Archive for the 'Technology' Category

29
Jun

How to Stop Spam

By Nirdeza Comments
Categories: Technology and Tutorials

Roughly 85% of all email received during the first quarter of 2010 was spam mail, according to a recent Kaspersky labs report.  Spam is a multi-billion dollar industry that costs businesses billions of dollars and causes great annoyance to millions of internet users.  Fortunately, there are many ways that businesses and ordinary citizens can fight the spread of spam and minimize its intrusion on commercial and personal internet activity.

Business Spam Solutions

Businesses concerned about spam and other computer-related security issues can choose between a large number of software and hardware solutions.  Leading the way for serious protection is Barracuda Networks, a business security firm that provides a large range of spam and virus firewalls that can handle anywhere from 10 to 100,000 users.  Barracuda firewalls can be clustered to support nearly any size of business.  Spam and virus definitions are updated hourly by Barracuda networks and automatically pushed out to customer firewalls.

Of course, hardware firewalls are not the cheapest security solution, particularly for small businesses.  Software-only solutions tend to be cheaper and often have per-desktop licensing to match smaller budgets.  Symantec Endpoint Protection Small Business Edition claims to block 99% of spam in addition to providing malware protection, disk-based recovery, antivirus and email encryption.  Corporate purchasing starts at 5 licences and can be purchased in exact denominations up to 1000.

Finally, services like Google’s Postini can filter spam for businesses (usually ISP’s) before reaching the local services.  Individual users can log directly into Postini using their regular email address and passwords to verify whether filtered mail should be sent through to the user’s inbox.

Consumer Spam Solutions

Quite often,  consumer spam solutions are based on the same technology as the corporate solutions.  For instance, Symantec’s Norton Internet Security is a personal product that offers much of the same security features (including antispam protection) as Protection Suite but at a more consumer-friendly price.  Competing commercial products include Kaspersky Internet Security 2010 3-User and ZoneAlarm Security Suite.

However, it’s the free solutions that many will opt for since many are available for non-commercial use.

>>Continue Reading Article

Sphere: Related Content

28
Mar

Using Firefox and Modify Headers Plugin to View Blocked Video Streams

By Blink 7 Comment
Categories: Technology and Tutorials

The Internet has grown immensely as a source for favorite television shows. Much of this growth is due to the underground BitTorrent scene, where users can download and share entire seasons of both current and classic television shows. However, downloading copyrighted material often violates several copyright infringement bills – most notably the US-based Digital Millennium Copyright Act (DMCA). For the non tech-saavy and for those who do not wish to break the law, there are several network-based websites where viewers can legally watch the latest television shows, such as ABC’s Full Episodes website. Also, single TV shows like The Daily Show and The Colbert Report stream clips or full episodes on demand.

"The Daily Show" Website Blocks Video Streaming in Canada

Unfortunately, many of these shows are only available in the USA and only in some cases are the same programs available in other countries via alternative webistes. Similarly, the BBC does not allow its streaming video to be accessed outside the U.K. Even cyberspace can’t escape complicated licensing schemes, it seems.

Typically the response has been to resort to BitTorrent but there is a faster and slightly (though not necessarily entirely) more legal alternative.

Pre-Requisites

Make sure Firefox Web Browser is installed (version 1.0 – 3.6 acceptable)

Installing Modify Headers Plug-in

Open a new FireFox window and surf to the following URL:

https://addons.mozilla.org/en-US/firefox/addon/967

Download the Modify Headers plug-in for Firefox

Click on Add to Firefox

tv03

Click on Accept and Install

Installing Modify Headers Plugin for Firefox

If a software installation window pops up then click on the Install Now button

Installing Modify Headers Plugin for Firefox

Wait for the plugin installation to complete. Click on the Restart Firefox button


Using the Modified Headers Plugin to View Geographically-Blocked Video

Surf to the web page with the blocked video

Confirguing Modify Headers Plugin for Firefox

On the menu, select Tools –> Modify Headers

Confirguing Modify Headers Plugin for Firefox

If you are running the Modify Headers plug-in for the first time, enter the following text in the two text boxes at the top of the pop-up window:

First text box: X-Forwarded-For
Second text box: 12.13.14.15

Leave the third text box blank. Click on the Add button

Confirguing Modify Headers Plugin for Firefox

Ensure that there is a green dot next to the new header (signaling it is active)
LEAVE THE MODIFY HEADERS WINDOW OPEN
(alternatively, you could click on the Configuration and make sure Always On is checked; this way, the plugin is always active)

Confirguing Modify Headers Plugin for Firefox

Refresh the Firefox window containing the blocked media. The video should (hopefully) start to play properly.

