The Net has been thundering over the last few days about a security issue at Google, and some users have reported receiving the following email:

Dear Google Docs user,

We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations but not spreadsheets.

To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.

We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.

The Google Docs Team

A lot of people are understandably critical of Google.  But the reality is that systems built like this are doomed to suffer security breaches for three reasons:

  • There is often little ‘engineering’ in ‘software engineering’.  People who design most of the world’s software are ‘software artists’ or ‘software developers’ and apply few, if any, engineering principles to the task.
  • Users of these services don’t demand — and often don’t desire — a high level of security.
  • The applications rely on a single layer of security.

But the purpose of this article is not to bash Google or software developers.  I’ve written software and I’ll be the first to admit that some of it was hacked together as fast as possible for the same reason lots of software is.  The vendors provide exactly what the market is asking for.  The real problem is us.

When it comes to computers, software and the Internet, we consumers are singing the famous Queen song, I want it all and I want it now. We want instant access to information from any computer. We want sharing it to be very easy. We want it virtually for free and it is never fast enough.  And we seldom consider security until something goes wrong.

For some information, security really doesn’t matter.  Most of my personal email falls into that category.  Sure, I’d prefer that others don’t read it, but reality is that the impact on me if they did would be really small.  I use Google Apps for two non-profits I’m involved with.  It’s free, reasonably reliable, and it’s not any less secure than using ISP email accounts. But, for other information, the security provided by Google Docs and other, similar services is woefully inadequate.

The problem is that security seldom is free and easy.  As long as we insist on being able to walk up to any computer, enter a username and password, and access our data, we will continue to see security breaches escalate.  Passwords are a very poor authentication mechanism and using them as the only line of security invites disaster.  But we continue to use them because they’re cheap and easy.

PayPal gets it, mostly because, in the financial world, poor authentication directly results in monetary loss.  If you’ve been following PayPal, you already know that they’re offering customers the ability to use their mobile phone or a (US)$5 authentication token to protect their account.  My guess is that PayPal has begun this as a voluntary measure in order to test it out and gain acceptance, and that they will make it mandatory at some point in the future, as well they should.

Some markets are different.  Medical, aeronotical, defence and financial software used by banks are noted exceptions.  Some security software is also very well designed.  But it’s because in those markets very bad things can happen when the software fails, so customers demand better solutions and are willing to pay for them.

The technology required to make file sharing like Google Docs highly secure has existed for more than a decade.  If we cared about security, our browsers would have the ability to encrypt and decrypt files built right in and we’d carry certificates and keys around on a smartcard or USB device.  When we wanted our documents, we’d plug in the card or device, use a certificate to authenticate to Google Docs and download the document. Then it would be automatically decrypted. If we cared, we’d use a product like the USB devices from MXI Security that can validate the user’s fingerprint right on the device before giving access. If we cared, we’d demand that Google and other software-as-a-service (SaS) providers apply sound engineering practices so that software bugs don’t result in security breaches.  And, if we really cared, we’d be willing to pay at least a bit more to get it.

But, for the most part, we don’t care.  And, until we do, these security breaches will continue.

Norton 360 3.0 for 2009 was officially launched late last week., featuring a host of updates and some notable new features.


‘The hallmark of the Norton 2009 product line’ officially requires ‘an average install of approximately one minute and uses less than 10 MB of memory’.

The latest version includes all of the performance and security enhancements of Norton Internet Security 2009, such as Norton Insight and pulse updates that result in intelligent scanning and the industry’s most frequent protection updates.

Norton 360 also includes Norton Safe Web, a Web site rating service designed to extend the suite’s protection to your ‘online experience’, including browsing, searching, shopping and interacting.

A one-year subscription to the product, which can be installed on up to three computers and includes 12 months of security updates, is priced at (US)$79.99. Get it at the Symantec online store or your favourite software source.

For full details on Norton 360 3.0, take the official tour at the Norton Web site.

Hundreds of Twitter accounts were hijacked this past weekend by a new cyber attack apparently aimed at twenty-something men.

The lure was a tweet encouraging users to chat with a 23 year old woman with a Web cam: “Hey! 23/Female. Come chat with me on my Web cam thingy here.” The tweet included a link to an Web site unconnected with Twitter.

