I no more work at Google, but just my two cents/paisa about the
whole problem about being gmail accounts being hacked. I am not a security expert, but whatever I have written here is rehashing basic stuffs to make more sense for your security.
The blog content below is a reply to this mail by my friend:
Anyone working in google now???
Few of my friends' gmail passwords are getting hacked frequently now..
And one of my frnd got her password back in orkut posted by that hacker under the name 'Ethical hacker' from australia.. he has included lotsa friends in her list by that time..
Any ways to protect the account from hacking?And can google track that person thru his gmail account?
Please reply
Reply:
In general, its not so easy to figure out if an account is hacked. If
the hacker is located at a different location (as in the case that you
said - like in australia) its possible to make an educated guess and
ask the person to prove himself. (Like show a prompt to say, what was
his mother's maiden name or something like that) However, it is
believed that more than 60% of all hacking attempts for passwords often
happen from same location/area (because, people in same area, or
someone who has interest in the account, is the one who often hacks
it). So, that also does not do much help.
Cases of email password hacks can be of several types:
1) Compromise at the user end.
2) Compromise in the network (man in the middle).
3) Compromise at the server end.
3) can be generally ruled out, since its not possible to hack into
Google network easily. There is enough infrastructure and security
audit done to assume that its near zero possibility to hack something
at Google end. This applies to most "good enough" email providers,
unless they are foolish enough to do something known in the industry
as a bad security practice.
2) is more common, because people generally dont enable https in their
gmail account. What that means is that, even though your username and
password is securely processed, once you get logged in, the
transcaction is through http. If someone can do "cookie hijack", they
can steal the session. Once session is stolen, one can change the
password, or do something similar to that.
So, the remedy (or closest to a solution) is to enable https (look in
settings inside gmail)
1) Compromise at user end is the most prevalent. There is no point
enabling https, when there is keylogger installed in the machine. Most
spywares are all interested in your keystrokes, since they need your
credit cards and other details. They would gleefully record your
keystrokes all the time and try to send it to some remote location.
Also dont download random software. Be cautious, when someone sends a
forward with ppt or pps and asks you to go through. Dont ever execute
an exe in your machine, unless absolutely needed. ask yourself 10
times before you click on joke.exe or something like that. If someone
sends the same message that he can type in email, in a word document,
discourage it. Avoid opening attachments in emails. Avoid using IE
when you goto unreliable sites.
Sometimes unsuspecting exploits remain. Let me give you an example of
Adobe Acrobat Reader. Most of us might have it installed. There was a
vulnerability in 8.0 version of it, that allowed remote attacker to
send a specific signature PDF and cause running of malicious code.
When any user who visits the site, since its a PDF file, PDF opener
will automatically open (more so in IE) and suddenly you will see
acrobat page, and you get infected. This is something that you cant
even press stop button and prevent loading, because more often it
happens quite quickly.
Install an antivirus, schedule a scan every week. More often, these
scans are scheduled at 12 AM on Sunday night. The problem is that most
of us never keep our computer on at that time, which means, that the
scan never happens. Also, keep your firewall armed all the time.
"Keep your antivirus updated".
There could be still zero day exploits lurking all the time. Consider
using Linux, if you just want to browse, and keep it updated too!.
If you are still paranoid, consider using VMWare and run windows
inside it. After you do your work, just reboot the vm image to a fresh
stock windows install. That way you just dont have to worry about some
spyware hurting your system.
Search this site
Monday, January 26, 2009
Friday, December 12, 2008
Flip HowTo
This is a very old idea, which I looked first at this site, and hence this post may not be that new, in terms of freshness of content. However, its always interesting :-).
