UNI TECH BLOG I

 Powered by Max Banner Ads 

LONDON: Experts have identified how their web browser’s ‘private mode’ setting is also vulnerable to hackers.

Most web browsers offer a private mode, intended to leave no trace of surfing history on the computer.

But Collin Jackson at Carnegie Mellon University in Pittsburgh, Pennsylvania, and colleagues, have found ways to detect which sites were visited with the mode enabled.

Even if private browsing is enabled, details relating to the key remain stored on the computer’s hard drive, allowing a hacker to establish that a particular site had been visited.

A hacker could “guess what sites you’ve been to based on traces left behind,” New Scientist quoted Jackson as saying.

These attacks on privacy “do not require a great deal of technical sophistication and could easily be built into forensics tools,” he added.

However, Rik Ferguson — a UK-based security researcher at Trend Micro of Tokyo, Japan — says that any attacker with the knowledge to exploit the weaknesses would probably look to other attacks first, which may yield more detailed information.

“If someone is capable of tracking your browsing habits in this way, then they are probably also tech-savvy enough to know about commercial spyware which could much more effectively track your computer use,” says Ferguson.

This is a Sponsored Post written by me on behalf of mailVU. All opinions are 100% mine.

If you enjoy keeping in touch with friends and family, there is a new service available that will make it much easier. The service is provided by a site called mailVU ( http://mailVU.com ) and offers a free video email service.

The service is easy to use and makes creating a video simple. You just need to answer a few quick questions, and have a webcam of course. You don’t have to download hefty software or signup for an account! The service is free, and unlike other video sites such as Youtube, your video on mailVU will be private.

You can even set the video to expire at a certain date or after a certain number of views. mailVU works on with most browsers, and your family and friends can even view the video emails on their Smartphone.

How cool is it to be able to send a video email straight to someone’s Iphone or Droid? Let’s be honest, sending regular email is boring! You can now keep in touch on a more personal level by using this free video email service. Try out mailVU for yourself today at http://mailVU.com and see how easy it truly is to send a video email.

A luxury goods designer, Stuart Hughes, has covered everyday gadgets, including an Apple iPad, in gold and diamonds, turning them into the ultimate must-have “bling”‘ boys toy.

By Andrew Hough

This is a Sponsored Post written by me on behalf of Nexx Online. All opinions are 100% mine.

We have rebranded our Nexx web hosting platform and to accompany the new launch we have attached a special promotion
We live in the age of e-commerce where for any business to be a success an online presence is essential. Web hosting is a huge business where people get to rent a bandwidth and space to showcase their business online. They host the services necessary for clients on servers that are online 24/7 with a unique IP address which belongs to the client. Web hosting for people who do not have the need for any specific tools or for low traffic sites are available for free. However if you are looking for a strong online presence for your business you need a company that knows the in and out of web hosting. Nexx web hosting is a platform that gives you the exposure you need and the right package tailor made to suit your needs.
Nexx has come out with an excellent promotional offer which provides its clients with Unlimited Web Hosting and a free domain name all for an unbelievably low price of $10. There are additional features with this $10 plan, wait till you hear it. We offer you unlimited bandwidth in terms of the disk space. We offer unlimited email and unlimited domains. In addition to all of this we have a customer care that works round the clock to answer your queries and requests. We believe that time is money and we work to generate maximum profits in your business online. We also offer a simple user friendly and easy to use tool and panel allowing people to access various application like Joomla, Drupal, Zen cart and word press all with one simple click.
We also assure you fast service and access as we have top tier data centre which is North American and uses clustered service technology to provide correct resource allocation all the time. The goal of our company is to provide solutions in web hosting to customers which are affordable, can be done with ease and also promotes the web presence of the client in the online markets. There is even a money back offer and there is a promotional code for the $10 package which is SPARK10. We believe in quality service and round the clock customer care to address your every issue.

TNN, May 13, 2010

India’s 71 million internet and close to 10 million broadband users are increasingly becoming the victims of vicious phishing attacks that can result in identity theft, danger to life and even crippling financial fraud.

On Wednesday, users of Google’s email services received a legal notice from the gmail team asking them to update their account details for security reasons.

“Gmail Team is working on total security on all accounts in order to make Gmail better as ever and as a result of this security upgrade we require all Gmail members to verify their account with Google. To prevent your account from disability you will have to update your account by clicking the reply button and filling the space below,” the mail read.