But clicking on the link took unsuspecting Twitter users to a phishing site, as Rik Ferguson reported in his Trend Micro security blog…

Obviously we recommend against clicking on this link, it leads to a porn Web cam portal which looks to have been designed with credit card harvesting in mind. Affected users should change their password to a secure one as soon as possible (see today’s earlier blog entry for advice).

It is unclear how the mass compromise occured, although with Twitterers willingness to enter their Twitter username and password into any number of third-party Web sites offering Twitter related services, the opportunities for cybercrime are many.

Twitter got the problem under control in about two hours, reporting in their own blog that some 750 users had been effected and warning users to observe good password protection habits…

As a general reminder, keep in mind that strong passwords can help prevent hijacked accounts. Twitter offers a password strength indicator to help you choose a strong password when you sign up. If you want to change your password now you can do that here. Also, avoid sharing your password with folks or services you don’t feel you can trust.

…Which is good advice for anyone who belongs to any social networking community.

In an effort to rate the impact of twenty-first century technology on a sport that dates back to ancient Egypt, Geico (the insurance company with the erudite cockney lizard for a mascot) sponsored the first ever U.S. Professional Bowling Association (PBA) ‘Plastic Ball Championship’ earlier this year.

What was the catch? The participating bowlers had to use identical vintage balls.

According to the PBA, the rate at which amateur league bowlers are racking up perfect games has increased twenty-fold since 1980. And the PBA thought that was probably more attributable to advances in bowling ball technology than to overall increases in bowlers’ skill.

Apparently, today’s bowling balls are made from a very different material than those of the 1980s and before, and may have special cores that effect how they veer. About all that’s the same as it was 30 years ago is that the balls are still the same size and still must weigh ten pounds.

The net effect is, the new balls actually grip the alley floor better to roll truer and remain out of the gutter when hooking more drastically.

So, who won the tourney?

Not one of the old school seniors who grew up with the vintage balls, as you might expect. No, Jeff Carter, described by the PBA as a ‘contemporary power player’, took home the (US)$180,000 prize. He told reporters afterwards, “I just put my [usual] game into slow motion and went from there.”

It wasn’t long ago that major cell phone service providers gave handsets away if you were willing to tie yourself into a long enough contract with them.

Late last year, several European cell phone providers turned tail on the notion of the few phone or for handset upgrade, all of a sudden waxing environmentally responsible and showing a new respect for their users’ budgets. They actually gave subscribers a break on service plan renewals if they kept their old phones rather than upgrading.

That’s all well and good. But, now, digital gadget giant Acer, in its infinite wisdom, has pointed out that, of the 4+ billion people worldwide who use cell phones, only about 200 million of them — roughly five per cent — use smart phones. Add to that the ‘pessimistic’ prediction within the cell industry that smart phone sales will grow at only about 15 per cent per year over the next five years.

So… How does Acer propose to encourage people to upgrade to smart phones?

Why, give the phones away, of course!

From a manufacturer’s perspective, the wholesale cost of a phone handset is the only barrier to service providers offering creative promotions. Acer’s goal is to drive the factory door price of smart handsets low enough that cell service providers will be able to build ‘free handset’ service packages around them and still make money.

With that in mind, Acer announced this week that it will introduce not one but eight inexpensive smart phones through this year, in pairs, starting this month.

Two of those phones, scheduled to come out this October, “will be free after subsidy by the [service] operator,” the head of Acer’s Smart Handheld Business Group, Aymar de Lencquesaing, told reporters Cebit trade show in Hanover, Germany, earlier this week.

Most of us are familiar with the hard-sell Gillette commercials for its five-blade Fusion razor. They hired not one, not two but three sports stars to sell other men on the proposition that five blades are better than three, in open defiance of the notion they previously spend millions to promote, that three blades were better than two.

Well, three blades will cost you 50 per cent more than two and five will cost at least 50 per cent more than three. And, if the promotional campaign is successful, Gillette’s profits will continue to soar.

Oddly, the same razors are available in a functionally-identical women’s version, albeit with fancier ‘comfort strip’ features, at even fancier prices. But Gillette and other personal products makers know that women will always pay more for things that make them feel good and more attractive. They also know that women won’t change blades nearly as often as men, another reason Gillette needs more cash per blade from women.