Goto this site:
http://www.revfad.com/flip.html
type something there and you will get like this:
:sıɥʇ ǝʞıl ʇǝƃ llıʍ noʎ puɐ ǝɹǝɥʇ ƃuıɥʇǝɯos ǝdʎʇ
(-: ǝɯɐs ǝɥʇ ǝɔuǝıɹǝdxǝ oʇ ǝɔuɐɥɔ ǝuo sı sıɥʇ '(ǝɯ ǝʞıl) ǝɟıl ɹnoʎ uı sʇdıɹɔs ʇɟǝl oʇ ʇɥƃıɹ pɐǝɹ ʇou ǝʌɐɥ noʎ ɟı ˙ʎsɐǝ os ʇou sʇı lɐɹǝuǝƃ uı ɥƃnoɥʇ uǝʌǝ 'llǝʍ sɹǝʇɔɐɹɐɥɔ uʍop ǝpısdn ǝɥʇ pɐǝɹ sʎɐʍlɐ uɐɔ noʎ 'ǝsnɐɔǝq unɟ sı sıɥʇ
Technical details:
This is possible because of unicode. Unicode has a huge set of character set. People were able to find a similar, corresponding upside down character for each character in the english alphabet.
If you are interested in what those characters are, here it is:
This is copy pasted straight from the revfad.com/flip.html page's source code.
Goto this site:
http://www.revfad.com/flip.html
type something there and you will get like this:
:sıɥʇ ǝʞıl ʇǝƃ llıʍ noʎ puɐ ǝɹǝɥʇ ƃuıɥʇǝɯos ǝdʎʇ
(-: ǝɯɐs ǝɥʇ ǝɔuǝıɹǝdxǝ oʇ ǝɔuɐɥɔ ǝuo sı sıɥʇ '(ǝɯ ǝʞıl) ǝɟıl ɹnoʎ uı sʇdıɹɔs ʇɟǝl oʇ ʇɥƃıɹ pɐǝɹ ʇou ǝʌɐɥ noʎ ɟı ˙ʎsɐǝ os ʇou sʇı lɐɹǝuǝƃ uı ɥƃnoɥʇ uǝʌǝ 'llǝʍ sɹǝʇɔɐɹɐɥɔ uʍop ǝpısdn ǝɥʇ pɐǝɹ sʎɐʍlɐ uɐɔ noʎ 'ǝsnɐɔǝq unɟ sı sıɥʇ
Technical details:
This is possible because of unicode. Unicode has a huge set of character set. People were able to find a similar, corresponding upside down character for each character in the english alphabet.
If you are interested in what those characters are, here it is:
This is copy pasted straight from the revfad.com/flip.html page's source code.
var flipTable = {
a : '\u0250',
b : 'q',
c : '\u0254', //open o -- from pne
d : 'p',
e : '\u01DD',
f : '\u025F', //from pne
g : '\u0183',
h : '\u0265',
i : '\u0131', //from pne
j : '\u027E',
k : '\u029E',
//l : '\u0283',
m : '\u026F',
n : 'u',
r : '\u0279',
t : '\u0287',
v : '\u028C',
w : '\u028D',
y : '\u028E',
'.' : '\u02D9',
'[' : ']',
'(' : ')',
'{' : '}',
'?' : '\u00BF', //from pne
'!' : '\u00A1',
"\'" : ',',
'<' : '>',
'_' : '\u203E',
';' : '\u061B',
'\u203F' : '\u2040',
'\u2045' : '\u2046',
'\u2234' : '\u2235',
'\r' : '\n' //thank you, Yeeliberto
}
So as long as you have all these languages in your unicode font, you are really good to go in terms of getting things done (i mean upside down). If you have a complex language script (like say tamil or hindi), such a feat would be difficult, since tamil has horizontal lines at the bottom when character is flipped (think க as ab example). so its difficult to find an equivalent character. Same with hindi ( think of का - or for that matter any char as there is a line at the top for every character).
Friday, December 05, 2008
Donate with AdSense
This adhoc feature allows people to donate a part or whole of their earnings to Tides foundation, which will aid the relief efforts at Myanmar and China devastations.
Although I had some hand in this project as my small 20% percent, a lot of credit should go to Elizabeth.
See details here: Inside AdSense: Make your ad cents (and dollars) count
Go AdSense!!
Although I had some hand in this project as my small 20% percent, a lot of credit should go to Elizabeth.
See details here: Inside AdSense: Make your ad cents (and dollars) count
Go AdSense!!
Friday, November 21, 2008
gtalk2voip spams
When I was happy that the heysan trouble was over, here comes gtalk2voip. I guess I registered for this sometime back and now they send an IM saying that they have updated things.
