Thursday, December 24, 2009

My latest experience

All characters in this story are real and describes experience of one living person (myself).

I stayed on 19th at my roommate's friend's house at Chicago, met my senior (Vaishnavi) on 20th Morning and left for the 6pm flight at 2 Pm from house. Reached airport at 3 15 PM. After transiting from Terminal 5 to terminal 1, I stood in the line to check in. The helpful lady of united airways told me that most of Indian passports may not be scannable and so asked me to check in manually (some human will enter my details instead of using a self-serve kiosk). This line was not that long, but was not moving fast, I stood in this line for 1.5 hours and when it was 55 minutes to flight (5:05) I got my chance to check in. The cutoff time for baggage is 45 minutes, so I was already nervous, as you might guess :p.

She took my passport, ticket and then told me I need to have schengen visa to travel from AMS -> FRA (Amsterdam to Frankfurt). My ticket was in 3 legs, ORD (Chicago) to AMS, AMS -> FRA and FRA -> BLR. For the leg from AMS to FRA, I need a schengen visa, even though I only transit through the region, since both AMS and FRA are in schengen region and schengen to schengen region transits REQUIRE visa. She actually weighed my baggage and was about to check in my luggage (while on call with someone to check if I can be allowed). Then she told me that I can’t take this flight. Was the first great news to hear. Called up my parents and told them "my ticket has some problem, I can’t make it to this flight, and I will update you after I fix this problem, till then please pray for me". The "very friendly" airline guys told me to contact Orbitz guys, through whom I booked the ticket (in short - get off my lawn). Was very very thankful to United for their guidance. Then I came out of the line and sat in a chair calling up Orbitz. Given that there was snow storm in DC and NY, they were flooded with calls rescheduling their flights.

So I waited in the orbitz line, hearing their very nice tune. Felt glad that I missed the flight to hear that very nice tune. How bad I would have felt if I couldn’t hear this sweet tune waiting for someone to pick my call at Orbitz. Around the 20th minute on the call, I decided to call my roommate, who dropped me at Chicago and left to Lafayette (university). He had already left and was 10 miles off Chicago. To my bad, his cell had very little charge left. I hold my current call, call him and say "Ajay, I have a problem, please come back to airport"... Carrier lost. Call got cut. He somehow calls me back with his little charge and asks me what the problem is (I put my super tune orbitz line on hold and talk to him). I tell him there is some problem with my visa for the Amsterdam to Frankfurt leg and they booted me off the flight. So please come and pick me up at airport. He says ok, I will come, he said he will take some time as his phone has no charge, so he will go and pick his friend (whose house we stayed) and charge the phone and head to airport. (I came to know later that had I called 15 minutes later, he would have had 0 charge on his phone and I couldn’t have reached him). His call got cut by the time I was going to press end call, so I ended up cutting the orbitz call, so 30 minutes of hearing the sweet tunes got wasted. I call orbitz again and keep hearing this nice musik for another 20 minutes. With very little charge left on the phone (since I have been very happily hearing Orbitz music for an hour now), I start moving to a place in airport where I can find a power plug for my phone and laptop (which already dint have any charge). Chicago airport has no free wifi, so I get an 8$ wireless connection and start chatting with my periappa and sister, tell them the story while on call. Then after 50 minutes, I get lucky and find someone at the other end at Orbitz. Explain her, for her this is news, orbitz has no clue why this should happen to me. They ask me to contact airlines. I tell them the airline booted me and asked me to contact orbitz; I can’t cut this call and go another round of fun :p.

Finally Orbitz agrees after 30 minutes of fight that they can hold the ticket and I can use it to travel anytime in a year. Hah! Some breakthrough. Father calls me already 2-3 times to check what really went wrong. I dint put my orbitz call on hold and pick his, since anyway I had no worthy update. Sister tells father the details, since I chatted with her while on call. I call up my periappa after this (in the meanwhile I m on chat with him), tell him I will need a ticket to India and he asks me to give sometime so that he can find an agent. He tries quite a few of them and since its Sunday, it doesn’t work out well. He tells me not to worry, go back and we can get ticket tomorrow. After sometime, he tells me there are some tickets in air India for 22nd and I should go ahead and book it ASAP online. For some reason, my iphone's browser can’t select dates in Orbitz or Expedia and I give up.

In the meantime, my roommate calls me twice, and because of call with Orbitz, I don’t pick the call. He waits for 10 minutes in dept terminal (can’t wait more than that, or will be towed) and moves to economy parking. Bad luck at its best, while getting out of car, he forgets the keys inside and gets locked out from the car. He and his friend (whose house we stayed) comes to meet me, since I am in deeper trouble and tells me everything will get fine, except a small hitch, can’t go home in the car. :-))))).

I then call up AAA (some company that charges 100$ per year to help change tires, drained battery etc) and forward the call to call Chicago security who can help open the car. I tell them the parking lot number and they cut the call immediately and send their vehicle. We were in terminal 1 and it took 10 minutes to reach parking lot. On reaching the lot, we find no one, they had already come and couldn’t see anyone and went back. Huh! I don’t have their number to call them again and search desperately around in -7C with snow for shelter. Luckily, I find a place where I can call the Chicago security. It has a red button that says press to call Chicago security. Ah! Finally some luck on my side. I call them up and tell that I m the same guy who called sometime back. They say they dint find us and went back and tell me to stay there and someone will come there. I stand for a few minutes and the security finally arrives. We guide him to the car. He inspects the car and then asks to fill up some form and opens up the door. Ah! Second good thing. I start the car and put the heater in full and wait to warm myself up first. I ask Ajay (my roommate) to drive the car and let Sandeep to join him at the front and take backseat to book ticket. I try in the phone again to book ticket, but as I try, the airindia ticket for 2000$ goes off and becomes 2300$. Now I try to book that and orbitz stops listing air India and says no ticket available for the date. I call up periappa to ask him to book it online for me and he finds no ticket (in airindia.com and other sites). He calls me back and says he is unable to find one on 21st or 22nd or 23rd. Ah! I was thinking what else can go wrong. I call my cousin in Sunnyvale to help me out. He is away from home and would take 15 minutes to go home. I m 25 minutes from Sandeep's home on the car. I call up parents and tell them everything is under control and periappa is on the final screen getting tickets :p. Now, I just take a deep breath (what else can I do?) and wait to go home, I reach home and pull my 2 luggages to the apt from the garage, which is like 400 ft from home in -7 C, with snow and sleet (what a great weather to be at this time :D )..

