Tag: security

Happy spammers-Orkut allows Export contacts in CSV format

Spammers job is to keep collecting email address of active internet users until they get a deal(spamming), so that they can mint some money from those spam mails.

I know a guy in India, who asked me 75$ and he could send my blog link to 5 lakh people in one day. And he was very good at convincing. He told that I would get back my money from the one day of campaign with him(spamming).
But guys, I don’t like spammers. And I hate when someone interferes in my privacy without my permission, so how could I interfere in someone else privacy!

One sad part is, these spammers are very intelligent. They know all sorts of things from where they can get the email ID’s of active internet users.

Now anyone can get large number of active email ID’s from Orkut!
Log in to orkut, then click ‘Friends’ along the top navigation. Next, click ‘Download your contacts’ on the bottom of the page to save your contacts as a CSV file.

In Orkut, its not so difficult to add 1000 friends(which is the limitation presently, but we hope Orkut will soon remove this limitation too) by creating a fake account(in the name of a girl and with a sexi pic in the profile). After creating some 10 accounts you can keep checking these accounts and just accept the friend request you get. There are applications which will help you to accept all the friend requests in one click. So by a month are so, you will be acquiring 1000 contacts in each of the profiles i.e., 10 x 1000 = 10000 / month. Now just goto ‘Friends’ link in the top navigation. Next, click ‘Download your contacts’ on the bottom of the page to save your contacts as a CSV file. SO you will have 10000 active email contacts per month.
orkut-are-you-a-real-person-security

Now the “Big G’s” “Orkut” is a hot place for spammers to get the email ID’s of the most active internet users. Because, people who are using social networking sites are mostly addicted to that social networking site and they check it almost every day like a daily ritual.

To prevent spammers from getting your email ID for some extent:
Don’t accept/send friend request of/to those who put fake sexi pics in their profiles(to attract others).
And observe their activities before sending/accepting request.

I have been getting lot of spams to one of my ID and the others had just 2 or 4 spams. So I wondered why only one ID is getting full of spam mails?
So we did a bit of research and found that, the same spam messages where present in many peoples orkut scrap books, and finally we could get to know the source of spam and discovered that the guy who spammed us, got our ID from Orkut.

And I am sure, Orkut is one of the main place where these spammers collected huge number of active email ID’s.
So be careful the next time you send/receive a friend request in Orkut or any other social networking sites.

PayPal Teaching Security Measures to Its Customers

Many days ago we had received an email from paypal@something.com, which said to click on a link and enter my credit card information by loging into PayPal account. We knew that the email was not from PayPal(by looking at the from address of the email), but still we clicked it to test(not recommended), and the link took us to a fake website resembling PayPal. And to our astonishment, the fake website was almost an exact clone of PayPal website. Newbies and ignorant people would just do everything the email had stated them to do and you know what will happen next!

What I did was, just entered some wrong username and password(to loginto that fake PayPal like website), guess what? Any random, wrong username and password will longinto such websites. The next thing was, it prompted us to enter our Credit Card number. There also I entered some nonsense numbers. And finally it poped up a hearty message saying “Thank you”.

We do not recommend anybody to try what we did with the phishing email link. We did all those things at our own risk.

And as this was our first experience with such phishing email, we just informed about the email and the fake website to PayPal team. And got this reply email from PayPal:

Dear Satish,

Thanks for taking an active role by reporting suspicious-looking
emails.
The email you forwarded to us is a phishing email, and our security
team is working to disable it.

————————-
What is a phishing email?
————————-
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.

Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn 5 things you should know about phishing. You’ll also see what we’re doing to help fight fraud
every day.

————————-
You’ve made a difference.
————————-
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you’ve helped keep yourself and others safe from
identity theft.

Thanks,

The PayPal Team

——————————————————————————–

That email really made me think PayPal as more secure. As the secure feeling was still in my mind, another email was spotted in my email. Now I forwarded it to spoof@paypal.com. Now, this time I got still better reply from PayPal, which was more informative:-

Dear Satish,

Thank you for contacting PayPal.

At PayPal, we care about the security of your account. Therefore, we
would like to offer you a number of Security Tips.

The tips will help you protect yourself against various types of
Internet fraud, such as ‘spoofing’ and ‘phishing’: the act of collecting
personal and financial information through fake emails, websites and
phone calls.

Using this sensitive information, the perpetrators will try to commit
identity theft, credit card fraud and various other illegal activities.

So please read the tips below, for your own sake, and in the interest
of all PayPal users.

Emails – Make sure they are sent from PayPal

1. Always check the greeting. We will never address you with Dear
PayPal User or Dear PayPal Member. Instead, we will address you by your
first and last name, or the business name associated with your PayPal
account – except in some automatic responses.