The legal notice from Gmail wanted users to refurbish their account name, password, occupation, birth date and country of residence. It also carried a threat that users who did not update their details within 7 days of receiving the warning would lose their account permanently.

However, when contacted, a Google spokesperson said, “Some spammers send fraudulent mass-messages designed to collect personal information, called ’spoofing’ or ‘password phishing’ . We always advise our users to be wary of any message that asks for your personal information, or messages that refer you to a webpage asking for personal information. Google or Gmail does not send unsolicited mass messages asking for passwords or personal information; even if the message asking for it claims to be from us, please don’t believe it.”

This information is publicly available in the Gmail support center at http://mail.google.com/support/bin/answer.py?hl=en&answer=8253

According to Rakshit Tandon, consultant safe surfing with the Internet & Mobile Association of India (IAMAI ), “Phishing activity has been on the rise across India since December. The biggest targets for cyber criminals are banking sites followed by free email sites like Gmail and Yahoo and social networking sites like Facebook and Orkut,” he said.

The IAMAI runs cyber safety programmes and has already worked with 3,50,000 students in 185 schools across 43 cities and 13 states.

“A schoolteacher in Mumbai lost close to Rs 10 lakh after phishers got into her netbanking account. Internet penetration is going up which is inviting more criminal attacks as awareness levels are very low,” adds Tandon.

His advise is to be investigative and use logic (BIUL) when using the Net in order to improve your personal Internet security levels.

When Microsoft releases Office 2010 later this year, will it be an upgrade worth pursuing, or will it, like Office 2007, be one that you can easily let pass? That’s a question that’s no doubt on the minds of many existing Office users – as well as more than a few executives at Microsoft.

Office 2010 can easily be seen as analogous to Windows 7 in that it represents Microsoft’s latest chance to convince people that they’ve really been listening to their concerns.

Like Windows Vista, Office 2007 was an upgrade that relatively few bothered to adopt. Office 2010, like Windows 7, is a do-over. Microsoft, in fact, took a page from the lengthy Windows 7 beta programme when, last year, it made the beta of Office 2010 widely available to the public.

Here’s looking into why you should go for an upgrade.

Ribbon bar everywhere

The ‘ribbon bar’ was Office 2007’s most controversial feature — and one that dissuaded many from upgrading to Office 2007. The ribbon bar did away with conventional menus in favour of a tabbed, context- specific top row that grouped functions likely to be needed or wanted. The idea was to unearth the many features of Office applications that many never found because those features were buried deep within menus or dialog boxes.

Menu addicts will be disappointed to hear that not only has the ribbon bar not disappeared in Office 2010, it has been enhanced. You’ll now have the ability to customise the ribbon bar by adding the tabs that you think should appear, and you can add or remove functions or features within tabs.

You’ll also find the ribbon bar throughout Office 2010. In Office 2007, the ribbon bar was missing from Outlook and OneNote, Microsoft’s note-taking and information management tool. There’s still no option to bring back classic menus, but the improvements will be welcome to those who don’t mind the change.

Outlook

The e-mail application Outlook is probably the suite’s most-used application. Microsoft has managed to introduce fairly dramatic changes to Outlook 2010 without making the programme a drag on productivity.

Most of the essential features remain intact and are located where you’d expect them to be. The many interface enhancements focus on making Outlook feel lighter weight and more responsive. At the same time, users will be able to customise to a level never before possible with Outlook.

It’s easy, for example, to hide the ribbon bar, folders, and other interface elements of Outlook 2010, retaining just the message list and preview pane. Bringing back interface elements you’ve hidden is simple … just click an unobtrusive left or right arrow icon along the top edges.

General improvements

The round Office button that appeared on ribbon-enabled applications in Office 2007 has been replaced by a tab labeled File at the far left of the ribbon bar.

Click it, and you’ll see a new feature that Microsoft calls Backstage View. Occupying the entire application window, Backstage View gathers together all of the operations you’re likely to need when readying a file for distribution, including ‘checking for issues’ (spelling and grammar checking), establishing read and write permissions, turning on change tracking, and previewing how the file will appear when it’s printed.

The traditional Save, Save As, Share, and other file-related activities are also included. Clicking the File tab again takes you back to the open document.

