Archive for the ‘Security’ Category

« Older Entries

Phishing & Spam IQ quiz by SonicWall

Thursday, September 10th, 2009

In this world of Email, spam is a major part. By definition spam means unsolicited commercial e-mail, which can be lead to phishing (is the process of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication) many a times. So its high time to react and save yourself from these cyber criminals. I am not here to you educate about spam or phishing, but to tell you that there is a quiz by sonicwall about phishing and spam. This quiz has tricky questions and I found it very nice and educating. Only requirement to take this test is, you should be willing to learn something interesting. Once you are done with quiz, click on why? link on all the questions to learn more.

I was able to score 8/10, actually depressed for missing 2 questions, unfortunately both were phishing websites.

Tags: ,
Posted in Security | No Comments »

Did you delete all your Cookies? Well, I say no…

Thursday, August 13th, 2009

Have you ever heard of Flash Cookies/Locat Shared Object? Flash cookies are cookie-like data, stored on the user’s computer. These are similar to http-cookies but can’t locate them on web browser. Flash Cookies can store 100KiloByte of information by default, but settings can be made to store unlimited amount of data (Limited by your HDD).

Local Shared Objects are not temporary files, but they stay until deleted manually. But there is an option to opt-out by disabling them on the Adobe website. Also Firefox add-ons like BetterPrivacy can help you with LSO. Here is how to disable the LSO storage on your computer.

  • Visit Adobe Flash setting manager website by clicking here
  • Go to Global Storage Settings tab which is second one
  • You will see setting manager something like belowadobe1
  • You can change the slider to None and un-check both the settings, as shown below, but be careful, you may not be able to view flash content again in that browser.adobe2

(more…)

Tags: , ,
Posted in Security | 2 Comments »

Some useful security related Firefox add-ons

Tuesday, August 11th, 2009

Firefox, a famous Web Browser from Mozilla Foundation, which provides a great web experience for its users. It has a great past since its first public release in 2004 and hope it will continue. One attractive feature of this browser is it Add-ons. There are numerous add-ons available for Mozilla Firefox and most of them are developed by its users and some by Mozilla Foundation itself. Among them some addons are really useful for tweaking our web experience. Here are some add-ons which I feel really useful,

  • WOT (Web Of Trust), warns you about risky websites that try to scam visitors, deliver malware or send spam. This add-on shows you various colors to indicate how risky it is to visit that website. You can also vote against a particular website. Click here to visit add-on website.
  • No Script: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. This addon is very very useful, it will not allow any scripts to be executed in the background unless you mark particular website as trusted, which leads to much safer internet. Also blocks many flashy ads thus leads website to load faster, a noticable change in speed can be experienced on http://www.computerworld.com. Click here to visit add-on website.
  • Adblock Plus: This Firefox add-on comes to great use when blocking ads and banners which can be annoying sometimes. Though ads are the source of revenue of most websites (exception: wikipedia), it is advisable to use this add-on on sites which has too many flashy ads and takes lot of bandwidth to load. Click here to visit add-on website.
  • CryptFire: This is a super cool add-on used to encrypt and decrypt the text using strong AES algorithm. To test this, you can go to cryptfire.com website, type in some secret content and add a password to it. Now the message is encrypted and a tiny url link is provided in the middle of the page which can be sent to your friend who knows the password. He can decrypt and view message using cryptfire. Click here to visit add-on website

These are only few useful ones I am aware of. You are always welcome to explore more add-ons on mozilla add-ons website.

Tags: , ,
Posted in Security, internet | No Comments »

What’s wrong with Social Networking sites?

Sunday, August 9th, 2009

Most of us are users of not one but atleast few social networking sites, among them popular ones are facebook, myspace, twitter, orkut. People are so addicted that they own an Internet connection only for social networking related tasks, I see no point in wasting so much time on these web 2.0 marvels. Most think what’s wrong in having an account which is available at free of cost and help connect to known and unknown friends, yes there are hidden dangers from social networking sites.

The secrets you reveal on a social site is priceless for an hacker which he can use for anything ranging from marketing to computer attacks to deadly Distributed Denial Of Service attacks. Recently Twitter (a famous micro-blogging website) was down for 2 hours and the prime reason was users clicking on malicious links. Example Scenario: You accept a friend request from some unknown user and click on malicious link provided in a private message sent by him, then your computer is compromised.

Despite reading this post you may think, why should I care?, there are millions of users so the posibility is minimal, I am just lucky, I trust the website, I trust my friends, I say all excuses are rubbish just make sure that none of your sensitive information is public.

Tags: ,
Posted in Security, internet | No Comments »

What is Phishing

Thursday, August 6th, 2009

Phishing in simple terms is cheating by falsely claiming to be a legitimate entity. There are many ways to execute this attack, mostly by emails. Phishing is often easy to identify & avoid with some awareness unlike other attacks like virus, spyware, worms, botnets. Some experiments show that around 70% for phishing attacks on social networking sites, as they are the source of information about users.

Phishing Techniques:

  • Link Manipulation: URL’s are modified to redirect to spoofed websites to extract login information. Say, you found a link to gmail on mallikarjuna.com which seems to be legimate to you but will redirect to some spoofed website gmail.mallikarjuna.com which looks very similar to gmail website. And if you happen to provide your login information, attacker is done with his job. To avoid kindly type in your url from your keyboard.
  • Website forgery: An attacker can alter the trusted website exploiting flaws of that website.
  • Phone Phishing: In this attack, the attacker places a VoIP call to the user and can ask him to enter the pin in case of a bank forgery.
  • Other techniques: There can be a lot more techniques which  cannot be categorised, like via email.

Some techniques to avoid

  • Don’t trust emails which ask for password or login in to your account.
  • Don’t click on URL’s from other websites, key in on your own.
  • Always see a padlock on right corner while visiting a secure website
  • View the Certificate of the website
  • Install No-Script add-on on Firefox browser to avoid clickjacking.
  • Cross check URL before entering username & password.

Firefox 3.0 and later versions contain built-in Phishing Protection which warn you when a page you visit has been reported as a Web Forgery of a legitimate website. Hope you can avoid Phishing.

Tags:
Posted in Security | No Comments »

« Older Entries
CC License
This work by Mallikarjun is licensed under a Creative Commons Attribution 2.5 India.