Tuesday, May 25, 2010

10 Major security and privacy issues of your Cloud Services, and solutions.

This article describes some of the major security and privacy issues for your Cloud Services and tools e.g. Google, Salesforce, Amazon, ReadItLater, Delicious, Firefox, LinkedIn, Facebook and Twitter. More importantly, it gives you valuable solutions and tips.

Starting with number 10) Governments, Broadband Operators, Cloud Providers and Hackers can access your data stored in the cloud.

Cloud and Web service providers sometimes make your data public without telling you. Most data in the cloud is not encrypted. Governments like the US and China do not always need a court order to look into your data. All data passing through central nodes is monitored and filtered by several European countries. Hackers can use PDF email attachments and Wireless networks to capture your passwords.
Solution: This is not as big of a problem as it may sound like. Your data is usually interesting to someone close rather than some foreign government. There are no good technical solution to encrypt (protect) all your data. Choose providers that you trust have good privacy and security. Read this article in order to check if someone else is reading your Gmails http://www.friedbeef.com/how-to-check-if-your-gmail-account-has-been-hacked/

9) Internet Archive – Your Web-history is saved: your blogs, websites, comments, searches, conversations, emails and what you watch on YouTube.

Many services around the web store historical data. There are even major libraries that try to save all web pages. Google has been heavily criticized regarding its privacy. The most intrusive privacy decisions e.g. what you search, read, chat about and watch is logged, and it is difficult, sometimes impossible, to disable this “History feature”. If you are using several Google Services you are constantly logged into Google. Google stores most of your actions by default. Even other major cloud services have similar issues. The following section is from Facebook Privacy Policy May-2010: “Even after you remove information from your profile or delete your account, copies of that information may remain viewable ...”
  1. Post only if you would not mind seeing your post (today or in 20 years) with your signature on the front page of your local newspaper.
    Also monitor your children's online behavior since they are not familiar with privacy issues. See articles below for Facebook Usage.
  2. Go to https://www.google.com/accounts/ManageAccount?hl=en. From there you should look into all your Google privacy settings.
  3. Don’t use Google Toolbar. Read http://www.gtricks.com/google-tricks/how-to-remove-web-history/ for more similar tips.
  4. You can clear your YouTube history manually (see screenshot below).
  5. Disable Google Web History: go to http://www.google.com/history/?hl=en and click “Pause” (See screenshot below).
  6. Disable Chat History in Gtalk (See screenshot below). You can also disable chat history for your entire Google Apps domain here https://www.google.com/a/cpanel/YOUR_DOMAIN/ChatSettings. The latter is probably the best option since even if you disable your personal chat, the person you are chatting with will probably have their chat history turned on and your chats will be saved there.
Congratulations! Now, only your email history is still available in the cloud, but that's convenient. Just remember, even if you delete an email its still available in the trash (https://mail.google.com/a/YOUR_DOMAIN/#search/in%3Atrash). The issues mentioned above are still not huge since only Google has this data, and security has been good so far. Please comment this thread with additional tips on disabling the Google History features.

8) You may loose your valuable Data. Providers Privacy & Security Policies are not on your side.

Who reads the long and boring legal texts and policies, right? Looking into Privacy Policies from leading providers you’ll find that you can actually loose your business data or that you don’t own the complete rights to it.
According to Salesforce privacy statement (http://www.salesforce.com/company/updated_privacy.jsp), Salesforce will review, share, distribute, or reference Customer Data and view Individual records of your Customer Data. Well, that's one interpretation of the actual terms below :-).
Salesforce.com will not review, share, distribute, or reference any such Customer Data except as provided in the salesforce.com Master Subscription Agreement, or as may be required by law. Individual records of Customer Data may be viewed or accessed only for the purpose of resolving a problem, support issues, or suspected violation of the salesforce.com Master Subscription Agreement, or as may be required by law. Customers are responsible for maintaining the security and confidentiality of their salesforce.com usernames and passwords.”
Usually, the legally binding terms your sign up for can be modified at any time by the Cloud Service Providers, but not by you. Amazon Web Services (http://aws.amazon.com/agreement/) writes:
“You agree that we may modify this Agreement or any policy or other terms referenced in this Agreement (collectively, “Additional Policies”) at any time
Since you might store your data in the Amazon Cloud you might loose it if you get into conflict, or perhaps for no reason at all. Amazon writes:
We may suspend your right and license to use Amazon FPS  or Amazon DevPay and any associated Amazon Properties, or, if you are only using Amazon FPS, terminate this Agreement in its entirety (and, accordingly, cease providing all Services to you), for any reason or for no reason, at our discretion at any time, immediately upon notice…”
Solution:  This is still not a major issue for most people and companies. You can backup your data to offline or another provider. The most important thing you can do is to Read the terms to understand what you are getting into.

