FAIL indeed.

To the nay sayers — when Google launched its LeavingLotus campaign, many highlighted Notes problems — and reasons to move from older versions etc. When most of the UI frustrations have been associated with older versions of Notes.

In this case, the post IS just highlighting what Google is not – a 100% guaranteed stable service. The market perception surely tells us that Google is GOD.

We can’t be blind to this…Hotmail, Google or any other public service. Keep it UP!!

I was impressed with eBay recently due to the fact that they were able to detect ‘my normal network’ vs ‘what I logged in’ from when I about to post something for sale.

I understand the issues with ‘cloud’. However, it is unfair to just remain quiet about a significant hack attempt within the Google cloud. 20K is a public figure, not the actual amount.

Mashable highlighted it. I only referenced their post.

My fear lies with the fact that you shouldn’t mix consumer with enterprise requirements. Like you mentioned, ‘habits of the user’ is the main problem here.

The way I behave with my personal gmail account is definitely not the way I deal with my IBM account.

The point was to highlight that there IS a choice and a choice worth considering (according to the industry analyst reviews).

This post is attracting considerable traffic and it was written to spark a discussion. This is a 2 way discussion. Certainly not Bilal’s monologue.

Thanks again for your insight. Appreciated.

http://news.bbc.co.uk/2/hi/technology/8292928.stm

Is your contention that Google’s security is undermined by its success? Do you believe that minority players who are less juicy targets are safe from phishing? If so, how do you support that belief in the face of spear phishing attacks?

Scammers target individual companies these days. There is no security through obscurity.

I don’t see how the original blog post is justified unless iNotes or LotusLive have somehow eliminated phishing altogether. If they have, then the world is an unexpectedly better place today.

Assuming they haven’t (and I’d love to be wrong), I’m left with the impression that the point of the post was that the story will add to a negative PERCEPTION of the incumbent providers that could be exploited by ignoring the fact that human weakness was at fault. While this may be defensible from a “we want to make sales” point of view, it’s not what I’d call objective truth.

I’m not here to promote Google or denigrate IBM. I’m just arguing that the tone and content of this post doesn’t seem to me to jive with the harsh realities of security in a wired world.

http://arstechnica.com/old/content/2006/07/7237.ars

Bad people want your data, pure and simple.

You don’t pick the dark alley in the worst neighborhood to park your car, and you certainly don’t choose a service that is under attack constantly. Lately, Google hasn’t been as stable as it claims to be.

Specially when you are talking about enterprise accounts. Standards are higher in this segment.

Are you saying that LotusLive is the choice to make because you have minimal market share now and aren’t planning on doing better? If it took off, you’d become the target, and the more users, the more dumb people, and the greater chance that something like this phishing scam could hit that many users. Out of the millions of GMail, Yahoo, & Hotmail accounts, 20k got compromised. That doesn’t seem too bad too me when you figure it had EVERYTHING to do with the people, and virtually NOTHING to do with the provider. Again, I think you make some good points on being safe and what to do. I don’t agree with your analysis that the problem lies within these particular clouds. The problem lies within the habits of the users.

“Back to my point, if you want to rely on cloud for confidential data, make sure that you are relying on a service that can provide you with a peace of mind around security, price and reliability.”

Scenerio does suck and my point for posting this was to make people realize that Google isn’t the only choice and it certainly isn’t the safest. Google is typically attributed for better than industry standard for web services.

I wasn’t surprised by Hotmail’s attack but Google.

I’m sure someone’s gotta be able to figure out when over 20K of the accounts are being accessed within a short period of time from a similar IP range?

Google should’ve been proactive about detecting a hack pattern. They didn’t because they have a bigger plate to focus on. Consumer/Enterprise etc.

I still haven’t had to deal with trojans or viruses on my PC computer in over a decade or more. But does that help with the Apple’s marketing? Ofcourse.

Not defending Microsoft but same point.

(http://www.tgdaily.com/content/view/43267/108/) He was using Gmail.

How, exactly, is this anything other than a bunch of people getting fooled into giving away one or more sets of login credentials? How is iNotes immune if it’s accessible over the internet? How is any service that’s not locked inside a firewall immune?

Also, I seem to recall that the Twitter CEO’s problem was using the same password for multiple services. This is exactly the OPPOSITE of the problem you seem to be trying to tie to OpenID/Facebook Connect: once the WEAKEST service is compromised, every other service where the person used the same name and password is as good as got. The idea with centralized authentication is having one well-protected and user-recognized place to enter credentials instead of having dozens.

The technology surrounding most of these authentication and login systems is strong (strong encryption from browser to server, expert design of internal controls to protect user data, etc.). The human is the weak link (phishing, weak password choice, credential reuse, etc.).

The issue revolves around bad passwords, link clicking and other forms of attempts to get into accounts.

I did a screencast today on registration, the UI and what to expect on LotusLive iNotes.
http://www.IdoNotes.com/IdoNotes/IdoNotes.nsf/dx/IdoNotesEpisode67.htm

There are measures in place in our solution which emphasize ‘security’. I can’t go into specifics but enough work has been done to avoid situations like phishing, security policies are more aligned with in-house data storages etc.

No solution will ever be 100% safe. However, as a consumer, if you are paying for a service, you do need to consider these factors.

There is nothing misleading here. ;)If Google can spin their LeavingLotus activity, heck, I know we can do a better job to highlight our success and strong points.

IBM is known for our strong security architecture. Heck, maybe we have been focused on that aspect alone for little *too* long. I can assure you that we just didn’t load up a Webmail server and launched the service.

Great points though and that was the point of whole post.