Author Archives: Jessica Sullivan

About Jessica Sullivan

Web developer and social media hobbiest who loves tech, gadgets, dance, music, acting, cats and motorcycles. • View Jessica's LinkedIn Profile • What lies behind you and what lies before you are tiny matters compared to what lies within you." – Ralph Waldo Emerson

Oops! Was Your GMail Password Leaked?

GMail Envelope Logo
5 Million GMail Passwords Leaked in Russian Bitcoin Forum, credit: Cairo on Flickr
Today, it was reported that a Russian Bitcoin Forum was the location of a massive leak of approximately 5 million GMail usernames and passwords. The list was reportedly posted on Tuesday, according to Russian site, CNews. According to the poster of the list, approximately 60% of the accounts were still accurate.

However, the “leak” appears to be a list of passwords that were phished and scammed from users over a length of time, and many may have already been updated or the accounts themselves are long since inactive and/or suspended.

The leak also includes account information from Yandex, the largest Russian search engine.

According to Google and Yandex via CNews, their systems have not been compromised, hence the theory that the list of accounts were from various phishing attempts over time. If you’re not certain and want to be safe, it is best to change your password. Changing any and all account passwords on a regular basis is always a good idea and security practice.

A site, https://isleaked.com/en.php, is using the leaked list and running a search of it to find potentially compromised accounts. You can enter your GMail address into the form, and it will search. If you do not want to enter your email address, you can enter portions of the address and it will search for similar patterns. For example, entering du****7**gmail.com will match any email address with those characters that might be on the list.

USB Security Flaw Exploits Functionality

USB Devices
Credit: Tasha Chawner, foryoudesigns on Flickr
From Wired and Gizmodo, word is circulating that the very design and functionality of USB devices has created a fundamental security loophole.

Security researchers Karsten Nohl and Jakob Lell are presenting their findings at the BlackHat conference in early August. They have found a way to reverse engineer the very firmware that controls communication between the USB device (your mouse, your keyboard, that flash drive your latest business contact gave you with their resume) and the computer it is plugged into. They were able to install malware into this firmware that is undetectable and undeletable. Using this method, they were able to take complete control of a computer the device was connected to.

You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean… [But these] problems can’t be patched. We’re exploiting the very way that USB is designed. – Karsten Nohl (source: Wired/Gizmodo)

It’s also possible for a clean USB device to be plugged into an infected computer, and be infected as a result.

Nohl and Lell are torn whether to release the code they were able to develop to BlackHat at this time because of the damage it can cause. With all the malware that is possible, this delivery method makes it possible to take over any part of a computer or even mobile devices that connect via USB. It can be used to spy on internet traffic, phone calls, reroute through malicious websites, trace emails, record and transmit passwords, just about anything.

The only known method of avoiding infection is to “treat USB devices like hypodermic needles that can’t be shared among users,” according to Nohl. However, this is largely inconvenient and against the very model of how USB was supposed to work.

Additionally, there was the issue of NSA spying revealed by Edward Snowden earlier this year. University of Pennsylvania computer science professor Matt Blaze states, “I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue.”

Today’s Google Doodle

This Venn diagram illustrates that bats are mammals that have wings.
Mammals ∩ Has Wings = Bats
Credit: google.com
August 4th is the birthday of logician and philosopher John Venn, best known for introducing the Venn diagram. A Venn diagram is a graphical representation illustrating multiple groups and their relationships to one another. Many internet memes have been made using a Venn diagram to illustrate funny and sometimes serious topics in the world.

Today, Google created a Doodle to illustrate Venn diagrams with simple equations and cute drawings as a way to pay homage to the man who created them. It even gives a little shoutout to Chris Hadfield, a Canadian astronaut who used social media to educate the world about space through YouTube and Twitter, and best known for his international space station rendition of David Bowie’s “Space Oddity”.

Visit http://www.google.com/doodles for more fun, cute and worldly Doodles featured on Google’s homepage throughout the years. And, if you’re in grade school, you can even Doodle 4 Google and have your design featured as Google’s logo for a day.

A Kindle Fire… Phone?

Amazon Fire Phone Home Screen showing grid layout of apps
Amazon Fire Phone, photo credit: pcmag.com
That’s right. Amazon has made phone. It’s called, not surprisingly, the Fire Phone. It’s only available through AT&T. However, considering how exclusive devices only last so long, I can see this eventually being ported to other service providers.