7)  Anyone can see what your are reading or bookmarking.

ReadItLater is maybe the most popular service to bookmark articles to be read later when you have time. Services like this sometimes make your data available to the public without telling your. Everything on your ReadItLater list is public by default. Bookmarks to Delicious are public by default. This means that anyone can see what you are reading and bookmarking.
Solution: Disable RSS in ReadItLater (See screenshot) and add following flag to the Delicious Bookmarklet: &share=no
Delicious Bookmarklet

6) What is your opinon?

Please post your comment on what’s missing from this list and I’ll write the best ones here with your reference.

5) Facebook, Facebook, Facebook

OK, this one is obvious. Facebook default privacy settings are to make your private data publicly available (your posts, photos, groups and applications). Facebook has also had some major bugs allowing other people to look into your profile, peek into your private chats etc. Your Facebook information is available to external applications i.e. other companies can download your data. Facebook is giving your data to advertisers. The new Facebook “Like” button can point to any web page, not the one you think you are Liking (this is a permanent bug since there is nothing FB can do about it).
Facebook is not actually a big issue since you can do something about it by following these rules:
  1. Remove all people from your friends list that are not your actual friends. Use LinkedIn instead of Facebook for your connections that are not your friends.
  2. Read this article on how to configure your privacy settings http://www.allfacebook.com/2009/02/facebook-privacy/.
  3. Read this to learn more on Facebook critique http://en.wikipedia.org/wiki/Criticism_of_Facebook
  4. Use the Like-button on credible sites (or logout from Facebook first).
  5. Most important: Post only if you would not mind seeing your post with your signature on the front page of your local newspaper.

4) LinkedIn – A competitor can see your business connections, customers, leeds, partners

LinkedIn will by default allow all your connections to see other connections in your list. This setting is not a problem for most people. However, if you are a business owner, you don’t want you valuable information such as connections, customers, leads etc. to be available for free to your competitors.
Solution: Disable features as shown in the screenshots below

3) Anyone might be able to see your location!

Location Aware services are great, can be very useful, and are growing rapidly. You don’t need a GPS. All you need a device with IP address or WiFi connection, in other words any modern device. You have probably notice them when using your iPhone and the Maps application. New web standards allow for the same functionality in your Desktop browser. Any webpage can ask you for your current location. Google Buzz for mobile and other mobile services has this enabled by default.  Most websites will just look into your IP address to approximately guess your location. Many Twitter users post location information within or as metadata to the Tweets. Your location information is sensitive and could be used by burglars to rob your house while you are away on vacation etc. There are probably other bad scenarios you can think of.
Solution: Learn more about Location Aware services (e.g. http://en.wikipedia.org/wiki/Location_awareness). Learn more About Google Latitude (http://www.google.com/intl/en_us/latitude/intro.html). Enable you location (if possible) only to you and your family members. Add this blog to your Google Reader and I’ll post more information in the future.

2) …and the biggest security issue is: Anyone with access to your PC can see you Web passwords!

FireFox is currently the best Web Browser. This issue however applies to all FireFox users. Go into Menu->Settings->Saved Passwords->Show Passwords. All your passwords are visible in plain text! With this information a person can hijack your business data, social accounts, email and domains.
Solution: Disallow access to your PCs and/or use a Master password in Firefox (Options—>Security—>Master Password). You should also use different passwords dependant on security level. Save only passwords with low or medium security level when prompted by Firefox. Keep passwords with high security in your head and/or a safe location. Remember: Web browsers are not very safe.

1) …and the biggest privacy issue is: Your Boss sees what your are really up to!

Most privacy intrusions will happen with somebody who is interested in you, someone close, like your Manager :) This example applies to all Google Apps users (and probably other similar systems). I, as an Admin in Google Apps, can see all calendars in the domain and there is no way for me to disable this feature. This is not a bug according to Google and they have currently no intention of changing this. If you work at a small company and you are using Google Apps you will have to rely on your bosses integrity that he/she will not peek into your private data.
Solution: Use a private Google Account for private email, Calendar etc.
Follow wedran on Twitter
Twitter Facebook Facebook Digg Digg Facebook

Sunday, May 16, 2010

How to paste screenshots to Gmail and how to use Gmail as the default email client.