Now that we’ve provided a primer in Gillette marketing techniques, allow us to introduce their latest gimmick: The Gillette Fusion Gamer.


Not content with bombarding people who actually play sports like golf, baseball and tennis with their Fusion message, Gillette has created a version of the five-blade razor for computer gamers. And, yes, the company has recruited animated versions of the same three sports stars to sell it.

What makes the Fusion Gamer different from other Fusion razors? Well… There’s a new colour scheme for the handle and a new, glitzy package.

And that’s about it.

For the full-effect, animated Web promotion, visit the Gillette Web site and select ‘Fusion Gamer’ under the ‘Products’ tab. Gals may get a giggle out of it and most guys under 30 — especially those who embrace the stubbly look —  really should visit the ‘How To Shave’ tab.

Just one closing observation about Gillette’s marketing research prowess: How many hard-core guy gamers do you know who shave regularly?

If the name Sanford Wallace is familiar to you, you’ve probably been following the Web-wide spam scene for a while.

Wallace is a notorious offender, sometimes referred to as ‘The Spam King’, who has made a fortune spamming in spite of being caught several times and fined hundreds of million of dollars for breaches of the U.S. CAN-SPAM Act. He’s a bona fide pioneer in the spam industry with a career that reportedly dates back to the early 1990s.


Now, he’s been banned from Facebook. Not just a Facebook ban, though. The popular social networking site took Wallace to court this week and got an injunction against him and two other spammers who had been salting Facebook comment ‘Walls’ with links to nasty Web sites which, among other illegal things, sought to steal visitors’ Facebook login IDs and passwords.

The temporary restraining order against Wallace, Adam Arzoomanian and Scott Shaw, bars them from accessing Facebook’s network.

In an interesting illustration of how specialized and professional spammers have become, Wallace the the others were found to have been redirecting Facebook users with their tactics, but the Web sites to which users were sent were run by others — who were paying the spammers to generate traffic for their cyber crime operations.

Spammers, phishers and other classes of cyber crooks have been focusing with increasing intent on Facebook, MySpace and other social networking communities over the past year. As we reported earlier this week, Facebook, particularly, has been hit recently by a succession of rogue applications designed to steal users personal information.

Some inventions are amazing and iconic because of their tremendous contribution to humanity. The steam engine revolutionized transportation. Penicillin cured the previously incurable. The telephone forever changed how we communicate.

But other inventions are amazing and iconic because of their stupidity. The Ford Edsel was one of the biggest failures in the history of American business. Tobacco kills more than five million people a year. And don’t forget the amusingly dumb motorcycle seat belt…

Then, there are some inventions that are amazing and iconic because they’re just plain evil.

Ruyan, a Chinese company, recently introduced the V8. Not to be confused with the American vegetable drink of the same name (which wouldn’t be so bad if they’d actually put some identifiable vegetables in there with all the salt), the Ruyan V8 is an allegedly ‘safe’ cigarette alternative which releases a nicotine-infused mist without all the tar and other poisons that actual smoking deposits in a tobacco user’s body.

Sure, The V8 might be less harmful than smoking a burning cigarette but that’s just a smoke screen. It’s like the corner drug dealer pushing heroin because it’s safer than crack.

It’s really no surprise that this is coming from China. They can’t keep toxic lead out of baby toys and melamine out of formula. So, why not export these electronic cigarettes in hopes of not only up-selling current smokers to a more expensive product while also luring new customers on the premise that it’s ‘safe’?

Nicotine is highly addictive and harmful. No matter what the slimy Chinese drug dealers say. And no matter how sophisticated the twenty-first century technology they may use to veil the truth.

Google, Yahoo!, Microsoft and AOL are among the Internet giants backing a new set of interactive advertising privacy guidelines for targeted online advertising services that track users’ browsing activities in an effort to identify individuals when they visit targeted ad-equipped sites and then serve each visitor ads the system deems of specific interest to them.

According to the Interactive Advertising Bureau, custodian of the program, the privacy guidelines are, “designed to ensure users’ control over the use of personal information by interactive media and advertisers while at the same time guaranteeing continued improvement in the delivery of relevant marketing communications to consumers.”