Paste Preview

Paste Preview is another suite-wide enhancement that attempts to address the fact that many people undo a paste operation once they see how the text or object actually looks in the document.

As its name implies, Paste Preview gives you a preliminary look at how something pasted from the clipboard will appear. To use Paste Preview, you’ll first right-click and let your mouse hover over the Paste Preview options, seeing in real-time how the material will look.

A new Insert Screen Shot feature enables quick and easy screen captures to be pasted into the existing document. This will be a handy time-saving tool for those who frequently need to send or use sample screens during their daily work.

For those who work with images, Office 2010’s background removal tool does a fair job of detecting and automatically removing background colours, allowing the background colour of the document itself to take its place.

Office Web

One of Office 2010’s most anticipated new features, Office Web, has yet to be officially unwrapped. Office Web will be Microsoft’s answer to Google Docs and other cloud-based office suites that allow you to work on browser-based word processors, spreadsheets, and presentation programs.

Word, Excel, PowerPoint, and OneNote will all be offered in the Office Web suite. And they will be free. The ‘free’ business model no doubt presents a problem for Microsoft, which generates significant revenue from its traditional Office suite. Microsoft’s answer with Office Web is to provide pared-down versions of its primary Office applications for free to Windows Live users.

The strategy could very well pay off, since it leverages the huge installed base of Office users – both at home and in corporations – and ensures these users full compatibility with existing documents while withholding enough of the functionality of the full products to make maintaining licenses appealing.

Verdict

If you’re still using Office 2003, you’ll still face a considerable learning curve when moving to the 2010 version of Office.

The fact that you cannot bring back classic menus will mean that you’ll have to spend some time learning how Microsoft has chosen to structure the many features of each application. If you’ve memorised keyboard shortcuts from Office 2003 – for example, Alt-T, O for bringing up the Options panel – you’ll be happy to know, however, that the same keyboard combinations bring up those familiar features.

Those moving from Office 2007 will likely appreciate the improvements to the ribbon bar, the Backstage View, and the overall aesthetic improvements, as well as the lightweight feel of each Office 2010 application.

In terms of features, though, we’re still talking about relatively incremental improvements in what was already, as of Office 2003, a mature suite. The most innovative changes occur with Office Web – and for that, you won’t need to shell out any money at all.

Download the Office 2010 beta from http://www.microsoft.com/office/2010.

– DPA

For a hacker common methods for finding your IP address is through chatrooms, looking up domain names on a domain name registrar site, or running programmes that can create a log of all valid IP addresses.

In a chatroom, all a hacker has to do is right click on a chat ID and get the IP address. A domain registrar can yield a website’s employees’ names, phone numbers, fax numbers, physical addresses and IP addresses. In ‘social engineering’ a hacker verbally chats up the user and gets his IP address and other important information. Here’s looking into how a hacker can break into a PC and misuse it.

How it works

With the users IP address, a hacker can send programmes to his PC to test the system for vulnerabilities. He can even find bugs, or holes in the software. The file- and print-sharing options allow the hacker to access the user’s hard drive, load any programme on the drive and delete/change any file on his PC.

The hacker may use ‘Trojans’, which pretend to do useful tasks–like playing a video or greeting–but actually help him access info from the computer and/or even take it over. Programmes that allow the hacker ‘backdoor’ entry to a computer are commonly available.

These programmes are used daily and legitimately by many systems administrators for remote systems. Hackers change the names of their programmes to make them look like legitimate system programmes.

Or they create a hidden folder on the user’s computer to keep programmes. The most common way that viruses are spread is through e-mails. Usually, the virus is not in the e-mail itself, but as an attachment.

Cracking passwords

Hackers use programmes to crack passwords. Even a password-protected computer can be broken into and other passwords then cracked.

A password cracker dictionary has common computer terms and phrases, names, slang and jargon, easily typed key sequences (like ‘qwerty’), and phrases one might commonly use as a password.

Programmes to crack passwords are handed out with copies of these dictionaries. A common method for cracking passwords is to get a copy of a system’s password file. It lists all encrypted passwords on the system.

Security breach

A hacker can steal and delete files, load dangerous programs on a PC and involve people in computer crime. He can get your home, office and even bank passwords.

A hacker can even see the screen as the user sees it, watch every move of his mouse and see every word he types.