At home, I start the computer and start searching online while my cousin is also searching for one. They too find nothing on 21st, 22nd and 23rd (on 23rd they find a 4000$ ticket). Luckily manni finds a sweet deal in makemytrip.com and tells me to search for one on 25th for 1.3k to India on etihad airways. I search and I get it, sweet! I start booking and finish booking. I get confirmation from the site, but my ticket is not yet issued. I m once again back nervous, since there is a clause that says, they can cancel the ticket if there is some unforeseen circumstance. Given that I have seen enough of them, was just wishing I have no more :-). Finally the next day evening 3pm my time, I get the confirmation mail from etihad that my ticket is booked and I get my ticket to India.

Ok, given this entire big story, the moral is:

1) Never leave the car keys in the car, you can get locked out. :-).

2) Keep your cell phone charged.

3) Murphy's law: If anything can go wrong, it will definitely go wrong.

4) You need a lot of God's grace :-). You are just an actor in the system, when things really go wrong, just take it easy :D (Well you can’t do much either).

and of course: Plan ahead for alternatives (unlike me), when you make online booking, check with people, it seems that this is very common issue (schengen visa issue). More often, ignorance is not bliss; it can get you into lot of troubles :-).

and some obvious ones: Always check the visa restrictions on all legs of your flight, if you are booking yourself. Sometimes even being 3 hours before the flight may not help enough. You can be as early as checkin permits and take rest at the airport lounge.

On the positive side, I fortunately never lost my cool, except with Orbitz fighting with them for the 200$ airline change fee (which was understandable).

Monday, January 26, 2009

Preventing Gmail account hacks

I no more work at Google, but just my two cents/paisa about the
whole problem about being gmail accounts being hacked. I am not a security expert, but whatever I have written here is rehashing basic stuffs to make more sense for your security.

The blog content below is a reply to this mail by my friend:
Anyone working in google now???
Few of my friends' gmail passwords are getting hacked frequently now..

And one of my frnd got her password back in orkut posted by that hacker under the name 'Ethical hacker' from australia.. he has included lotsa friends in her list by that time..
Any ways to protect the account from hacking?And can google track that person thru his gmail account?
Please reply

Reply:
In general, its not so easy to figure out if an account is hacked. If
the hacker is located at a different location (as in the case that you
said - like in australia) its possible to make an educated guess and
ask the person to prove himself. (Like show a prompt to say, what was
his mother's maiden name or something like that) However, it is
believed that more than 60% of all hacking attempts for passwords often
happen from same location/area (because, people in same area, or
someone who has interest in the account, is the one who often hacks
it). So, that also does not do much help.

Cases of email password hacks can be of several types:
1) Compromise at the user end.
2) Compromise in the network (man in the middle).
3) Compromise at the server end.

3) can be generally ruled out, since its not possible to hack into
Google network easily. There is enough infrastructure and security
audit done to assume that its near zero possibility to hack something
at Google end. This applies to most "good enough" email providers,
unless they are foolish enough to do something known in the industry
as a bad security practice.

2) is more common, because people generally dont enable https in their
gmail account. What that means is that, even though your username and
password is securely processed, once you get logged in, the
transcaction is through http. If someone can do "cookie hijack", they
can steal the session. Once session is stolen, one can change the
password, or do something similar to that.
So, the remedy (or closest to a solution) is to enable https (look in
settings inside gmail)

1) Compromise at user end is the most prevalent. There is no point
enabling https, when there is keylogger installed in the machine. Most
spywares are all interested in your keystrokes, since they need your
credit cards and other details. They would gleefully record your
keystrokes all the time and try to send it to some remote location.
Also dont download random software. Be cautious, when someone sends a
forward with ppt or pps and asks you to go through. Dont ever execute
an exe in your machine, unless absolutely needed. ask yourself 10
times before you click on joke.exe or something like that. If someone
sends the same message that he can type in email, in a word document,
discourage it. Avoid opening attachments in emails. Avoid using IE
when you goto unreliable sites.

Sometimes unsuspecting exploits remain. Let me give you an example of
Adobe Acrobat Reader. Most of us might have it installed. There was a
vulnerability in 8.0 version of it, that allowed remote attacker to
send a specific signature PDF and cause running of malicious code.
When any user who visits the site, since its a PDF file, PDF opener
will automatically open (more so in IE) and suddenly you will see
acrobat page, and you get infected. This is something that you cant
even press stop button and prevent loading, because more often it
happens quite quickly.

Install an antivirus, schedule a scan every week. More often, these
scans are scheduled at 12 AM on Sunday night. The problem is that most
of us never keep our computer on at that time, which means, that the
scan never happens. Also, keep your firewall armed all the time.
"Keep your antivirus updated".

There could be still zero day exploits lurking all the time. Consider
using Linux, if you just want to browse, and keep it updated too!.

If you are still paranoid, consider using VMWare and run windows
inside it. After you do your work, just reboot the vm image to a fresh
stock windows install. That way you just dont have to worry about some
spyware hurting your system.

Search this site

Google