“Research shows consumers value free Internet services highly and prefer advertising that is relevant to their interests, but want guarantees that their personally identifiable information won’t be misused,” Randall Rothenberg, President and CEO of the IAB said in a statement.

Among the chief provisions of the Good Practice Principles are requirements that online firms using targeted advertising systems inform visitors to their Web sites that their actions are being tracked and that visitors, once informed, be allowed to opt out of the tracking program.

“IAB’s principles are an important first step in the creation of stronger industry self regulatory programs,” said Dave Morgan, Executive Vice President, Global Advertising Strategy of AOL and Co-Chair of the Task Force that developed the principles. “We believe that all existing and future types of interactive advertising should fit within these criteria and we will move swiftly towards promulgating more granular best practices based on this document.”

Which, in English, means that the interactive advertising industry’s movers and shakers are dedicated to heading off potential regulatory or legal issues internally, before governments or the courts get involved in settling  actual disputes and start to exert external controls on what the Internet companies can and cannot do.

Version 3.0.7 of the popular Firefox Web browser, released yesterday, fixes some security issues and is more stable than its immediate predecessor, according to the official launch advisory.


The advisory rates the patch as ‘critical’…

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The engineers note that the browser engine in Firefox is also shared by the Thunderbird email client which could also be vulnerable to some of the same security flaws when encountering Javascript in emails.

Current users may have their updates already, thanks to the Firefox updating service. Check the ‘Help’ tab in your top of window menu for a selection that lets you ‘Install Downloaded Update Now…’. Or just let the update install itself automatically the next time you start up Firefox.

We’ve heard, recently, about shocking reverses of fortune in the consumer electronics sector — massive layoffs and restructuring by previously unassailable industry giants such as Sony and cell phone giants such as Motorola.

But, now, the bad news is spreading to the computer industry, where economic think tank Gartner Group is predicting a huge decline in sales this year.

A recent Gartner report says worldwide personal computer sales can be expected to drop by 12 per cent this year, over last. It’s even more shocking compared to the annual increases in overall portable and desktop PC sales of at least ten per cent registered over each of the last three years.

“The PC industry is facing extraordinary conditions as the global economy continues to weaken, users stretch PC lifetimes and PC suppliers grow increasingly cautious,” Gartner Research Director George Shiffler said, in a statement.

On the bright side, the portable PC sector is expected to show modest gains — about nine per cent overall — perpetuating a trend away from desktops toward portables of all descriptions that began a couple of years ago.

One niche market which is expected to show phenomenal growth is so-called netbooks — mini mobile portables selling for under (US)$400. Sales of these stripped-down minis are expected to grow by as much as 80 per cent worldwide this year, largely because their affordable price will make them a viable alternative to pricier, full-featured notebooks.

Alas for the PC industry, netbooks are expected to make up a mere 8 per cent of overall worldwide personal computer sales this year.

You may have caught our recent exposé on Apple’s iPhone Apps store, the one in which a PinchMedia survey revealed that the vast majority of iPhone apps downloaded by users are abandoned within 24 hours of being installed.

In the interests of balanced journalism, we now present what some consider the most useful iPhone app yet devised: The Pizza Calculator, created by Jonah Burlingame, Dan Wassink and Tom Westerlund.

As the official Pizza Calculator Web site explains:

Pizza is a universally loved food. And we often order it for groups because it is such a crowd-pleaser. But few things get messier than trying to order pizzas for a group. Notice how many people shrink away from the placing the order – and who could blame them?

But with the Pizza Calculator on your iPhone or iPod Touch you will eagerly take on the task of determining who wants what toppings and how many pizzas to order? This handy application simply takes in each person’s desired toppings and calculates how many pizzas of which size and with what proportion of toppings need to be ordered.

The calculator lets you choose from 30 of the most popular toppings (i.e.- virtually all of the most popular toppings) and optimizes your order to ensure everyone on your guest list gets enough while minimizing leftovers.

But leftovers may not be a huge problem for some. I vividly  recall being told, by my family doctor, that it’s healthier to have a piece of leftover pizza for breakfast than it is to have cereal, toast and fruit. You need the protien and carbs with which pizza is loaded to fuel yourself optimally heading into the most active part of your day. Nope that she recommends just as strongly that you not include the beer or soda you might normally consume with pizza in your morning-after ‘encore’.