2. Look for strange links. When you’re asked to click on a link in
an e-mail that looks like it’s from PayPal, be extremely cautious.

3. Does the e-mail ask you to enter sensitive information? If it
does, it’s not from us. PayPal will never ask to you enter:
o Bank account numbers
o Credit and debit card numbers
o Drivers license number
o Email addresses
o Your full name

4. Check for attachments. PayPal will never send an attachment or
software update to install on your computer.

5. Take your time, don’t be rushed. Spoof emails can contain a
threat: You must take action, and do it now. If you feel undue
pressure, don’t respond. Simply log in to your account, and check your Resolution Center.

Website pages – make sure that they are hosted by PayPal

1. Check the URL when you log in. When you use the PayPal service,
make sure that the URL at the top of the browser is
https://www.paypal.com/. This means the website is secure. If you see a different URL, close your browser – even if it contains the word
PayPal.

2. Look for the lock. The lock symbol that appears in the bottom
right hand corner of your browser means it is a secure site.

Passwords – keep it on PayPal

1. Last but not least, create a unique password for your
PayPal-account. Don’t use this password on any other site and don’t
share it with anyone else.

2. Change your password every month.

If you think you have received a fraudulent email, forward the entire
email, including the header information to spoof@paypal.com and then
delete the email from your mailbox.

Click the “Security Center” link on any PayPal webpage for additional
tips and tools for staying safe online.

If you have any further questions, please feel free to contact us
again.

Sincerely,
Jeffrey
PayPal, an eBay Company
————————————————————————————————–

I was very much happy that PayPal is concerned about its customers.
Now PayPal has taken yet another step to teach its customers, to make them authority of online fraud detection and prevention techniques.

Now you can see an ad on the HomePage of PayPal and which will take you to https://www.paypal-promo.com/safety/ when clicked.

paypal-security-measure
This site is made of flash and its visually appealing and gives full information about online fraud detection and prevention techniques.
It involves “Training Center”, where it tells about online theft and protection measures etc. And next is, it has an “Safety Exam” section where you will be presented with some questions and answers(in the form of options) to test your levels of understanding about online fraud detection and prevention techniques. Next is the “Safely Calculator”, calculates “How safe your PayPal account Is?”, by determining your answers to some of the questions.
And there is also a section called “Safety Products”, which lists some of the safety products developed at PayPal Lab — Take a look at it, they may be for you.

One thing which we never knew and came to know from this website are:
PAYPAL SECURITY KEY
All agents need gadgets. Customers in the US, Germany and Australia can use the PayPal Security Key, a small electronic device that generates a unique security code every 30 seconds.
You use this security code when you log in to your PayPal account, giving you an extra layer of protection against identity theft and account takeover. Hope this feature will be available soon in all countries where PayPal transactions are allowed. And for those who are deprived of this feature presently can make use of one of their Plug-In which offers an array of security features by generating a single-use MasterCard credit card numbers to help keep your financial information’s secure.

In India RelianceMoney demat account holders have been using such Security Key to generate new password for their account every 30 seconds. PayPal taking such measures creates an healthy, secure feeling in its customers.

Update:-
Please do not even click on the suspicious links found in your phishing emails. Because now a days the scripting(script programming) has become so powerful that, if you click on such links, a worm can be placed inside your computer(which may track your activities later). Clicking on such links is just like permitting the script to access your information.

Gmail feature, to track login sessions and some more details

Want to know, the timeings of your last login(like in your AdSense account) ?

Are you afraid or have doubt that, somebody else at office is accessing your Gmail ?

Want to know the Browser, mobile, POP3, etc and the timings and the Ip address of your previous logins ?

Gmail has all these features in one click….Most of us have surly missed to notice this very important security feature of Gmail.

Many of you have seen all the options present in Gmail Settings tab. And you might be thinking, where the hell could this option be present?

You might have missed this because, this option is at the end of the Gmail page(footer).

Here are the screen shots…
last-login-gmail-detail

When you click on the “Detail” link…you can see the details of the last 5 login sessions. And you can also see, if the same email account is being used at the same time in some other places. And importantly, you can “Signout all other login sessions”.
Sessiona-gmail-Ip-log-login

How to use this data

If you’re concerned about unauthorized access to your mail, you’ll be able to use this data to find out if and when someone gained access. Does the Access Type column show any unusual access? If you don’t use POP to collect your mail, but your Recent activity table is showing some POP access, it may be a sign that your account has been compromised.

The IP address column is also useful. If you always or most often sign in to Gmail using a single computer, your IP address should be the same, or start with the same two sets of numbers (for example, 172.16.xx.xx). If you’re seeing an IP address that differs greatly from your usual IP address, it could either mean that you’ve recently accessed your mail from a different location, or that someone has accessed your mail. Your current IP address is displayed below the Recent activity table.

