Dropbox users report spam emails amidst fears of data breach

Dropbox users are reporting receiving spam messages through the unique email addresses associated with their accounts on the file hosting service. The issue is a particular cause for concern given Dropbox’s high-profile security More »

Why IT security pros can be scarier than the ‘bad guys’

I thought I harbored a healthy amount of paranoia before I went to this week’s RSA Conference for IT security professionals in San Francisco. But now I’m just plain scared—and not about hackers More »

OruxMaps Lets You Go as Far as Your Mapmaking Skill Takes You

OruxMaps Donate, a mobile app from Jose Vazquez, is available for US$2.62 at Google Play. Have you ever considered becoming a cartographer? It’s not as hard as you might think. I’ve been More »

Facebook testing new Timeline design

Facebook is testing a series of changes to the current Timeline design. (Credit: Screenshot by Lance Whitney/CNET) Facebook users may be in store for some design tweaks to their Timelines. The popular More »

Using Google Gmail SMTP Server for Toshiba eStudio copier/MFD scan to email function

 

I have been asked this question a few times and I decided to post the solution. Using a Gmail account with a Toshiba eStudio’s scan to email function is easy..

First, log into your Toshiba eStudio copier, go to Administration, then to Network.

First off, you have to select DNS, enable it if its disabled and set the DNS to point to Google’s DNS and then set the appropriate SMTP Client Settings. The login and password should be one of your user Gmail accounts and password.

 

DNS Session

Enable DNS: Enable

Primary DNS Server Address: 8.8.8.8 “This is Google’s DNS”

Secondary DNS Server Address: 8.8.4.4 “This is Google’s DNS”

 

SMTP Client

Enable SMTP Client: Enable

Enable SSL: Accept all certificates without CA

SSL/TLS: STARTTLS

SMTP Server Address: smtp.gmail.com

POP Before SMTP Disable

Authentication: Plain

Login Name: your-google-account-name@gmail.com

Password: “your Gmail account password”

Maximum Email / InternetFax Size: 30 MB

Port Number: 587 or 465 “whichever port that works”

SMTP Client Connection Timeout(1-180): 30 Seconds “Only if you have this option”

 

Joe Lovrek

Dropbox users report spam emails amidst fears of data breach

Dropbox users are reporting receiving spam messages through the unique email addresses associated with their accounts on the file hosting service. The issue is a particular cause for concern given Dropbox’s high-profile security breach last year.

The issue was first raised by user Forrest F, who asked in Dropbox’s support forum why the company had leaked or given out his email address. 

“I have an internal to my company email address that I used for Dropbox only and I am getting the same fake Paypal scam emails. This has been happening since about Monday,” explained another user.


Since then, more users have stepped forward claiming that they were also receiving spam emails in the dedicated email addresses they created for their Dropbox subscriptions.

The initial response from Dropbox is that this might be yet more fallout from the 2012 security breach and that it is investigating the matter. The company said it doesn’t believe the spam emails are the result of a new data breach, but said it “remains vigilant given the recent wave of security incidents at other tech companies.”

Why IT security pros can be scarier than the ‘bad guys’

I thought I harbored a healthy amount of paranoia before I went to this week’s RSA Conference for IT security professionals in San Francisco. But now I’m just plain scared—and not about hackers and phishers, the perennial bogeymen of the Internet underground.

No, the people who scare me even more are the security professionals who work for big business. They want my online data, your online data, everyone’s online data. And they want it more than even the bad guys who make headlines.

Big business isn’t evil incarnate, and the companies clamoring for our data aren’t the agents of destruction who would steal our identities for profit or erase our family photos just for kicks. But to the business leaders at e-commerce sites, social networks, and even banks, online privacy is something that must be managed at best, and mitigated at worse.

It’s an annoyance that must be dealt with. It’s something that gets in their way.

They want our data so they can track us, categorize us, and use what they know about us to sell us something—or sell what they know about us to someone else. Or, as Trevor Hughes, the President and CEO of the International Association for Privacy Professionals (IAPP), told me directly, “Your data is the currency of the information economy.”

And our online activity is minting more money all the time.

Our data is hard currency

It took just one shocking hour at the RSA conference to destroy every naive hope I might have had about online privacy. Hughes spoke to a large audience of IT professionals tasked with managing customer and user data, and named what he considered to be the hot-button privacy issues of the year: location data, facial recognition, and Do Not Track, among others. He also touched on more sweeping topics like federal regulations and public policy.

