Mmmmmm
Not much use if you use TOR is it
Google has updated Gmail with new code designed to alert you when it suspects your account has been compromised. This alert may be triggered, for instance, when a login appears to come from one country just a few hours after a login from another country. In July of last year, Google began posting information about account log- …
I just played with TOR to provoke the warning, but nothing happened. The account activity page says I connected from Canada, Germany, France and Switzerland. One session apparently is open from "Canada". No warning whatsoever. Or is Canada on a list of unsupecting countries ??
Chinese spooks would never use TOR, would they ?
If they see you're using the same browser, even from different countries, they'll probably assume you're the same person. Clearing all of those pesky tracking cookies google uses between attempts could provoke the warning. Not that I have any idea how they're actually doing it, but cookies would be an easy way to ignore people traveling with a laptop.
I also noted that Google mail sets a Flash Cookie. Apparently not all the time. Check this page (rightmost tab) on what they store about you in Flash Cookies:
http://www.macromedia.com/support/documentation/de/flashplayer/help/settings_manager07.html#117717
Mine's the one with the Habit Tracking Handbook.
where (unless I misunderstand it) you don't know geographically where your exit point is (could be the same country and hence no alert) try using a proxy who's location you know.
When I get home I'll try this using hidemyass.com which will make it look like I'm in Texas.
Clear cookies, log in from London IP addy.
Clear cookies, log in from Texan IP
Clear cookies, log in from London IP.
Check for alerts.
Mr. Criminal, we've noticed that you accessed this gmail account from Nigeria. We find it suspicious that this account was accessed from Nigeria right after we allowed you to email the account holder about your desire to smuggle money out of your kingdom. We would like to notify you that in future, when you compromise an account, that you should do so using a proxy server that looks like it is coming from the same region as the account holder. You can get this information by looking at the header of the email after your mark replies to your scam. By the way, here are the login locations of the user for your perusal. Now you have multiple IP addresses with which you can target for additional gullibility attacks. Have a pleasant day and do no evil.
So if someone breaks into my account, will they also see the alert? And will there be a method to acknowledge the alert?
That way, by the time I already get in, the hackers will have socially engineered Google's suspicious login bot to think that everything is OK.
I'd like to see them include an option for the MAC addresses. I would actually trust that more than cookies, which could be copied or counterfeited.
However, I still feel like the #1 problem with ALL email is spam, and the #1 feature I want is a better tool to make war on the spammers. Something like SpamCop on steroids to track down the various forms of involvement, with the potential power of Google threatening the supporters of spam. I'd be glad to donate a bit of my time and my human intelligence, such as it is, to help nail the spammers. After all, we spam-haters vastly outnumber the fools who feed the spamming animals, and the spammers can't hide from us without hiding from their own fools.
On the other hand, the prevalence of nasty phishing spam in Gmail is additional evidence of how evil Google is becoming. Lots of the spam is abusing the reputations of legitimate companies. I'm just waiting to see a real Disney ad running next to the fake Disney movies scam targeted at children... That would be a screen shot worth a thousand words about the evil of spam.
(I though the Register had an icon for spam? Anyway, the hand grenade scatters fewer fragments than the spammers do.)
doesn't seem to be concerned that my recent activity log indicates that I IMAP'd 9 minutes ago from Nigeria (mobile gprs, my physical location) and 7 minutes ago from US, POP3'd 1 minute ago from US (my pc; funny, whois correctly gets that 'US' IP as my German satellite provider), and via Browser 0 minutes ago from UK (http proxy on my pc). Didn't bother to wipe cookies on phone or pc, but historical evidence of a connection doesn't mean it is valid.
can't wait for them to implement the "we have auto-disabled your account" feature based on this....
I welcome this. The system will be trained and improved to accommodate unusual people, but the vast majority of people access from one country, except for holiday trips.
I mostly read my mail after downloading it, so I go online mainly to check my list of spam for messages that may not be spam. It would be nice to be able to opt to have an email sent to another address when there's access from outside my country.
I think a lot of us are in danger of taking Google's free service for granted. I don't think many people would be happy to go back to the email service from their broadband provider or consider that more secure.