This afternoon I received spams from fellow colleagues at work from their gmail account. Emails went to both my personal gmail account and to my work accounts. It looks like the emails are in the sent items, which is rather worrying as it means the spammer sent mail from the account rather than forging the headers to make it look like it came from the account. I know for a fact that the password was secure on at least one of the accounts so a weak password is not the culprit. A quick (ironic) google search shows that several people are twittering this in the past couple of hours (mine came in at 3.43pm (and I had another at 7.30pm).
Google’s standard answer is to change your password, which doesn’t really help when there is obviously a back door that is letting people into the account in the first place. The solutions provided are as follows:
If your account has been compromised/hacked/stolen you will need to check at least all of the following things:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and secondary e-mail address]
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it’s disabled and empty]
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]
Keeping account secure: https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account: https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
If your account is compromised: http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Ciao is also reporting similar issues today.
It would be interesting to see if any of the compromised accounts were on the Google Apps servers as this probably has greater repercussions for Google’s business model as people will trust Google even less. It will certainly raise questions at work on Monday as to whether we would recommend moving some clients to Google Apps. Even if you haven’t been hacked (check your sent items, filters and your frequent contacts for spam messages) I would still highly recommend you change your password NOW and ensure it is a complicated, non-dictionary based one.
Thanks to Digging into WordPress (a blog I’ve just started reading), it’s possible to easily remove the WordPress version from the header information on a WordPress site. This (slightly) helps security in that the version of wordpress is no longer transmitted to the web browser. It would be nice if this was a toggle switch in WordPress’s admin panel though.
To implement the change, just edit the functions.php file in the Theme and add the following line.
remove_action ('wp_head', 'wp_generator');
One thing to watch is that if you upgrade your theme this change is likely to be undone. I’ve actually created a draft post in WP where I keep my theme changes listed so that they appear in the dashboard and I have a record of what changes are made to the design.
On another theme related post, I have now enabled comments on all the posts on the blog as I had issues where posts that had the enable discussion enabled were not allowing comments to be made on them. Hopefully akismet will continue to do a good job of trapping the spam. I didn’t get any help from the WordPress Support forums so this was my workaround.
The blackberry is rapidly becoming my thirdparty authentication tool – the ability to run programs on it to generate secure passwords is very handy – I have another post on this coming up shortly.
So Microsoft update a patch today to do with Adobe flash player and I quote “Caveats: This bulletin is for customers using Macromedia Flash Player version 6 from Adobe. Customers that have followed the guidance in Adobe Security Bulletin APSB06-11, issued September 12, 2006, are not at risk from these vulnerabilities. Vulnerable versions of Macromedia Flash Player from Adobe are redistributed with Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, and Microsoft Windows XP Professional x64 Edition.”
Now XP sp3 has only been out a couple of weeks, if that, Adobe released their bulletin in September 2006 so how on earth is WindowsXP sp3 vulnerable – surely flash should have been updated in the xpsp3 release! This seems to make a mockery of the security focus that Microsoft are meant to be working hard on and coming on the heels of the recent snafu’s with Windows updates and genuine advantage, it’s no wonder people are not very happy with patching.