Share This

Wednesday, 13 January 2010

Yahoo sides with Google over China cyber attack

Yahoo sides with Google over China cyber attack
By Hibah Yousuf, staff reporterJanuary 13, 2010: 1:35 PM ET

NEW YORK (CNNMoney.com) -- Yahoo Inc. gave its support to rival Google Inc. Wednesday, denouncing an alleged cyber attack originating in China against Google's network infrastructure.

"We condemn any attempts to infiltrate company networks to obtain user information," a Yahoo representative said in an e-mail statement. "We stand aligned with Google that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as Internet pioneers must all oppose."

Google said late Tuesday that the attack's primary goal was to access Gmail accounts of Chinese human rights activists. The company said that the incident, as well as Chinese censorship rules, could force it to shut down its operations in China, which includes Google.cn.

The search giant's ongoing investigation suggests the attack targeted at least twenty other large companies from a variety of industries. Neither Yahoo (YHOO, Fortune 500) nor Google (GOOG, Fortune 500) revealed whether Yahoo was among the victims.

"Yahoo does not generally disclose that type of information, but we take security very seriously and we take appropriate action in the event of any kind of breach," Yahoo said.

Microsoft (MSFT, Fortune 500), which launched a Chinese version of its search engine Bing in June, said that the company has "no indication that any of our mail properties have been compromised."
0:00 /3:04Yahoo eyes Chinese expansion

In 2005, Yahoo sold its business in China to Alibaba.com, China's largest e-commerce company. Yahoo maintains a 39% financial stake in the company but Yahoo no longer has "operational control or day-to-day management over the Yahoo! China business," according to a Yahoo spokeswoman.

Google did not have any response to Yahoo's statement.

Google Turns on Gmail Encryption to Protect Wi-Fi Users

Google Turns on Gmail Encryption to Protect Wi-Fi Users

google_logoGoogle is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.

The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.

All Gmail users will now default to using HTTPS, the secure, encrypted method for communicating with a remote server, for their entire e-mail sessions, not just for log-in. Session-long HTTPS has been an official option for Gmail users since 2008 (and unofficial for much longer), but Google says it hesitated turning it on for all since the encryption does slow down the service.

“Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,” Gmail Engineering Director Sam Schillace wrote in the Gmail blog.

This option often wasn’t necessary when people used fixed and trusted connections, such as their home or office DSL or cable lines. But as Wi-Fi connections, especially public ones, became more popular, hackers began using simple sniffing software to snoop on people’s online activities with the goal of stealing passwords.

Still, the switch doesn’t encrypt e-mail — it simply encrypts the communications in transit between Google’s servers and a user’s computer — the same as when you use your bank’s website. E-mails sent to other people are transmitted in the clear as they have always been. True encrypted e-mail can only be read by the sender and receiver, regardless of how they move across the internet.

For those whose schools or workplaces routinely monitor employee or student internet usage, the change also shields their e-mails from the IT department.

A coalition of privacy and security experts called on Google publicly to make the change last June, saying that Google was putting millions of people at risk by not using encryption as the default for their cloud computing services.

Users who find the service slows them down or determine that it’s overkill for their needs can turn the HTTPS off in their account settings.

Rival free e-mail from Yahoo and Microsoft do not use HTTPS throughout their sessions, nor do social networking sites or other so-called cloud-computing services.

Instead, most of those services use the secure HTTPS protocol only for logging in, and fall back to unencrypted browsing thereafter. Failing to use HTTPS full-time increases one’s vulnerability to a host of nasty hack attacks when using an open or badly secured network, particularly a public Wi-Fi spot.

America's Financial Illiteracy

America's Financial Illiteracy
Thomas F. Cooley, 01.13.10, 12:01 AM EST
Protecting consumers in the confusing world of modern finance.

One of the common elements of the regulatory reform proposals being crafted by the House and Senate is that both propose to create a Consumer Financial Protection Agency (CFPA). Although there has been concerted opposition to the creation of a new bureaucracy, there is certainly some logic to the idea of consolidating existing consumer protection functions in one agency. Currently, responsibility for consumer protection is scattered across several existing regulatory bodies, and as a consequence the task has fallen between the cracks. Authority for enforcement is in the hands of at least 11 agencies. Each one has responsibility for only a subgroup of financial firms, and their mandates partly conflict. Among the agencies, the Federal Trade Commission (FTC) is unique in having consumer protection on the list of its primary mandates.

