Saturday, June 14, 2014

Netiquette IQ - A Gmail Flaw All Users Should Know of Recetly Occurred



By Mark Prigg from The Daily Mail
==============================================


A massive security flaw in Google's Gmail service that could have been used to extract millions of addresses has been revealed. The flaw was only found when an Israeli security researchers raised the alarm with Google. The search giant said the flaw has now been fixed - and paid the researcher for his tip.
The newly revealed flaw could have been used to capture the email address of every user of Google's mail service.
HOW IT WORKS
The exploit uses a sharing feature of Gmail that allows a user to 'delegate' access to their account.
By tweaking the web address, Hafif found it was possible to reveal a random user's email address. By automating the character changes with a piece of software called DirBuster, he was able to collect 37,000 Gmail addresses in about two hours.
Oren Hafif says the trick would not have exposed passwords or otherwise allowed easy access to those accounts, but could have left users vulnerable to spam, phishing or password-guessing attacks.
'I bruteforced a token in a Gmail URL to extract all of the email addresses hosted on Google,' he revealed in a blog this week.
'I could have done this potentially endlessly,' says Hafif, a Tel Aviv, Israel-based penetration tester for security firm Trustwave, told Wired.
'I have every reason to believe every Gmail address could have been mined.' The exploit wouldn’t have just affected personal users of Gmail, Hafif said, but also every business that uses Google to hosts its email, including even Google itself.
The exploit uses a sharing feature of Gmail that allows a user to “delegate” access to their account. By tweaking the web address, Hafif found it was possible to reveal a random user's email address. By automating the character changes with a piece of software called DirBuster, he was able to collect 37,000 Gmail addresses in about two hours. Hafif says it took Google another month after his report to fix the bug.
The company initially declined to pay him under its bug bounty program for rewarding hackers who expose and help fix its security flaws. But it later relented and paid him $500. A Google spokesman confirms that the company patched Hafif’s email-stealing bug and paid him a reward for his help, but declined to respond to requests for further comment.
Hafif also admitted he has no idea if the flaw had been used.
'We’ll never know,' he said.
+++++++++++++++++++++++++++++++
Remember you can subscribe to receiving
notifications when new blogs are posted:
http://netiquetteiq.blogspot.com/feeds/posts/default
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
=======================================

Netiquette IQ Security Alert for Mozilla Products


Below is a new security update via US-CERT.




National Cyber Awareness System:
06/13/2014 05:30 PM EDT

Original release date: June 13, 2014
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code, cause a denial of service, or conduct clickjacking attacks.
The following updates are available:
  • Firefox 30
  • Firefox ESR 24.6
  • Thunderbird 24.6
  • Netscape Portable Runtime 4.10.6
Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime to determine which updates should be applied.
+++++++++++++++++++++++++++++++
Remember you can subscribe to receiving
notifications when new blogs are posted:
http://netiquetteiq.blogspot.com/feeds/posts/default
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
=======================================



Netiquette IQ Quote of The Day - Long Words Versus Short Words


Winston Churhill had many wonderful quotes, many of which are unforettable and inspirational. He seldom used long words but was an inspiration to his country.
++++++++++++++++++++++++++++++++++++++++++
"Short words are best, and the old words when short are the best of all." ~ Winston Churchill
+++++++++++++++++++++++++++++++
Remember you can subscribe to receiving
notifications when new blogs are posted:
http://netiquetteiq.blogspot.com/feeds/posts/default
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
=======================================

Friday, June 13, 2014

Netiquette 11 Core Profiles of Emails Which Can Be Overly Long - Via Netiquette IQ



Winston Churchill once said,

"This report, by its very length, defends itself against the risk of being read".

 All of us have had far too many of these! Just by their very presentation or composition, any email can almost immediately become simply too tedious to read and can be glossed over or abandoned. As a sender, once a point is made, the longer you continue the email, the greater risk you may express something in the wrong manner. So it is good email not to have any lengthy introduction until the intended topic is related. The following are catagoeis where senders most often become verbose:

Apologies
Job qualifications
Complaints
Anger ( be careful here! )
Bragging
Duplication of the same statement
Rambling sentences
Multiple subjects, often unrelated
Undeleted threads
Unnecessary details, particularly personal ones
Unwanted details, often not pertaining directly to the recipient

In conclusion, if a sender is careful of avoiding the above considerations, the likelihood of a well received correspondence will greatly increase.

+++++++++++++++++++++++++++++++
Remember you can subscribe to receiving
notifications when new blogs are posted:
http://netiquetteiq.blogspot.com/feeds/posts/default
===============================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
=======================================


Netiquette IQ Definition of The Day - Web We Want Campaign

Today's definition is one I am proud to present. The Internet is experiencing significant changes which have ofter been discussed in this blog. One ominous potential movement is the real possibility that free and equal band-width or even access will be available to all. Those of like mind should keep track of these developments and participate in the true spirit of the Internet's foundation.
========================================



The Web We Want Campaign is a  movement created by Sir Tim Berners-Lee that strives to ensure the same characteristics that fostered the Web’s success continue and that it reaches its potential as a tool for knowledge, democracy and freedom of expression.  (WhatIs.com) 
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
=======================================