At the same time, I’ve been looking over the reviews. CNN calls it “a shopping device that makes calls”. They weren’t impressed with it as a standalone device compared to others beyond the fact that it has great shopping options for Amazon products and stores. c|net  said it “failed to ignite”. There are the cool 3D graphics, fresh looking OS, top-notch one-handed operation, and great Amazon service integration, but it has  a less extensive app store, disappointing battery life, and a sluggish performance. The pros don’t stand high enough above the cons to make this a premium phone. And engadget says, “wait for the sequel”.

For me, my personal pet peeve is the lack of expandable memory, something that keeps me Android loyal and away from Apple. My Samsung Galaxy has a MicroSD slot that makes migrating media and adding more space really convenient. Sure, you can get cloud storage like Dropbox and ZipCloud, but it doesn’t have Google Drive, and cloud storage is useless if you have a bad signal. Add to that the fact that I don’t have to get a new device to get more local storage, and I’m not moving off Android any time soon.

The user reviews seem to be pretty balanced. Some positives are the Amazon integration, getting Kindle books easily on their device, and Amazon Prime availability. The Dynamic Perspective is creating a sensation, but the gimmick of it seems to be wearing off pretty fast. But, the battery life, lack of Google apps, and the price point seem to be major complaints. One user even complained that it ran hot, which, to them, was a funny coincidence for the name.

One good thing, though, is their SDK marketing. Check out the product page for the phone. Check out the features. There’s a link right there in the feature descriptions that takes you over to their developer site where you can snag your own SDK and start making apps. And judging by some of the apps already available, it looks like people have been on the SDK bandwagon for a while already. You can get the phone and already download a large selection of apps just for your device, if you have the memory space.

All in all, if I were looking for a new phone at this time, my research is telling me to move on.

Crystal Realm Designs welcomes TheRealmOnline.org

Long Island, NYCrystal Realm Designs is pleased to welcome TheRealmOnline.org as a client and announce their newly redesigned website.

TheRealmOnline.org is a new site for news and reviews on various pop-culture topics including conventions, television, social media and technology. Reviews for books, movies, video games and television shows, as well as travel recommendations for events, are part of the regular publications this site provides.

Check out their site today to see our latest work.

We’re Bouncing with Excitement

Long Island, NYCrystal Realm Designs has just welcomed a new client, and we couldn’t stop bouncing.

Bounce ‘N’ Fun party rentals are the big draw for your next event. Your kids can enjoy hours of fun with their bounce houses and inflatable slides. Based on Long Island, they service families all over Suffolk County, NY. Check out their selection of fun rental options for your child’s next party.

Bounce on in!

Heartbleed. Is It Bad? Oh, Yes… Yes, It Is.

Heartbleed is a massive security flaw in the OpenSSL toolkit.
Heartbleed is a massive security flaw in the OpenSSL toolkit. It is untraceable and allows hackers to impersonate security certificates.

So, by now you’ve probably heard of this horrible vulnerability in the OpenSSL encryption technology. According to Wikipedia:

OpenSSL is  an open-source implementation of the SSL and TLS protocols.

The OpenSSL website bills it as:

a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) andTransport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

But what about security?

Recently, a flaw was discovered in the toolkit that allowed for massive exploits, and basically left everything wide open and untraceable. Naturally, this sent the Internet community into a frenzy of changing passwords and updating code and trying to patch vulnerabilities.

Patching isn’t the only issue here. Current certificates that had been issued under the unpatched versions still exist, and now comes the dilemma of revoking and reissuing all those certificates. In fact, because of this little problem, some experts are even advising against changing your passwords right away because they still have the very real possibility of being hijacked all over again.

There is also the problem of knowing who was affected and who wasn’t. Not all websites use OpenSSL as their encryption toolkit. Many do because it is open source and free, but there are still plenty who paid and use other toolkits to secure their sites. You don’t have to change every single password you use, only the ones on the affected sites. Several locations have compiled long lists of affected sites that you can scroll through to check for ones you use, but others, like security firm LastPass, have set up online checkers that look at specific websites for you and let you know if they have the bugged OpenSSL on them.

In the end, it really just shows that paying attention to your records like credit reports, changing passwords often, using complex and secure passwords, and all those other internet safety tips have real meaning. Always be safe because you’re less likely to be sorry.