There can be no doubt that many consumers have been battered by bad decisions that they made about mortgages, credit card debt, auto loans and so on. And there is no doubt that some of these bad decisions were driven by unscrupulous business practices and that alarms should have been raised about certain lending practices that drove the increase in household leverage.

Our recent experience raises a legitimate and interesting question--what exactly is the role of the government in protecting people from their own bad decisions? It is important to bear in mind that for 30 years we have been in the midst of a major social transformation in which responsibility for risk management has shifted to individuals. In the past, the government and employers often made financial decisions for households, for example by providing health insurance, defined benefit retirement plans and social security; now households are on their own more than ever. We can't just shrug off the problem because if many individuals make bad financial decisions, it creates a negative externality.

Many of the most important decisions consumers make in their lifetimes involve financial products: a mortgage to purchase a home, a loan to purchase an automobile, credit to make a large durable purchase, investments for retirement and insurance to keep one's family secure. All of these financial products have become increasingly complex over time and there is a much wider range of product options offered by different providers, making decision-making more complicated. Consumers need to be financially literate in order to make well-informed choices about such complex products. A growing body of evidence suggests that many consumers lack the knowledge they need to evaluate and make decisions about financial instruments.

So, what should we do and how should the CFPA address this? We don't want a CFPA that limits innovation in financial products--it shouldn't be modeled after the FDA, which requires that products be safe and effective before being allowed into the marketplace. We certainly want the CFPA to monitor abusive practices and raise warnings when they occur. Although as I noted in an earlier column, lobbyists have been hard at work limiting the impact of the CFPA. One result is that House bill H.R. 3126 exempts all of the following entities from regulation by the CFPA: automobile dealers who provide financing; any person regulated by the Securities and Exchange Commission; any person regulated by a state insurance regulator; smaller banks and credit unions (those with $10 billion or less in assets); brokers and agents for mortgage, title and credit insurance; real estate brokers and agents; attorneys; and most retailers. The Senate proposal has fewer carve-outs but does exclude from CFPA regulation small banks and credit unions, merchants, retailers and other nonfinancial institutions that extend credit to consumers.

That suggests that the most important role for a CFPA may be to increase the public's financial literacy. The level of financial knowledge among U.S. households is shockingly low, and that fact is at odds with the trend of shifting risk management to households.

How bad is it? Two economists, Annamaria Lusardi and Olivia Mitchell, have been studying financial literacy and the effectiveness of efforts to promote it for many years. The results are not at all encouraging. To take just a few of their examples, they asked the following questions of a representative sample of Americans over the age of fifty:

1. Suppose you had $100 in a savings account and the interest rate was 2% per year. After five years how much do you think you would have in the account if you left the money to grow: more than $102, exactly $102, less than $102?

2. Imagine that the interest rate on your savings account was 1% per year and inflation was 2% per year. After one year would you be able to buy more than, exactly the same as or less than today with the money in this account?

3. Do you think that the following statement is true or false? "Buying a single company stock usually provides a safer return than a stock mutual fund."

Only 50% of respondents were able to answer the first two questions correctly and less than a third were able to answer all three. In a related study less than 18% of people surveyed were able to answer a simple two-period compound interest problem. This is pretty discouraging. Not surprisingly the extent of financial illiteracy differs with education, gender, race and age. Most efforts to improve financial literacy are not effective.

So what is to be done? One view is that we can improve welfare through the judicious choice of "default" options. For example, in the choice of mortgages or consumer credit plans, the default option could require financial service providers to include a "plain vanilla" product in their menu. This offering should be easy to understand even for the inexperienced customer. It would also serve as a point of reference in comparison to other products. Default options have to be prudently chosen, since consumers, especially those who are inexperienced, are likely to refrain from active choices.

There are a lot of unanswered questions about default options. Sweden, Mexico and Chile have accumulated experience with the use of default investment portfolios in retirement plans. So far the evidence suggests that the choice of default option can have a tremendous effect on retirement savings, but not always to good effect.

Clearly the best way to protect consumers is to educate them. As a society we don't seem to have figured out how to do that. It's time we did.

Thomas F. Cooley, the Paganelli-Bull professor of economics and the former dean of the NYU Stern School of Business, writes a weekly column for Forbes.