Off-line message from: team@gtalk2voip.com date: 20.11.2008 14:06:06
New feature on GTalk2VoIP:
Using Gmail voice chat to make or receive phone calls: http://www.gtalk2voip.com/gtalk_service_gmailvoice.shtml
When will companies stop using IM to spam. IMs are tooooo intrusive.
Off-line message from: team@gtalk2voip.com date: 20.11.2008 14:06:06
New feature on GTalk2VoIP:
Using Gmail voice chat to make or receive phone calls: http://www.gtalk2voip.com/gtalk_service_gmailvoice.shtml
When will companies stop using IM to spam. IMs are tooooo intrusive.
Wednesday, November 12, 2008
Heysan the IM Virus/annoyance/nagchatware
If you are receiving a message that someone has tagged you in heysan.com, and gives you a link, please dont click it. It seems to be a virus/whatever. The bot pinged me through so many people in the last few days, while they dint know that the bot was doing all these.
What kind of messages do you receive:
abc@def.com tagged you in a photo on http://i.heysan.com/pfGZNO9Y
abc@def.com stole your cookies. To recover click on http://i.heysan.com/someSaltValue
abc@def.com uploaded a new photo on http://i.heysan.com/pfGZNO9Y
abc@def.com commented on a photo on http://i.heysan.com/pfGZNO9Y
Action:
None I know of, please ignore the message and keep moving. DONT CLICK IT.
What kind of messages do you receive:
abc@def.com tagged you in a photo on http://i.heysan.com/pfGZNO9Y
abc@def.com stole your cookies. To recover click on http://i.heysan.com/someSaltValue
abc@def.com uploaded a new photo on http://i.heysan.com/pfGZNO9Y
abc@def.com commented on a photo on http://i.heysan.com/pfGZNO9Y
Action:
None I know of, please ignore the message and keep moving. DONT CLICK IT.
Sunday, November 09, 2008
Making libsvm work in Mac OS X - Matlab R 2008
It was painful to get libsvm on matlab working in Mac OS X. First was a false error.
Matlab threw some weird error like this:
expr: syntax error
/p/matlab/bin/util/mex/mexutil.sh: line 13: [: too many arguments
and make did not work. SO I guessed that this was the error (which actually was not). On searching the net, I figured out that we should ignore this error and keep going.
The second was the issue with libsvm. The file make.m was referring .obj files while the makefile was generating .o files. So all .obj was to be search and replaced with .o. Things started working after that.
Hope this helps others who are struggling with libsvm and matlab in OS X.
Matlab threw some weird error like this:
expr: syntax error
/p/matlab/bin/util/mex/mexutil.sh: line 13: [: too many arguments
and make did not work. SO I guessed that this was the error (which actually was not). On searching the net, I figured out that we should ignore this error and keep going.
The second was the issue with libsvm. The file make.m was referring .obj files while the makefile was generating .o files. So all .obj was to be search and replaced with .o. Things started working after that.
Hope this helps others who are struggling with libsvm and matlab in OS X.
Friday, August 08, 2008
Google News Blog: Google News: Now in தமிழ் (Tamil)
Google News Blog: Google News: Now in தமிழ் (Tamil)
Let me point to the latest Google release for the (Tamil koorum nallulagam) market. :-).
Ladies and Gentlemen, this is Google news in Tamil. Tamil news stories aggregated from various tamil news sources and seperate category for Srilankan news, Google News Tamil rocks :-). In case you want to know who worked on it, its my dear friend Kiran Gunda and his teammates.
Everyone I know who reads tamil liked it (myself and my father as of now ;-) )...
Thank you Google!
(Obligatory thanks to Google for all the good food that added 10kgs to my weight).
Let me point to the latest Google release for the (Tamil koorum nallulagam) market. :-).
Ladies and Gentlemen, this is Google news in Tamil. Tamil news stories aggregated from various tamil news sources and seperate category for Srilankan news, Google News Tamil rocks :-). In case you want to know who worked on it, its my dear friend Kiran Gunda and his teammates.
Everyone I know who reads tamil liked it (myself and my father as of now ;-) )...
Thank you Google!
(Obligatory thanks to Google for all the good food that added 10kgs to my weight).
Subscribe to:
Posts (Atom)