Regards to Andy Mason, who created the original YouTube tutorial.

How Well does it Work?

The Modify Headers plug in is one of many methods that can be used to view geographically-blocked video. Modifying headers does not mask a user’s actual geographical origin and defeating this hack is mostly up to the developers on the streaming media servers. No one workaround is perfect and readers are encouraged to post their experiences using this workaround on various streaming sites (don’t forget to include your country). The following tests were conducted in Canada -

  • The Daily Show – Works like a charm. This show was used to develop both the original YouTube tutorial (tested in the UK) and this blog post
  • Hulu – Sends a strange message advising to check internet stream. It is a different message than the typical geographic restriction, so it might be related to my firewall.
  • Pandora – Does not work. Redirects to the same restriction notice.
  • ABC Full Episodes – Works
  • CBS HD Videos – Does not work
Sphere: Related Content

21
Mar

Bombshell McGee’s Facebook Fail

By Cynapse Comments
Categories: Media and Technology

Tiger Woods is likely breathing sigh of relief as Sandra Bullock’s failing marriage quickly overtakes his own drama in the hyperactive imaginations of star-chasers. Bullock was (in)famously married to reality TV star and biker icon Jesse James who was recently caught cheating on her with fetish model / tattoo aficionado / stripper Michelle “Bombshell” McGee.

The media circus, led by the paparazzi-as-journalists at TMZ, naturally combed through Bombshell McGee’s life and found that the model had recently posed in a Nazi-themed photo shoot. McGee also has the tattooed letter W and P on the back of her legs – letters which typically stand for “white power” in tattoo / prison circles.

Possibly sensing the long term business risks of the direction taken by her 15 minutes of fame, McGee quickly fired out a second-hand statement claiming that she is no white supremacist and that the photo shoot in question was merely meant to be provocative.

To McGee’s credit, Nazi-themed photography is not exactly uncommon in the “shocking” world of fetish. To McGee’s discredit, she wears her heart on her Facebook page as vividly as she wears it on her body.

Screen shot: Michelle "Bombshell" McGee's Facebook Page

Look closely at the favourite books section. Many people have read Mein Kampf but very few would list it among their favourite books (if not for the content then surely for the fact that Hitler’s diatribe was mostly rambling). Even more interesting was the second book in her list – The Turner Diaries is a 1978 war novel, written by former National Alliance leader William Pierce, depicting violent overthrow of the United States government and eventual “cleansing” of all Jews and non-whites. Referred to by the FBI as “The Bible of the racist right”, the book has sold over 500,000 copies, mostly via mail order and gun shows. Several high profile hate crimes were committed by extremists who openly cited the book as an inspiration, mostly notably Oklahoma bomber Timothy McVeigh. For one to not only read but commend the book is a blinking light signaling far right sympathies.

Michelle McGee defeated her own argument and provided a fine example of yet another Facebook security threat – user stupidity. Whatever security measures are put in place, Facebook is still a website viewable by virtually anyone so long as one person has access to the information. A Facebook “friend” can easily take a screen shot of or “Save as …” any page on the website, instantly creating the opportunity to make private content very, very public. Incidentally, Bombshell made all the information in the above screen shot completely public so even that level of “wizardry” wasn’t necessary.

There are entire websites dedicated to foolish Facebook behavior by less famous users. Facebook Fails posts reader submissions of awkward survey responses, bullying and general purpose drama by Facebook users who type before thinking. For your pleasure, some noteworthy entries from the Facebook Fails website -

Facebook Fail: Fake Tan

Facebook Fail: Salmonella

Facebook Fails: Avoiding Socialism

Facebook Fail: Back on the Market

Facebook Fail: Divorce

Sphere: Related Content

03
Mar

Lethal Lucia – The Facebook Spammers are Here

By Cynapse Comments
Categories: Media and Technology

There I was minding my own business on Facebook when a friend request popped up.  Now how nice is that? Someone wants to be my friend.  After 2 years of social networking the requests start to slow down and navigating the site becomes a test of navigating through melodramatic status updates and covert invitations to Mafia Wars / Mobwars / Youville / Happy Aquarium / etc.

Lucia is not a bad looking gal...