Update! Google seems to have disabled the paste screenshot feature for some reason. You can still use screenshots in your Gmails by using Gadwin Printscreen (freeware). Set it so that it saves files to a desktop folder. Then drag the files into your Gmail (use the application below or the Chrome browser)

--- Old post below

Recently Google resolved two major issues with Gmail. It is now possible to take a screenshot and paste it directly into an email message. It is also possible to use Gmail as standard email client that pops up when a user clicks on an email link on a webpage. Follow these steps:
  1. Download this application from Google
    http://dl.google.com/tag/s/ap=<YOUR GOOGLE APPS DOMAIN>/googlewebapps/en/googleappsstandalonesetuptagged.exe
  2. This application will install three icons on your desktop
  3. When you start the email client it will ask to be your default client. Choose Yes.
  4. When you want to paste an image or screenshot just copy it and paste as you would in Outlook or any other email application. Voila. It works.
If you are not using Goggle Apps, but only Gmail, you can achieve the same results by installing Google Chrome. Read more here. http://googleappsupdates.blogspot.com/2010/05/drag-images-directly-into-messages-in.html
Follow wedran on Twitter
Twitter Facebook Facebook Digg Digg Facebook

Tuesday, April 20, 2010

What is a Cloud Service and why should You care?

Wikipedia gives a silly technical explanation: “Cloud computing is Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like a public utility…”

Why should you Care?

Cloud Services are currently changing the way people, businesses and governments work and live.  Let me give you a few examples:

For Businesses (Small and Large)
  • Cost Savings are Huge.
    Cloud services are designed for sharing of one system between many users and companies. This means that you split the cost between all users. Lets say you company want to use Google Apps (Gmail / Calender / CMS …). This advanced system is used by many companies world wide and therefore the price is as low as 40 Euro per year and user. And you only need to signup on a website, in other words, no servers, no expensive consulting companies (I’m not promoting Google, but this is simply the best example).  You can also watch this nice video by Salesforce.

  • Growth Opportunity is extreme
    - for those who develop their own services.
    Scalability is a button switch away and you can target the entire world with your system.  Google has only been around for 10+ years, Facebook 6 years, YouTube 5 years and  Twitter 4 years. Of course you don’t need to aim for world domination. A good system on Google Marketplace will give you a head start if you are developing business systems.
Basically, Your company might be a victim if you don’t know what Cloud Service is and how it might affect you business.

On the other hand, if you play your cards right and know how Cloud Services might help your business you can be a world leading company in your area.

For Governments (and citizens)

The US government is currently working with NASA in order to transform the entire government IT infrastructure from costly and energi-innefective systems to Cloud services. This transformation is initially a very costly process, but will give US a head start over other countries. Watch this video from NASA and US CTO office.

  • Integration of all information
    Cloud doesn’t mean centralized data, but it means that all data is reachable and can easily be cross-referenced and integrated. This results in great new opportunities and some challenges. All technology progress couses some new problems, but it resolves more issues. Integrated information will eventually lead to better organization, less corruption, improved democracy, security, efficiency and more comfort.
Basically, Your job might be in risk if you are working with activities that will be replaced by integrated Cloud systems.

On the other hand, if you know how Cloud Services might help your career you may be a very valuable resource for the next 20 years.

For Consumers
Your life is slowly changing and you will not think about the term “Cloud Services”, but rather “Web based applications” or just “Web services”. You are problably today using some of the Cloud Services like: Gmail, Gtalk, Facebook, YouTube, Twitter, Spotify, Picasa, LinkedIn, Blogger, Dropbox, Delicious etc. Your data is spread around the web and you are not too considered about it.
Here is why you should care:
  • Profile yourself and be in Control
    Information (video, photo, comments, documents) you put online, on facebook, linkedIn, twitter, discussion forums etc. is stored, logged, processed and integrated. It can work for you or against you. It can help you get your dream job (LinkedIn), it can get you fired (Facebook). It can even get you imprisoned. It can help you get elected as president (Obama). It can spread your news in minutes around the world and international media (YouTube and Twitter). 

    Be present online with information you control (you own blog, domain, linkedIn, faceboo, twitter) in order to avoid trouble and get the benefits. If you are not present online you will not get any benefits, but you might get into trouble. Other will publish information including you (comments, photos, documents, videos). Since you are not the publisher you will not be in control of the information and that information will be on top of the Google search result when someone (a company, friend, acquaintance) Googles your name.

  • Your time is limited. Love efficiency.
    By using Cloud Services you avoid many trouble you are today having with your computer. You don’t have to install any software, transfer files and care about backup. Cloud Services work at home, at work, at friends, on the road. You only need a Browser and Internet connection. It is available on your Desktop, Laptop, Media Center, iPod, iPhone and iPad. Your data (Documents, Music, Files, Bookmarks, CV, Photos, Videos, Email and Contact) and applications are following you.

