A vulnerability has been recently exploited which allows a hacker to compromise and infiltrate your GMail session’s authentication. This vulnerability affects users on public wireless networks in particular. Though the GMail team did make a solution for this, not many people are aware of it.

It is extremely important to change this setting within your GMail account, especially if you access your mail from public networks.

Go into your GMail settings. On the very bottom of the first page, you will see the setting “Browser connection” with the options

• Always use https
• Don’t always use https

Choose the “Always use https” option. This forces GMail to always use its secure http server while you are accessing your mail. Otherwise, a hacker could gain your session ID and then be able to get into your account.

I’m not sure why GMail is not making a bigger deal about this, but regardless, you need to update this setting immediately to protect your account.

A side note: If your GMail password is a number combination or dictionary word, or some other non-secure password, a hacker bot is going through and compromising these accounts to send spam as a vacation responder. See my previous post. Be sure and change it to something with both capital and lowercase letters, numbers, and preferably a symbol or two as well.

Recently one of my clients faced an issue where all email sent to him would be automatically responded to with the following message:

hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large
trading company from china,which is an agent of all the well-known
digital product factories,and facing to both
wholesalers,retailsalers,and personal customer all over the world.
They export all kinds of digital products and offer most competitive
and reasonable price and high quality goods for our clients,so i think
we you make a big profit if we do business with them.And they promise
they will provide the best after-sales-service.In my opinion we can
make a trial order to test that.
Look forward to your early reply!

Further, he would also receive the same email from himself after anybody wrote to him.

All the forums and blogs I looked at to try and fix this indicated that it was a virus on the local computer, which it is not. So, I will tell you what really happened and how to resolve it properly.

Since I had just entirely reformatted my client’s computer and put on a brand new antivirus, and since scanning the computer several times before I reformatted it did not find anything, I was fairly confident that it was not a virus installed on the machine. Then, when I read that people using Mac were encountering the exact same issue, my suspicions were confirmed.

So here’s what really causes this. If you have a very insecure password (e.g. a dictionary word), there is a bot that will break your password and insert the quoted text above into both 1) Your email Signature, and 2) Your vacation responder. This way, even if you use an email client (like my client did), the vacation responder will still apply and be responded to all incoming email. I believe the bot is affecting both GMail and MSN/Hotmail accounts as of right now.

Here’s how to fix it.

• Change your password to something secure.
  No less than 8-10 characters, always use numbers AND letters of both cases. A few symbols make it even better. For example, “shopping” is a terrible password because all a bot has to do is run through every word in the dictionary and it will break right into your email. Try something a little more like g8xQr?aR. I guarantee it’s going to be a heck of a lot more difficult to break that.
• Remove your vacation responder and signature.
  You’ll need to log in to the web-based version of your Gmail/MSN/Hotmail account to do this, even if you normally use an email client like Outlook or Mail.app. Go to your email settings and clear out all that junk that the bot vomited in there.
• Update your email client to use the new password.
  Don’t forget to update your email client to use your new email password or you’ll be whining about how that doesn’t work now too.

And, that’s it! No virus running on your computer (at least not causing this one), no malicious hackers sending an email every time you send one…just a little bot that took advantage of your poorly made password. Well, at least now you know for next time.

I finally got around to emailing 1&1 about the latest set of domains I want to cancel (and they want to not let me cancel), and got a response from them.

Thank you for contacting us.

As we checked the Domain Names, we can see that you have initiated a Domain Cancellation Request but this was not activated, we now need to escalate the case so that the request can be processed.

You will then updated via email when this has been processed.

If you have any further questions please do not hesitate to contact us.

At any rate, hopefully their response to my problems will be better than their English.

As you probably already know, I’ve had my fair share of headaches with 1&1 Internet. If you haven’t yet seen my previous posts, be sure and take a look at 1&1 Internet Sucks!!!, followed by 1&1 Status Update #1 and 1&1 Sitation – Conclusion.

Well, at any rate, last month I tried to cancel a few more domains that are set to renew soon. Using my discoveries from last time, I headed over to 1&1’s Hidden Secret Package Cancellation Website and canceled the three domains I don’t want to renew with 1&1.
Yet again, 1&1 claimed that they would send me a confirmation email to finalize the cancellation process. Now that over a month has passed, I still haven’t gotten any email, and there’s nothing in my messages folder in my 1&1 control panel either.

Since I really don’t feel like being charged for these domains when they auto-renew even though I just canceled them, I’m going to be calling up and dealing with 1&1’s “support team” to try and resolve this. Rest assured that I’ll be keeping you posted.

Last night I received a response back from 1&1 tech support saying that they were going to finally cancel my domain.

Dear Chris DeMarco, (Customer ID: [hidden] )

Thank you for contacting us.

I have set the domain name safenetsurfer.com to cancel. You should see
the refund on the next invoice/statement.

If you have any further questions please do not hesitate to contact us.

I found it funny that they wouldn’t just do this in the first place, but at any rate, I got an invoice this morning showing the refund for the domain. Finally, this issue is resolved. Overall, I definitely could have been more impressed, and probably will move away from 1&1 as my domains need to be renewed. At any rate, they did resolve the situation and as far as I can tell, things are good for now.

On Wednesday, April 16th, shortly after publishing my blog entry discussing my problems with 1&1 Internet, I wrote an email to the company’s complaint department. I explained my situation and directed them to the blog entry, found here.

To whom it may concern:

Proceeding my unsuccessful phone conversation with a 1&1 representative earlier today, I have written a blog entry regarding this and previous problems I have encountered with 1&1 service. It can be found at this address: http://www.thecbranch.com/2008/04/16/11-internet-sucks/

I have still not had the domain safenetsurfer.com cancelled and refunded, which is what I sought to accomplish this morning. I cancelled the domain several months ago, and am still being charged for it. I would like to see the domain cancelled and my money refunded as soon as is possible. Unfortunately, should this not happen, I will be forced to be honest in future blog entries on the status of this issue.

My customer ID number is [hidden].

Thank you in advance for your attention with this matter. I will look forward to publishing future blog entries regarding this issue, hopefully with a more positive tone.

So, as promised, I am publishing updates to the situation as new developments arise.

I received an email just a few minutes ago from 1&1 tech support.

Dear Chris DeMarco, (Customer ID: [hidden] )

Thank you for contacting us.

I have looked into the account regarding this matter. The reason for
the domain name safenetsurfer.com not being canceled is due to the
cancellation not being activated. Please activate the cancellation
link which sent to the email address on the account and also a message
is sent to your account which can be viewed through the 1and1 control
panel. Once the cancellation has been activated, I will refund the
account regarding this matter.

If you have any further questions please do not hesitate to contact us.

So, I again searched my email for any possible activation links, but again was unsuccessful. However, now that I was made aware that I have a “messages” section on my control panel, I headed there expecting to find a link which I could use to verify my cancellation of the domain.

As you can see from this screenshot, there were no messages in the folder.

So, I have responded to the email from 1&1 as follows:

Thank you for your response. Unfortunately, I never received an email containing any notice of the cancellation or any such activation links. Furthermore, when I looked in my “messages” folder on my 1and1 control panel, I discovered that it was empty, as you can see from this screenshot.

At this point there is nothing further I can do, so I will await your response so that we can resolve this issue. Thank you in advance.

Regards,

Chris DeMarco

Obviously, I’m not too thrilled with their response to this. I’ll keep you posted when I get another response.