Lucia Pahmeier … nope, doesn’t ring a bell.  She seems to be a good decade younger than me to boot, so it can’t be school or co-op.   Sometimes it’s good to take a chance, and being a male, my brain isn’t the only organ weighing in on the pros and cons.  Still, Lucia only has 2 friends?  I’m one the first people she thought to contact on the web?  Seems unlikely.  A few warning bells go off.

Lucia got something pierced … what, I wonder?  The alarm bells are very loud now.  The clincher is that Lucia is unable to put up any more pictures in facebook (what else do young ladies do on Facebook apart from spread sappy memes and play Farmville?)  but she leaves a link to pictures.  Riiiiiigggght.  Good chance that obvious link forwarding URL is heading to a porn site.  Part of what made MSN Messenger unusable was having to deal with 20+ friend requests per week from what amounted to she-bots promising hours of online sexual self-gratification if only you’d come visit an external website.  Facebook seemed to be somewhat resistant to such sly advertising though obviously someone could just create a profile and try to snag males seeking another “hot chick” for their Facebook stable.

Mystery Solved. I shall not sign up.

And there you have it.

Facebook is now officially a spam target.

Lucia acquired about 50 friends before her friend request and profile disappeared.  This was no doubt due to complaints from real users but she won’t be the last of her kind.  Facebook’s social network is too rich for Porn / Viagra / etc sites not to try penetrating its secure layers.

The important part of this story is that I did not let Lucia become my friend and in turn have access to my personal details.  As mentioned in an earlier Facebook tutorial, advertisers are very eager to get get access to user demographics, which tend to be cleaner and more appropriate for marketing purposes than most other sources (and are of course free).  Think twice before you accept a friend request unless you absolutely know the person.   Also, don’t be afraid to send a private message for confirmation before accepting.

Sphere: Related Content

15
Dec

4 Ways to Protect your Facebook Data under the “Improved” Security

By Cynapse Comments
Categories: Technology and Tutorials

Facebook’s controversial new security measures were designed to increase user control over privacy; however, privacy advocates charge these changes were mostly an underhanded method to release large amounts of private data (mostly photos and fan data) to the public. Additionally, Facebook’s 350 million users must now go through a more convoluted process to protect their personal information from third party developers who lure users with their addictive games and surveys.

While the world’s leading social network recently backed down on enticing users with their deceptive “Recommended Settings”, there are still several areas where user data may be vulnerable to third party snooping. Here are 4 steps ever user should take to protect their personal information.

#4– Don’t let Friends Give Away your Private Information

Prevent friends from inadvertently giving away your personal details to an application on their profile.

How:

4-1

On the top menu toolbar, select Settings -> Privacy Settings

4-2

Select Applications and Websites

4-3

Click on the Edit Settings button, located beside the title “What your friends can share about you“

4-4

Uncheck every option under the title “What your friends can share about you through applications and websites ”. Click on the Save Changes button.

Why:

Unfortunately, Facebook users must worry about the bad habits of friends as well as themselves. This “feature” is touted as a virtue on the security settings page:

When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card.

However, virtually anyone can become a Facebook developer just by downloading the development guide, and it is safe to assume that not all of them are solely interested in enhancing your user experience. If you don’t specifically uncheck the items in the list above, they can be shared with third party sites by way of your friends’ applications – even if you have set the information to to viewable only by friends or yourself.

Note that all information you’ve specifically set to public can still be read and analyzed by third party applications and websites. But more on that later.
Continue reading ’4 Ways to Protect your Facebook Data under the “Improved” Security’

Sphere: Related Content

12
Dec

Facebook Creepers, Unite – New Site Policy Weakens Data Privacy

By Cynapse Comment
Categories: Technology

Pssst, want to check some photos of that hot chick/fella that won’t won’t have you as a friend even on Facebook? Thanks to the social networking site’s new privacy rules, you probably can for at least a while. Originally billed as a move to enhance user privacy, Facebook actually ends up exposing more user information in some cases:

  • Profile photographs now default to “friends of friends”, meaning anyone with a mutual friend may browse whatever you post (some people have complained that their profile photos and other photo albums were made completely public,)
  • The new “recommended settings” option usually amounts to sharing personal information with everyone – friend or not.
  • There is no more option to prevent Facebook apps (eg Mafia Wars, Farmville) from harvesting your personal information. Apps can also harvest your public information when installed on a friend’s account
  • Fan pages are now permanently public.
  • Sharing information with “everyone” now includes the rest of the web, not just everyone logged onto Facebook

It is easy enough to reverse most of this exposure using the profile security settings (set all photo albums to “only friends”) but it would have been nice of Facebook to mention their plans to default profile photos to public status.