  • The Innovation in new services
    The examples and benefits described above are really only the beginning of Cloud Services. More Services and more integration between them will lead to very innovative consumer services. For example, context aware services will take into consideration your geographical location and other parameters about your current context in order to present valuable information and options. Here is another innovative example by Microsoft Research:

Follow me on Twitter for relevant news and solutions about Cloud Services and future Blog posts.
Follow wedran on Twitter
Twitter Facebook Facebook Digg Digg Facebook

Friday, April 2, 2010

Sync LinkedIn, Facebook, Outlook, CRM and iPhone Connections to Google Contacts (including the Profile Photo)

All your contacts (e.g. from LinkedIn, Outlook etc.) should be automatically synchronized and stored in one place in the cloud (Google Contacts) that enables easy access from any computer or mobile device.

Google Contacts (http://www.google.com/contacts) is a very important part of Google Apps suite since its connected to Gmail.

Follow these simple steps to have all your contact synchronized between your LinkedIn, Facebook, iPhone, Outlook and Gmail / Google Contacts:
Step 1 – Outlook to Google synchronization
This step is optional. Outlook can be synchronized using Google Sync tool available at tools.google.com/dlpage/gappssync.
Step 2 – iPhone to Google synchronization
This step is most essential in the process. Use these instructions exactly to setup the interaction between iPhone and Google http://bit.ly/bklwL8.
Step 3 – Facebook to iPhone synchronization
This step will add missing contacts from Facebook and update the profile photo of existing contacts (only of your Facebook friends).

Download the Facebook application from the AppStore on your iPhone and follow these instructions http://bit.ly/bS2dPo.
Step 4 – LinkedIn to iPhone synchronization
This step will add missing contacts from LinkedIn together with their profile photo (if they have one in LinkedIn). This step is very important since most of the business contacts are on LinkedIn.

Download the LinkedIn application from the AppStore on your iPhone and then download all contacts to your iPhone address book. See http://bit.ly/d4sZXM for more info.

I recommend completely rebooting your iPhone before synchronizing the LinkedIn contact since the application uses a lot of memory and can crash if you have to many contacts to synchronize the first time.
Step 5 – Congratulations! All contact are now synchronized to Google Contacts.
Visit Google Contacts (http://www.google.com/contacts) and see that all your contacts, including profile photos (for most of them are included). Use the Google Contact "Find Duplicates" button to merge any duplicates.

Keep using the LinkedIn and Facebook app on your iPhone in order to sync them to Google. If you update any contact on Google, they will automatically get updated on your iPhone as well.
Want more synchronization? Enable Contact sharing
If you are using Google Apps it easy to share contacts between all users in your domain and to achieve a global addressbook. Follow these instructions to enable contact sharing: http://www.google.com/support/a/bin/answer.py?hl=en&answer=47926 

You can also add Google Apps contacts from your Dashboard. All contacts will then be available on URL: https://www.google.com/contacts/a/_YOUR_DOMAIN_

Note! These steps are tested and worked 1st April 2010. Google offers Contact API (http://code.google.com/apis/contacts/)  that will enable you to integrate and use all your contacts in other systems e.g. a CRM tool.

Another option is to export the contact from Google and use them with Excel or other application that supports importing of Comma Separated Value files (CSV).

Follow wedran on Twitter
Twitter Facebook Facebook Digg Digg Facebook

Saturday, March 6, 2010

Gmail signature with embedded image (workaround for "Images are not displayed. Display images below")

Instructions for creating Email signature in Gmail so that the images are displaying correctly in Gmail and Outlook clients (users does not have to press "Download images" or "images are not displayed. Display images below". The images are displayed automatically).
  1. Login to Gmail/Gapps, go to Labs and Enable feature "Canned responses" and "Insert Image" button.

  2. Create the signature by uploading images using Gmail Insert image button.

  3. Save signature with the "Canned response" menu

  4. Use the "Canned Response" menu each time you want to use the signature and you are not sitting in front of your own PC.

    Following two steps describe how to automatically insert the signature when composing email / replying.

  5. Install firefox plugin Wisestamp and click "Edit Signature". Now (this is important step), select all and drag the content of the Gmail editor (the created signature) to the Wisestamp HTML-editor.

    Note! If you do not drag the content, but instead create the signature in Wisestamp it will not display correctly. The recipient will then have to click the "Download images" or "Allow images" in order to see the signature images.

  6. Now every time you use Gmail + Firefox + Wisestamp The email-signature is inserted automatically in each email you send and guess what, the recipient does not need to press "Download images" or " Display images below".
Note! this is tested on Gmail/GApps, Hotmail and Outlook 2007 in march 2010. Receipients that use some version of the Firefox addin  "Better Gmail" may see file icons instead of embedded images.
Follow wedran on Twitter
Twitter Facebook Facebook Digg Digg Facebook