A passionate programmer’s findings in the world of internet.

Email Security Issues

Thursday, August 6th, 2009


Photo by Mzelle Biscotte

It all started with an notification on top of my Gmail account, asking me to reconfirm my secondary email account, which is my Yahoo Mail. The notification reminds me of the news of a Twitter employee got his Gmail account hacked:

About a month ago, a hacker was able to access a Twitter employee's personal email account, according to a blog post by Twitter cofounder Biz Stone. Once there, the hacker struck the mother lode: access to the employee's Google Apps account, which contained Docs, Calendars and other Google Apps that Twitter uses for sharing notes, spreadsheets, ideas, financial details and so on.

If you didn't follow the story, the hack happened through Gmail's password recovery procedure, which sends password recovery information to the user's secondary email, which is an expired hotmail account:

At Hotmail, Hacker Croll again attempted the password recovery procedure - making an educated guess of what the username would be based on what he already knew. This is the point where the chain of trust broke down, as the attacker discovered that the account specified as a secondary for Gmail, and hosted at Hotmail was no longer active. This is due to a policy at Hotmail where old and dormant accounts are removed and recycled. He registered the account, re-requested the password recovery feature at Gmail and within a few moments had access to the personal Gmail account of a Twitter employee. The first domino had fallen.

In fact, not only Gmail, but all email services has similar recovery process. Most of the time, things like this has to be learned the hard way. All free email accounts expire if you don't log in after some time, approximately 3 months.

Let me continue with my story. So, I believe Google gave that notification to all users to make sure everyone had a valid secondary email account (after somebody got attacked, of course). I thought it might be a good idea to check my Yahoo Mail to see if the account is expired or not.

When I logged on to Yahoo Mail, Yahoo said they found some suspicious activities with my account and forces me to change my password! I changed it.

Then I was brought to my inbox, I was greeted by the name "Heather", and my profile picture shows a girl, a hot babe! All my information in profile was changed!

The first question was how does this "girl" broke into my Yahoo? Why she did not change the password? Does she have any bigger motive after hijacking my Yahoo Mail?

Immediately, I changed the secondary email of my Gmail. Suddenly, I felt the internet is so insecure. Anything could happen overnight.

My advice (conclusion) to everyone:

  • Probably backup is good. Lifehacker has got a good guide on Gmail backup.
  • Strong password is important. Alphanumeric + symbols. Best password is a combination of easy to remember, hard to guess. Using first characters of words in a sentence to create a password seems to be a good way.
  • Avoid using same password across different websites!

Can you afford to lose your main email account? How do you prevent that from happening?

Empty Gmail Inbox

Sunday, April 20th, 2008

Three weeks of hard work and I finally cleared my inbox, from 3,000 messages to 0 message. Maybe I'm not as effective as the problogger who took only a day to do it, still, I managed to clear it! Some of the mails in my mailbox dated year 2005. That was the last time I cleared everything. It even run out of storage at some time, luckily Google increased it.

All I did was to label each of the email with related Gmail labels (I have 20+ of them), then archive it.

If you are interested to do the same, Lifehacker has a good guide on this.

Other than my mailbox, I also just remove all icons and files from my desktop. I love empty desktop. Especially when I need to show it on a projector when I am doing a system demonstration.

I also had a paper tray that keeps all documents pending to be filed. Two hours of filing work yesterday, it is also empty now!

I feel good now. Hopefully I could keep them always empty after this.

Gmail Inbox Full? Purchase Storage!

Saturday, August 11th, 2007

I remember I wrote about my Gmail inbox was full last time. It is indeed full all the while. Just today, I see a big message on top of my Gmail inbox as soon as I logged on.

You are almost out of space for your Gmail account.
You can view our tips on reducing your email storage or purchase additional storage.

I would say the tip is generally useless as it's only teaching how to empty your trash. But, purchasing additional storage may be helpful if money is not a problem for you. The deal was quite good.

  • 6 GB ($20.00 per year)
  • 25 GB ($75.00 per year)
  • 100 GB ($250.00 per year)
  • 250 GB ($500.00 per year)

What do you think?

My Gmail Inbox is Full

Saturday, April 28th, 2007

You are currently using 2814 MB (98%) of your 2845 MB.

Will Google give me an exception? I really need more space. If you are not aware, Google disallows you to send emails when your Gmail space is almost full. I always need to delete messages before sending messages.

I hate it when I have finished a long urgent message and Google is giving me a "Your message could not be sent because you have exceeded your mail quota" message.

If Google really can't provide extra space, I really think they should provide the functionality for us to sort our message by attachment size. That's what I do when my Microsoft Outlook inbox is getting full.

Anyhow, Digital Inspiration has put up a very good article on this issue. These few tips had helped me a lot:

  • Search "has:attachment from:me" - With this, I can easily identify messages with attachments that I have forwarded to my friends. These messages are certainly duplicate information that shouldn't be kept.
  • Search "filename:jpg" - This returns a list of all emails with JPG attachments. You can use it for other file types.
  • Search "before:2006/01/01" - Combine this search with the previous 2 will help to identify older messages.

It takes slightly longer to fill up my Gmail now.

Accessing Gmail When Your Internet Connection Is Slow

Tuesday, July 11th, 2006

.. is really frustrating. I keep getting this message while loading and my gmail still don't load up after hours. The help provided is practically useless!


This seems to be taking longer than usual. Your session may have been interrupted. If your account doesn't appear in the next few seconds, please refresh this page in your browser.

If you continue to have trouble loading your account, please visit the help center for troubleshooting information.

After spending hours looking waiting and refreshing it, I still can't access it. Along the way, I also learned that it is not possible to load HTML version directly. You will be redirected automatically if they think you need it.

So, how am I suppose to check my gmail now?!

I go for Gmail Mobile. Though it's working, it's not nice to see all the unformatted text in browser. And, I found the HTML version link at the bottom!

Looking at the link, it's just as easy as adding a 'h' at the back of the typical gmail link.

Go here: HTML version of Gmail

Finally, I can check my gmail. Hope that helps if you had the problem like mine. By the way, if you have alternative ways (besides setting up Outlook), do suggest.