I saw this quite official looking opportunity to import yahoo contacts into my Hotmail account, I do not have a yahoo account but I wanted to check out what kind of transfer process they were going to initiate between yahoo and hotmail. Now I have seen this done before with OAuth, and with this technique you are basically redirected to the target site where you can safely put in your credentials. However with this process I was redirected to another site that seems to be under the auspices of TrueSwitch.

 

Now I have nothing personal against TrueSwitch, but I do wonder why would I trust any third party with not just one email and password but two. It begs the question why would Hotmail, a trusted name and brand, need to go to a third party for this kind of transfer when they have proven that they can use OAuth to fulfill this kind of information transfer.

I can only assume that TrueSwitch is providing additional services that the OAuth process does not cater to (may be the Email history, who knows), either way there is zero chance of me using this kind of service when I have to give over the keys to the email kingdom.

This is my final rant about transferring online information I promise, I just want to see a trusted standard implemented that does not encourage and involve password sharing!

 

 

Related Links:

• How OAuth helps us all!
• Social Networks - Who do you trust?

The recent stir in high profile security issues has got me real paranoid about my computer habits. Trying to secure myself from the marauding hordes of criminal hackers has always been a cat and mouse game. I just try to make sure that I have as much information as possible.

The issue of spam is still a really big one, most of the time I get about 20-30 unsolicited mail, mostly harmless, but once in a while I get a piece of mail that gets past my safe guards and makes me worried for all my friends that are little less cautious than I am.

So here are my golden rules for spam detection ... be suspicious if the email sent to you is not able to identify you by first and last name (or maybe your login ID). There should be sufficient hints in the email that let you know that the company emailing you knows enough about you to warrant your trust. For example every email that I get from PayPal has my full name in the email. So I feel d less suspicious that this is a random spamming campaign. When an email begins "Dear <youremail>," then this is a clear indication that I should treat the contents with a healthy dose  of skepticism.

So I recently received an email from "NatWest" the bank, not the real one of course. Some unscrupulous rascal attempting to masquerading as NatWest.

 

Of course they wanted my banking details account numbers, PIN even my credit card information. Thankfully there has been significant adoption of layered security which allows you to setup additional personal questions, and there are some sites that allow you to select personalized pictures that make your login experience uniquely identifiable.

So I noticed that when I open up the phishing site in FireFox 3, I got no indication that it was a spoof site (as above). However, IE immediately let me know that the website was really a poorly disguised phishing attack (below) and warned me to go no further. I am not sure what mechanism keeps track of phishing sites but FireFox was a little slow on this one.

Banks never want you to update security information by email and in fact go to great lengths to only use emails for account related alerts and\or marketing. The easy to use golden rule I have established for my wife and I is to always use our predefined browser favorites to browse to our financial\sensitive information. If there is a legitimate need to ask me to update my details it will have to start and end at our favorites list.

DISCLAIMER: Please do not follow any of the links in the images I show, I am quite certain that are meant to hurt honest hard working people like you and me. Also due to the nature of the post I feel the need to reiterate that all the content I post on my site constitutes my own opinion and is not a reflection of my employer or any of their policies.

I just noticed that I am getting more space on my Gmail account (6 Gig) and while I am grateful I am wondering what percentage of the account totals people actually use. As you can see I am just about touching 4% and that is after several years of use.

Now if I could use my left over space in a SkyDrive like fashion i.e. being able upload files for storage, I believe that the additional space would be actually useful.

How much Gmail space are you using?