Internet Explorer 8 – Does Not Remember Password

Problem: Internet Explorer 8 won’t remember the user’s password information for a website

Symptoms:

User starts IE8, types in “salesforce” in the address bar, which automatically brings him to to Salesforce.com. He clicks on the Login link, enters his Username and Password, checks off the box that says “Remember User Name”, and goes about his work. Afterwards, he closes out IE8 and then reopens it later on. He proceeds to Salesforce.com again, but it takes him to the login page and prompts for the password (User Name field is already populated). It should remember his password and log him in automatically.

Solution:

I added salesforce.com to the list of websites to be always allowed to use cookies (in the Per Site Privacy Actions in the Privacy tab of Internet Options). The change did not work. Next, I tried deleting all browsing history and made sure the “Preserve Favorites website data” was checked off (Press the Delete button under Internet Options –> General Tab –> Browsing history) and the “Delete browsing history on exit” option was NOT checked off . This too, did not work.

What did work was deleting all the salesforce.com bookmarks from the user’s Favorites!

Spyware On Every Android (And Possibly Blackberry) Phone Out There

Per Gizmodo – Spyware on every Android (and possibly Blackberry and Nokia) phone out there…

If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside…

Carrier IQ’s software is installed in your phone at the deepest level. You don’t know it’s there. You are never warned this is happening. You can’t opt-in and you certainly can’t opt-out.

The commercial spyware sits between the user and the applications in the phone so, no matter how secure and private your apps are, the spyware intercepts anything you do. From your location to your web browsing addresses and passwords to the content of your text messages.

This even happens using a private Wi-Fi connection instead of the carrier 3G or 4G connection.

Read more on Gizmodo –> Your Android Phone Is Secretly Recording Everything You Do.

ID Theft – And So It Begins…

I’ve written about ID theft before. Never thought I’d experience it, first hand. But I guess it’s bound to happen to everyone, the way they’re hacking nowadays. Found out yesterday, some wonderful slime ball walked into an Apple Store last week, used my SS# and driver’s license# to open a couple of AT&T Mobile Wireless lines, in my name. He also bought a couple of iPhones but paid in cash. I found out because I received a bill from AT&T for the two lines, along with two Welcome packets, thanking me for choosing AT&T.

I’ve never been an AT&T Wireless customer, nor have I ever been in an Apple Store [until today].

Based on the info that was used, I kinda got the feeling some financial institution I deal with had their servers hacked, and info stolen.

HuffPost – Texas Exposes Private Records: State Accidentally Releases 3.5 Million Personal Records

NYT-China Tightens Censorship of Electronic Communications

Obama Eyeing Internet ID for Americans – Tech Talk – CBS News

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

If it weren’t for the Wikileaks debacle (nice security there guys!), the fact that government programs can’t be financed properly (Social Security, Medicare, the Postal Service!), I’d say ok, let’s give it a try. But not with this government. Me no trusty.

But they say:

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.

Yeah right. But ultimately, we won’t have much of a choice if you want to do business online.

Read more…Obama Eyeing Internet ID for Americans – Tech Talk – CBS News.

Computerworld – Microsoft Cloud Service Hit With Data Breach

Get used to it. Moving things to the “Cloud” is becoming more popular. So will the data breaches…

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

Read more…Microsoft BPOS cloud service hit with data breach – Computerworld.

Beware of Wi-Fi Hotspots – Easy password stealing FF extension

From TechCrunch:

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.

Read more: Extension Lets You Hack Into Twitter, Facebook Accounts Easily.

EFF – Facebook Tries to Make Violations of Terms of Use Into Criminal Violations

I used to be afraid of Google. Now, I’m more afraid of Facebook.

The Electronic Frontier Foundation (EFF) is urging a federal judge to dismiss Facebook’s claims that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites.

In a lawsuit against Power Ventures, Facebook claims that Power’s tool violates criminal law because Facebook’s terms of service ban users from accessing their information through “automatic means.”

Accessing information through automatic means is nothing new. Google Reader aggregates feeds from different sites. Seesmic can aggregate your social information from Twitter and Facebook and put it all in one place. Using Facebook’s argument, using something like Seesmic would constitute a criminal violation.

Read more at EFF Seeks to Protect Innovation for Social Network Users | Electronic Frontier Foundation.

Fake PayPal Phishing E-Mail

Spam. We all get them. Some come with attachements that are just viruses or trojans. Some come from folks in Nigeria who want to give us $2000 cash. Some purportedly come from financial institutions looking to verify your info. What we need to remember is that NO bank, NO credit card company, NO financial institution will ever send you an email asking you to click on an embedded link to verify your info. Below is a typical example of such a spam message (one I actually received today). I will also show you how easy it is to spot that it’s a fake.

It apparently came from PayPal. Specifically, security at PayPal.

This message is actually very believable. No misspellings like the usual spam. They even give you a “Reference Number” that looks official. But what you will notice is, if you hover over the link they want you to click (without actually clicking on it), you will see the actual address the link points to. In this case, even though the link says “www.paypal.com”, in the status bar you can see that it actually goes to www.pacificliv.com. If you actually click on the link, you will be brought to a site where you will asked to enter in your paypal credentials. And THAT’S how they get your info and steal your identity. The method is called “phishing”.  It works by basically sending out mass emails to addresses harvested from newgroups, forums, blogs, etc. From the millions of emails that are sent out, some unsuspecting recipients will bite. So be vigilant. Don’t fall for these scams. Never email you info. And when in doubt, simply CALL your financial institution and speak with a customer service representative, directly.