Often, the hacker is not interested in the hacked system. He just wants to hack into larger systems or send e-mails. A hacker can load a programme onto hundreds of hacked PCs and then direct the PCs to bomb a particular firm’s server with junk mail or problem messages.

Specific measures

The user must keep in mind not to visit chat rooms unless they are closed and he knows the administrator. One must almost never open an attachment that ends in .DLL or .EXE, even if the email is from one’s best friend. The only time one can open such attachments is if he knows what’s in them.

In order outwit script-based viruses; it is adviceable to ask an expert how one can open scripts in Notepad or Wordpad. Then he should get someone who knows Visual Basic to look at it. If the user is not on his PC, but sees its modem lights flash, it means a hacker could be testing for vulnerabilities.

Password protection

A good password is easily remembered, but not easily guessable. It should be kept a secret, never written down and never saved in a file. When a website asks if a password should be saved, always say no. A password ideally should have at least six or more letters, numbers or punctuations.

The letters should be in capitals and lowercase. It should not have four or more letters found consecutively in the dictionary. Here reversing the letters won’t help.

Checking your email has become a dangerous business. The number and types of email borne threats that can cause harm to your computer or your privacy are growing.

Sometimes the actual danger imposed by these threats can be over hyped, but you still need to know what could constitute a dangerous email message and how to respond to the threat.

Virus attacks

When emails are sent as plain text, it becomes impossible to contract a computer virus just by reading email. That’s because something — a programme, worm, or other active threat — actually has to run on your computer in order to infect it.

Increasingly today, we all send and receive emails in HTML format, this makes users more vulnerable to contracting a potentially destructive computer virus that plain text emails.

As when an email is sent in an HTML format (the same format used to create Web pages, on which various types of programmes can be run automatically) the possibility of receiving a virus on reading an email message does exist.

There are, however, ways to safeguard against this. The first is to keep your email security programme updated, downloading and applying the latest security patches and fixes.

Second is to set up your email programme to allow messages to be read only in plain text format. Most email programmes provide this option. In Microsoft’s Outlook programme, for instance, you would open the Tools menu, and select Options.

Then, from the Options dialog box, click E-mail Options, and select the check box labelled “Read all standard mail in plain text.”

Dangerous links

Remember, though, that most email viruses are contracted when you perform some action, such as opening an infected attachment or clicking a link that takes you to a site that downloads a virus on to your computer.

So the golden rule of reading email is this: if it looks suspicious, don’t open anything attached to it or click any links in it. These days, in fact, it makes sense not to click links in email messages at all. Instead, if you think a legitimate source has sent you a message, open a web browser separately and visit the website.

Email ‘bomb’ at work

An email “bomb” refers to the large number of email messages sent to an account with the primary aim of bringing the account down. When an email server is flooded with email messages, it is unable to receive other email messages and effectively becomes useless.

An account that receives an email bomb will also experience an interruption in the transfer and processing of legitimate mail, as well.

Email bombs are particularly dangerous as even if an email server is brought down to stave off the problem, the email bombardment will continue where it left off when the server is restarted.

Another type of “bombing” occurs when a user signs someone for multiple newsletter services and other automatic email generation services that can bring a person’s inbox to its knees.

The only way to recover from an email bomb is probably to contact your Internet service provider for help. It may be necessary for you to disable or change your email address, at least temporarily.

Spammers on the move

You think those spam mails only clutter your inbox, there’s more they can do. This includes installing spytools or other malware on your comp.

Sender of spam and potentially harmful emails use a number of tactics to get your email address. If you have posted your email address anywhere on the Internet, it can be “harvested” by programmes designed to scour the Internet and retrieve freely available email addresses.

To prevent this from happening, never post your email address anywhere on the Internet — including message boards and personal websites — in an unaltered form.

If you must post your address somewhere online, write it in a form that is understandable by humans but not by a machine, such as “yourname — at– hotmail.com.” Also, take advantage of the multiple email accounts you can have.

Email Spyware

Another significant email threat is email spyware. Most often transmitted as part of another related software programme, email spyware compromises personal information, distributing it to unauthorised parties. While some spyware programmes are distributed through email by association with Trojan horses, others are sent directly as a worm or virus.

An example of an email spyware is ‘Ssppyy programme’ which gathers sensitive information from infected computers and transmits it to an e-mail address. Ssppppy arrives as an electronic greeting card, and, once opened, the e-mail spyware installs itself surreptitiously on the user’s computer.

