Re:

[gerryk]

Hi Niamh... I was unable to open the attached document. Unsure what a
webarchive is.
Nonetheless... as you may know, the Tunisian government performed
credential theft attacks against many wep services, GMail amongst
them.
Since GMail only started to enforce SSL recently, it must be assumed
that the compromise happened prior to this.
To mitigate this...

1. change all passwords, not just the compromised account. Complexity
is less important than length. Go for 12 characters +
2. If any other account or service shares passwords, change them too.
3. Circulate something amongst yourselves to direct the following...
always specify HTTPS when connecting, enter this in the address bar
rather than using a link or bookmark. This will alleviate all attacks
except key-loggers. For this reason, only connect using your own
computer, or one you know has not been tampered with.
4. Also, it is worth changing the 'security question' to be something
only you know... pets and maiden names are out, for obvious reasons. I
usually falsify the answer, so my mother's maiden name becomes, say,
'robert de niro'.

If I can be of any further help, please ask.
regards
Gerry

On Wed, Feb 2, 2011 at 11:15 AM, niamh moloughney
<freegaz...@gmail.com> wrote:
>
>
> I work with group internationally, we use gmail for most but we try to keep
> travel plans & boat purchases more private on hushmail.
> We work openly & transparently but we need to protect those involved as much
> as poss as we're all family people
> One of our group has been compromised - he's in Tunisia and this is report
> of his recent activity attached - which isn't him.
> all the best,
> nx
>
> On Wed, Feb 2, 2011 at 10:44 AM, gerryk <ger...@gmail.com> wrote:
>>
>> Hi Niamh... I'd be curious to know what leads you to believe your
>> email has been hacked?
>> Also, I'd be interested in knowing the answers to Kevin's questions,
>> along with a couple more...
>>
>> Do you use the same password for other services?
>> Do you or have you ever accessed your email in an internet cafe?
>>
>> best regards
>> Gerry
>>
>> On Wed, Feb 2, 2011 at 10:34 AM, Kevin Flanagan <kev.fl...@gmail.com>
>> wrote:
>> > Hey Niamh,
>> >
>> > I've forwarded this to the 091labs list.
>> > Can you give us some more detail.
>> > Do you use any particular service? Gmail, Yahoo, MSN ?
>> > What security measures have you taken already? Whats your password
>> > like it should be long with a mix of numbers and letters?
>> >
>> > Best
>> >
>> > Kevin
>> >
>> > On 2 February 2011 10:29, niamh moloughney <freegaz...@gmail.com>
>> > wrote:
>> >> Hello again - is there anyone on this list who could help stopping
>> >> emails
>> >> being hacked, any help much appreciated,
>> >> all the best,
>> >> Niamh
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Niamh Moloughney
>> >> Irish Free Gaza Movement Coordinator
>> >> 085-7747257/091 472279
>> >> www.freegaza.org
>> >> www.irishshiptogaza.org
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "Reset Ireland" group.
>> >>
>> >> To post to this group, send email to ResetI...@googlegroups.com
>> >> To unsubscribe from this group, send email to
>> >> ResetIreland...@googlegroups.com
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/ResetIreland?hl=en
>> >>
>> >> Also see
>> >>
>> >> http://www.resetireland.com
>> >> http://www.twitter.com/resetireland
>> >>
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Reset Ireland" group.
>>
>> To post to this group, send email to ResetI...@googlegroups.com
>> To unsubscribe from this group, send email to
>> ResetIreland...@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/ResetIreland?hl=en
>>
>> Also see
>>
>> http://www.resetireland.com
>> http://www.twitter.com/resetireland
>
>
>
> --
> Niamh Moloughney
> Irish Free Gaza Movement Coordinator
> 085-7747257/091 472279
> www.freegaza.org
> www.irishshiptogaza.org
>
>
>
> --
> Niamh Moloughney
> Irish Free Gaza Movement Coordinator
> 085-7747257/091 472279
> www.freegaza.org
> www.irishshiptogaza.org
>

[gerryk]

Heh... yeah, either he gets around a lot, or it's been hacked alright :)

To clarify on point 3. HTTPS is basically an encrypted web connection.
It is end-to-end encrypted using strong encryption, and is
authenticated using digitally signed certificates, meaning that if you
connect to a server, that certificate has to be signed by an
authorised signatory, and can't just be manufactured, or the browser
will complain.
To use HTTPS when connecting to gmail, for instance, you would enter
the following into the address bar...

https://gmail.com/

This specifies beyond doubt that the connection will be encrypted.
It is also important to examine the cert, if you're in any doubt. You
can do this by clicking the little lock that appears in the browser.
It is most important that you do this when using a system that is not
100% trusted... internet cafe, public wifi, etc, as there is a
potential for what is called a 'man in the middle' attack, where the
browser has been told to accept certs from others than the official
signatories. Basically, if you examine the cert and find that it is
not signed by, say Verisign, or other trusted root Certificate
Authority (lists of these are available), then don't use the
connection.

Another good idea is to specify the DNS servers in your network
connection rather than accepting whatever is told to you by whatever
network you connect to. This prevent the possibility of any number of
DNS attacks... name spoofing, cache poisoning and so on. Good, trusted
name servers would include Google (8.8.8.8, 8.8.4.4) and OpenDNS
(208.67.222.222, 208.67.220.220).

Also, using Tor adds another layer of obfuscation for anyone trying to
intercept traffic. A Tor client on your laptop basically creates an
encrypted tunnel which hops randomly through a number of routers, each
one obfuscating the previous hops, thus making it very difficult to
determine the source of traffic. You can also configure Tor to exit
anywhere you like (that an exit node exists) which gives sites you
connect to the impression that you are in another country.

lots for you to digest...
regards
Gerry

On Wed, Feb 2, 2011 at 11:37 AM, niamh moloughney
<freegaz...@gmail.com> wrote:
> Thanks Gerry,
> Can you explain 3, not sure what HTTPS is?
> Here's report in docs.
> nx

[Danny O' Connor]

Hi Niamh,

Using SSL, the traffic will be encrypted between you and Google ( i.e. nobody but you and Google can see the contents of the mail ) but it will still be unencrypted on Google's servers, it might be overkill, but If you're worried about the security of your email on Google servers, you could encrypt your actual message contents as well using Mozilla Thunderbird.

There's an article outlining the issues/process here:

http://news.cnet.com/8301-30685_3-10434684-264.html

Hope that helps,
Danny.