billso.com

Google Docs, the company’s online office suite, now lets people create and use templates. There are many examples already posted in Google’s template gallery, including invoices, resumes, invitations, mileage caluclators and calendars.

Avery Dennison has already posted a number of templates for their self-adhesive labels. Now I have one less reason to use Microsoft Word, and the folks at TastyPopsicle seem to agree with me: see their article called Oh hell no, Google’s got templates!

I’m sure there are security concerns. How hard would it be for someone to post a template that lets users record their web passwords or credit card information, and then sends back that valuable data to the developer? Google’s videos don’t mention any of these issues - instead, users are told that they can email template-based documents to friends, who can fill them out and return the data in their email client. 

Before trying these templates, I suggest changing your Google password to something stronger, like a passphrase, or using a Google account that doesn’t have much or any email or data in it. It’s much easier to set up a fresh Google account than to figure out who’s looking at your data.

There’s more information and a couple of videos in this Google blog article called Templates bring Docs to life.

Related posts and pages on billso.com

• 12 May 2008: Software and services - free or paid?
• 24 April 2008: Change that password into a passphrase
• 19 April 2008: Salesforce for Google Apps
• 28 February 2008: The Google cable
• 18 September 2007: Google, Yahoo and IBM in the Office
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 12 April 2008: Finding business contacts and passwords on the Internet
• 19 April 2007: Living la vida Google
• 2 July 2007: CXOs face malware email attacks
• 23 February 2007: Google Apps vs Microsoft Office

Long-time readers of billso.com may remember that I used reCAPTCHA to validate comments about my articles. reCAPCTHA is a web service that shows users pictures of two words. The service knows one of the words. The second word was provided by an electronic book scanning project that needs help with its quality control.  reCAPTCHA send the results back to the scanning project, to help them fix their documents.

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) system is a simple test that determines if a computer user is a machine or a human. CAPTCHAs are small puzzles that people can solve quickly, while being too expensive for a computer system to solve.

I dropped the reCAPTCHA feature in May 2008, because the system was not stopping comment spam from appearing on my blog. “Comment spam” is just messages that have little or no relevance to an article or page.

In the past, people who wanted to crack a CAPTCHA system might pay users to stay at home and decipher dozens of captchas, in return for free content or Internet access. But people are slower and less reliable than computers. Processing power continues to improve, while CPU costs get lower.

Paying the price

Stephan Chenette, the manager of security research at Websense Security Labs, notes that CAPTCHA technology had made incremental improvements since 2000, while CAPTCHA crackers bought faster hardware and invested more in their efforts:

“CAPTCHA has been broken for the last year and a half. The technology has really not progressed. They’ve got a little bit harder but the hackers have made programs that can easily break them. This works both with print and audio CAPTCHA. All of these have been broken in one way or the other.”

In the last few months, the CAPTCHA systems of several major web sites have been cracked by automated systems:

• January 2008: Yahoo Mail
• April 2008: Gmail and Hotmail
• May 2008: Craigslist

This has resulted in a flood of spam, scams, and fake postings on services around the world. It’s become quite easy to create a fake Web site that can fool many users. Social networks like MySpace and Facebook offer many more opportunities to trick users into revealing their credentials and personal information.

In the last few years, financial service companies and banks have adopted multifactor authentication systems that ask users for more than a password or a CAPTCHA solution. Now organizations in other industries are looking at similar solutions, because it has become much less expensive for scammers and crackers to break these companies’ systems. Several OpenID providers have added multifactor features to their authentication systems, too.

This article called How CAPTCHA got trashed has more details.

Image courtesy of Mess of Pottage through a Creative Commons license.

Related posts and pages on billso.com

• Help
• OpenID
• 13 May 2008: JanRain launches CallVerifID multifactor phone service for OpenID
• 10 May 2008: Why use OpenID?
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 25 March 2008: Digital TV is coming
• 13 March 2008: Avoiding the splogs
• 5 February 2008: The mobile web and billso.com
• 4 June 2007: Email and print links

Jocelyn Kirsch may be sentenced to 6 years in a Federal prison for her role in a “brazen” identity theft ring. I posted this billso.com article, Philadelphia couple stole neighbors’ identities, on 3 December 2007. She plead guilty yesterday in a Federal courtroom in Philadephia.

She and her ex-boyfriend, Edward K. Anderton, use keys to raid their neighbors’ mailboxes in the Rittenhouse Square building where they lived. 

When investigators searched the couple’s four computers, they found vacation photos, invoices and more evidence that was used against the couple:

The pair deployed an increasingly sophisticated set of schemes to obtain more than $116,000 in goods and services and tried to obtain at least another $122,000 more, prosecutors said.

Anderton had previously plead guilty, and may receive a 5 year sentence on 19 September 2008. Kirsch is scheduled for sentencing on 17 October 2008. Her punishment may be more severe than Anderton’s because she continued to steal identities while she lived in northern California with her mother. Kirsch was waiting for her Philadelphia court dates at the time. 

See this Associated Press article, Student grifter admits $116K fraud in Pa. ID theft, for more information. 

Gas prices are going up all over the US, and Honolulu is no exception. Prices in Honolulu are over US$4 a gallon, while prices on the neighbor islands passed that mark in April 2008, according to this Honolulu Star-billetin article.

Some Hawaii-based researchers believe that prices will continue to go up, as the era of “peak oil” ends. See this article from the Honolulu Star-Bulletin for more information.

Since the state of Hawaii gets 90% of its cargo from boats, higher oil prices will lead to higher prices for almost every good and service, including gasoline. I have seen and read about more people who are consolidating trips, carpooling, taking The Bus, or walking during the day.

Suck it up

Petty thieves have shifted their attention from copper to gasoline. earlier in 2008, the Hawaii Legislature increased the penalties for copper theft, and required scrap metal dealers to keep better records of transactions. So the criminal element has armed itself with boxcutters and siphons. With some vehicles, it’s easier to cut the plastic fuel line to drain the tank. Cars and trucks with large fuel tanks are a tempting target, especially when they are parked on quiet streets or unsecured company lots.

This Honolulu Advertiser article has some more details, including an indication of how well-organized some fuel thieves are:

“In Waipi’o Gentry we’ve been hit several times by a white pickup truck that has a big tank in the back of the rig,” [U-Haul district manager Don] Rickard said. “The same guy just pulls up, sticks in the hose, turns on his pump, siphons the gas and away he goes. We’ve turned in video of him doing it three or four times a month, but he keeps using stolen license plates. It’s extremely frustrating.”

The usual common sense measures are listed in the Advertiser article: video surveillance, vehicle alarms, and parking in well-lit, secure areas.

There’s one more good suggestion: get a steel fuel line made and installed under the vehicle. Anyone who is dumb enough to cut through a full steel fuel line with a metal blade will trigger an explosion.

Related posts on billso.com

• 4 January 2008: Copper thieves kill Sugar Bowl cablecast

As I mentioned in my billso.com article from 2 May 2008, if you are carrying high value items on your airline journey, do not check them with your baggage. Carry the items with you on the airplane.

Matt Mullenweg, the man behind WordPress, learned this lesson the hard way last week when he lost several high-end cameras and lenses on a US Airways flight.

Image courtesy of xrrr through a Creative Commons license.

Related posts on billso.com

• 15 May 2008: Don’t check cameras in your luggage
• 2 May 2008: Never check your computer on a plane
• 11 March 2008: Using Facebook as a lost-and-found department
• 3 March 2008: Building the perfect laptop
• 30 September 2006: Don’t steal my laptop!
• 28 June 2003: Where’s my luggage?