan carefully how you implement technology: the easiest step is purchasing shiny new toys. The hard part is implementing them properly and securely, and making sure they are properly aligned with your business.
Image courtesy of jannoon028 / FreeDigitalPhotos.net
Have you ever opened up Facebook and noticed an ad popping up on the right hand side that seems to be eerily similar to something you were looking at/shopping for on a completely different website? Fortunately (or unfortunately, depending on how you look at it), Facebook isn’t reading your mind – instead it’s reading your browser history for behavior that aligns with one of the thousands of different ads it offers on its new Facebook Exchange (FBX) advertising platform. This particular method is called “retargeting” and is similar to technologies used by Google and Yahoo in their ubiquitous ad platforms.
Prior to the launch of FBX, Facebook sold ads based upon its extensive demographic database – advertisers could target their ads across dozens of traits including geography, age, sex, marital-status, etc. – all based upon the data that it’s 1 billion users freely share with the service in their quest to stay connected with friends and family. This method allowed Facebook to generate nearly $5 billion in ad revenue a year, but since the launch of FBX and the use of retargeting, Facebook’s new shareholders have at least one piece of good news: FBX retargeting ads are proving to be much more effective that ads sold around all the demographic data it’s been gathering for years, which means that advertisers can expect to start paying a lot more for those clicks.
What this means for you:
Let’s face it: internet advertisements are here to stay, especially since people like getting things for “free.” The savvy among you know that nothing in life is ever free, and obviously we pay for these free services with our eyeballs, and on occasion, our patronage of an advertiser. As the folks at Facebook, Google and Yahoo continue to improve the accuraccy of their advertising platforms, you can count on ads will becoming so finely tuned to their viewers, it will be like the internet was a window on our heart’s very own desires. There are add-ons you can install in Firefox and Chrome (check out the ever-popular AdBlock Plus) that will block/hide advertisements, but as websites become increasingly dependent on advertising revenue to continue delivering “free” services they will continue to find ways to make viewing advertising unavoidable. In some cases, using an adblocker will make some sites completely unusable without a lot of fiddling with settings and whitelists. If you insist on drawing a hard line in the sand about being targeted, disabling cookies will go a long way to making it impossible for sites like Facebook to track your browsing behaviors, but it will also make surfing the web a constant barrage of password prompts, preference setting and other annoyances that cookies made bearable. You can also look at services like PrivacyFix which can help you understand and control the privacy settings for the more popular sites that track your browsing history.