Concurrent sessions

If your mail is currently being accessed from another location, it would be listed in the Concurrent session information table. This could mean that you simply have another browser window open with Gmail loaded, or that your home computer is logged in to Gmail while you’re accessing your mail from work. If you’re concerned about any concurrent access, you can sign out all sessions other than your current session by clicking Sign out all other sessions.

If you think your account has been accessed by someone illegally
You’ll need to change your password and your security question. The first step is to read our suggestions on choosing a good password to make sure that your new password is secure. Then, follow the instructions in How do I change my password? to update your password.
disable-gmail-chat
In the first screen shot, you can also spot another small link “Gmail view: standard | turn off chat | “. You can click on the “turn off chat” link to sign out of chat inside your Gmail. But this can be done at the chat box window itself(so, its not an important, must have option).

Gmail, small security option

This is just a small security enhancement found in Gmail. Anyway, many times these small things help us a lot, so lets not ignore it.
Hypertext Transfer Protocol over Secure Socket Layer or HTTPS is a URL scheme used to indicate a secure HTTP connection.

gmail-mail-logoHttps keeps your mail encrypted as it travels between your web browser and the servers, so someone sharing your favorite coffee shop’s public wifi can’t read it. Your bank and credit card websites use this same protocol to protect your financial data.

Gmail use https to protect our password every time we log into Gmail, but it does not use https once we are  inside Gmail, unless you ask for it (by visiting https://mail.google.com rather than http://mail.google.com).

And the downside is that https can make your mail slower. Your computer has to do extra work to decrypt all that data, and encrypted data doesn’t travel across the internet as efficiently as unencrypted data. That’s why Google leave the choice up to the users.

There are two options to select from. One is to bookmark https://mail.google.com and then use it everytime we login to Gmail. Orelse we can set it inside our Gmail Settings. Below are the screen shots….

First click on settings. And then search for the option, in the General tab.

general-tab-gmail

https-http-gmail

Select whichever option you are convenient with.

It is good to see that, Gmail supports https scheme. But we can see that, some other Google services like Google Toolbar doesn’t support https scheme. Lets hope that Google is hard at work, to implement https protocol scheme to all its services.

We recommend avast! anti-virus

We have been using avast! in our home computer from 2 years and its a tension free computing now, as our computer  has never been infected by any virus, spyware or malware from 2 years.

Before installing avast, I use to format my Computer almost 3 to 5 times in 6 months, due to some external attacks. But after installing avast, I have not at all thought about formatting my PC. Its a kind of – “Simply install and forget”.

The impressive avast-krabice-home48part is, avast Home edition is free to use for non-commercial, home purpose.

And avast! is offered in over 30 language versions, and you need to select the language you require before you download.

You can register avast! online, and you will get a unique, free registration key and it will only work for your computer. So, your registration key would be of no use for some one else.

After you use the FREE version of avast! for one year, all the updates will get expired and you must again register for new registration key online and you will start getting updates again till 1 year. Like this, you need to register every year.

And note that, you just have to install it, get the registration code and leave it, the updates are totally automatic(internet connection required! ).

The free version supports:-

  • Windows 95
  • Windows 98
  • Windows Me
  • Windows NT 4 (No Server)
  • Windows 2000 (No Server)
  • Windows XP (No Server)
  • Windows Vista

It is sad to see only the Windows OS support here.

avast-shieldI have used many anti-virus programs available in the internet, and had one or the other problems…like the increase in loading time, popups, update notification etc. And the software did not work to the mark.

And in my journey of trying anti-virus programs, I got avast! , used it for almost more than 2 years now, and I am a satisfied user. And I will surly buy the paid version of avast! in the future, for commercial use.

Now I am using avast in my home computer(used for entertainment, surfing and for testing some software etc — Totally non-commercial). And on my laptop(which is used for blogging), vista firewall does all the job.

So, if you are looking for a FREE version anti-virus, with professional performance and simple to use interface, then avast! could be for you. And remember, use it on non-commercial,home computers only.

Free antivirus – avast!  Home Edition features

Anti-spyware built-in Web Shield
Anti-rootkit built-in Automatic updates
Strong self-protection Virus Chest
Antivirus kernel System integration
Simple User Interface Integrated Virus Cleaner
Resident protection Support for 64-bit Windows
P2P and IM Shields Internationalization
Network Shield

Tried and Trusted With over 50 million users of avast!, you can rest assured that you are using one of the most tried and trusted products in Windows security.

If you want more security, more protection and still more features, for your office or for any commercial purpose, then there is paid avast! version for it. And it would be smart to investment on buying avast! products.

Which anti-virus do you use to protect your computer ?  And what do your feel about its performance, please share with us, in the comment section.