Can kill privacy

Emails can also threaten your privacy. Remember, they can be forwarded to any number of people and can be used against you. If you do not want to risk the whole world knowing something, it is best to convey it verbally.

Use the ‘Reply All’ button sparingly and thoughtfully. Someone ended up forwarding his PAN number to the entire office!

Courtesy: INN & agencies

Is your password your spouse’s name, child’s name or pet’s name? or a combination of these?

Do you use the same password for multiple websites – your emails, social networking sites, online banking transactions, workplace login?

If you do, you are not very different from many others. Despite websites telling us to choose passwords that have a combination of letters and numbers, and are difficult to figure out, most of us still use passwords that are easier to fit our memory. And given the proliferating number of websites requiring passwords, it would look near impossible to remember multiple, complex passwords.

But the flip side of what you do is that, you could be asking for big trouble. According to information provided by security solutions provider Trend Micro, about 37% of those who fall victim to hackers are non-tech savvy net users who use simple passwords, such passwords make the job of cyber crackers easier and faster.

Pavan Duggal, a cyber law expert, says a weak password could result in you losing critical personal or professional data, or your money reaching someone else’s account without your knowledge.

More dangerously your hijacked computer can become a platform for a group of cyber criminals or terrorists to meet and interact. You may find it difficult to prove that you were hacked and therefore innocent. Such a criminal exposure can attract three years of life imprisonment under the IT Act 2008.

“Once you are at the receiving end, your road to justice will be long and winding and you may invariably never get the desired result,” says Duggal. Even the ‘secret’ answers that website ask for at the time of password registration are often dead giveaways. Based on a study of a group of 130 people, researchers from Microsoft and Carnegie Mellon University found that 28% of those who “knew and were trusted” by co participants managed to guess their ‘secret’ answers, while those who were ‘not trusted’ by the participants still guessed right a good 17% of the time.

For example, take the standard ‘what’s the name of you pet?’ question; it was guessed right 40% of the time by people that the participants would not trust with their passwords, a figure that rises to 45% for that old favorite, ‘Where were you born?’

A Gartner study conducted among 4,000 adults who browse online says consumers prefer convenience over security. Most aren’t interested in password management as they want easy way out and in.

Many net users won’t even know that their systems are under attack, until their systems stop responding or data/money is lost.
“A few months ago, one of my colleagues had a hacker attack; his computer stopped recognizing the password. But since he was a techie he could contain the threat and save the system from being hijacked,” says Rana Gupta, business head for India in Safe Net, an online security solutions firm. Amit Nath, the India head for Trend Micro, passwords could be compromised when buying movie, train, bus or air tickets online. “All these sites need not be fully protected. So it is critical to have a strong password management system for every internet user,” he says.

What’s a good password?

Most websites will advise you to use a combination of letters, figures, currency signs, etc to make passwords stronger. But these would still be difficult to remember and you are likely to note it down somewhere, which would be risky. One suggestion experts have is to create a phrase that’s easy to remember and then key in the entire phrase. Thus, you could have lgfSJCi1995 for ‘I graduated from St Joseph’s college in 1995’.

Generally, the longer the password, the better it is. And never choose a word from dictionary as your password. It’s easy for hackers to run programs that repeatedly try to log into your account using words from the dictionary. At some point, they will crack it.

ELECTRONIC STAMP

In a bid to thwart spammers, researchers are planning to add a “postage stamp” to emails. The plan of pay-per-email, they say, will help reduce unwanted spasm and the money thus generated will go to charity.

Spam is more abundant than ever, making up more than 90% of all email sent globally. Most is intercepted by anti-spam programs that filter mail by its origin or content. Yahoo! Research’s CentMail is resurrecting an old idea charge every email being sent so as to make spamming uneconomic, New Scientist reported.

What’s more. The cent paid for an accredited “stamp” to appear on each email goes to charity. CentMail’s inventors think it will be more successful than previous approaches to make email coast. They think the cost to users is offset by the good feeling of giving to charity.

The problem with any such “economic” approach is that it costs money or effort for legitimate, Yahoo! Researcher    sharad Goel explains. By passing the money onto a charity of the sender’s choice, and showing the donation in a “stamp” at the bottom of every email sent, CentMail aims to make senders feel an altruistic glow to balance that perceived cost.