IAPP
“Your data is the currency of the new information economy,” said Trevor Hughes, of the IAPP.

I was intensely interested in all of these issues as an active, web-surfing individual, but I also quickly realized that the other attendees in the room looked at these issues from the other side—from the perspective of their companies, which gather customer data and use it for business opportunity.

Their job is not to worry about protecting our privacy, but to worry about navigating privacy regulations, and protecting themselves from lawsuits and fines. One thorny example Hughes cited was the mobile privacy guidelines paper released by the California Attorney General’s office earlier this year, to supplement the California Online Privacy Protection Act (COPPA). In a message accompanying the guidelines, Attorney General Kamala Harris encouraged mobile app developers to adopt a “‘surprise minimization’ approach…to alert users and give them control over data practices that are not related to an app’s basic functionality or that involve sensitive information.” Easier said than done on the small screens of mobile platforms, said Hughes: “That user interface is incredibly limited.”

Your location, your activity, your face: all fair game

Hughes also delved into issues surrounding “contextualization”—using your online data to customize “content” (read: advertisements) to your browsing habits and personal demographics. Obviously, contextualization is already a widespread (and profitable) business tool, as anyone who’s experienced targeted ads on Google already knows.

The data set used for contextualization is diving ever deeper, though. “Context will put the debate on targeted ads on steroids,” Hughes told the crowd. “Not only are we going to have the sensitivity of where you’ve been online, but where you are in the world, and what you are doing and thinking.”

Oh, but it gets better. Facial recognition, anyone? You can tell your friends not to tag you in their photos all you want, but that’s small potatoes.

“We will see the anonymity of crowds dissipate,” Hughes said, predicting that photos taken by other people, or by cameras installed in public places, will be used to find you wherever you are. Remember the Where’s Waldo? children’s books, where you had to find Waldo among huge crowds in famous places around the world? Who knew that the happy, wool-capped Waldo would be the harbinger of privacy problems to come.

Do not track me… please?

When the Obama Administration introduced its Consumer Privacy Bill of Rights in February, 2012, the bill cited “privacy-enhancing technologies such as the ‘Do Not Track’ mechanism” as safeguards against many of the tactics that Hughes’ audiences members would like to preserve. Choose not to be tracked, and web sites wouldn’t be able to collect information about you. It’s the ultimate protection, right? No, think again.

“Do Not Track is a very, very complicated and challenging issue,” Hughes said. Indeed, there’s no standard implementation for data tracking from browser to browser, and that’s an inconvenient truth for anyone who would need to implement Federal policy (which hasn’t yet been passed). But for Hughes, the real problem for privacy professionals is, “how do you switch it off or maintain it switched-off.”

Yes, you heard right: Do Not Track would be just another hoop that big business needs to jump through—or circumvent entirely.

Unfortunately, for now, businesses that want to track our data don’t even have to worry about the technical vagaries of Do Not Track. “None of this has the force of law yet,” said Hughes. “Without the ability of regulators to enforce, we may not have any enforcement at all. Do Not Track may not have any consequences.”

You can see where this is heading. And Hughes confirmed as much: “Some organizations have come out and said they will ignore Do Not Track.”

Giving away your online data—willingly

Unless you’re some sort of virtual exhibitionist who actually wants to sacrifice online privacy for fun and profit, data tracking should scare you. But it’s also important to remember that the basic operating principles of our open Internet—an Internet where very expensive content is given away for free—require a certain amount of data sacrifice.

Indeed, if you want all the complex, nuanced benefits of social sharing, you have to actually share yourself. And you’re probably already doing this, sacrificing your data quite willingly.

Ted Schlein, of venture capital firm Kleiner Perkins Caufield Byers, brought up this paradox while speaking at a cybersecurity session at RSA. “People kind of care about privacy, and then they don’t,” he said. “Facebook has a conversation about a new privacy policy, people get excited about it, and then Zuckerberg says something, and they calm down.”

Oez/Shutterstock

He’s right, of course. Periodic privacy imbroglios haven’t slowed the popularity of social networking sites, photo-sharing sites, and apps like Foursquare, even though all of these services gather information about us in order to grow revenue. Pinterest was recently valued at $2.5 billion—not because it’s making any money, but because its users are enthusiastically pinning products to their pages, making them ripe for retail sales pitches. Their data is the currency.

Big business is working over-time to collect data about us, and the more time we spend online, the more opportunities we give them to do so. So in the end, I wonder whether it’s scarier that businesses are collecting our data, or that we’re so willingly letting them do it.