To the company’s credit, friend lists are no longer published on user pages, meaning it is no longer possible for casual users to browse each others’ lists of contacts. However, this information is still available to application developers, and possible even search engines. The latter is noted because Facbook recently signed a deal with Microsoft to publish user content via the Bing search engine. Again, users can opt out of this arrangement through their privacy settings, but Facebook hasn’t gone out of its way to tell us how.

In the meantime, while Facebook users slowly realize their photos are in the public domain, you can sneak a peek at photos that weren’t meant for your eyes. Try to resist the temptation.

(h/t to Jeela for first alerting me)

Sphere: Related Content

29
Jan

Silentbanker – Online Fraud Just got a Whole Lot Smarter

By Blink 7 Comments
Categories: Technology

The media often feeds public hysteria with scare stories about online banking fraud and other types of internet scams. While most are rooted in truth, the attacks are often simplistic and easily blocked via a combination of server security measures and user vigilance about sharing personal information. Moreover, financial institutions assure consumers that their latest security precautions and best use education will protect from the majority of devious attackers who wish do plunder bank accounts. But what if there were a trojan/virus/malware so sophisticated that it could steal your money in the middle of a transaction without the customer, bank or even the secure connection method detecting suspicious activity? Enter the Silentbanker.

What is a “Silent Banker”?

The Silentbanker is a sophisticated Trojan horse program that installs itself on a target computer and intercepts confidential information entered during online banking sessions. Stolen information can be then transmitted to the attacker or used to steal money from the victim’s account. There have been several flavours of Silentbanker, with the more recent versions using rootkit software to avoid detection by antivirus programs.

Once installed, Silentbanker can perform several man-in-the-middle attacks on infected computers

  • Cookies and authentication certificates can be certified before being encrypted, allowing the attacker to authenticate a login using stolen information. Both simple logins and two-factor authorization can be defeated. Even transaction authentication number (TAN) protection can be targeted
  • While processing a money transfer, silentbanker can intervene to change the destination account to the attacker’s account, causing the victim to transfer money to the attacker without any warning
  • The Trojan continually updates itself by downloading configuration files containing host names and authentication routines for hundreds of banks worldwide

Silentbanker can work over an SSL connection, making the browser’s verification that the victim is on a “secure” (https://) connection meaningless.

How to detect and Remove Silentbanker

Silentbanker can be manually removed but experts recommend this only be performed by seasoned computer users. As of writing, the following security programs claim to detect and automatically remove Silentbanker:

  • Norton Antivirus
  • Malwarebytes’ Anti-Malware

How to Protect against Silentbanker and Similar Attacks

The simplest and only 100% effective way to protect against Silentbanker and similar Trojans is to never bank online. This solution is infeasible for some (e.g. those who are a great distance from the nearest branch) and highly inconvenient for others. Moreover, cutting off the online banking channel would not protect the consumer from the myriad of other bank-related fraud schemes that have little or nothing to do with consumer internet usage.

However, there are still actions users can take to greatly reduce the chance of being targeted by Silentbanker and its future derivatives.

1) Use only trusted machines. If possible, use only one private computer to access online banking. This machine should be one the user can scan regularly and install the software mentioned in the other following suggestions. Public computers (kiosks, libraries, Internet cafes, etc) can be very risky depending on the administrators’ security policies. Corporate computers are usually protected by blanket security solutions but the IT department may not be quick enough at rolling out patches and updates.

2) Do not use Internet Explorer for secure web transactions. Silentbanker manifests as a BHO (browser helper object) that only works with IE. Despite the many security patches issued by Microsoft, IE remains susceptible to this type of attack. Alternative browsers include Firefox, Opera and Google Chrome.

3) Install anti-Malware / antivirus software and update it regularly. Please see the article “Challenges of Internet Security – Your Best Weapons” for more information.

4) Install a firewall. Also see the above article for more information.

5) Create a Windows restore point. Once you are sure your computer is free of Silentbanker and similar programs, create a system restore point

  • Click on the start button and select Start > All Programs > Accessories > System Tools > System Restore
  • Click on the radio button “Create a restore point”. Click on the Next button
  • Verify and record the date of the restore point (Windows usually stores several). Click on the Next button
  • Confirm the summary information. Click on the Next button

Windows will save all the systems settings and create a restore point. If your machine is infected in the future, enter the same System restore tool and select the “Restore” radio button. Select the date you recorded earlier and Windows will reverse any system changes back to that date, effectively erasing the infection

Two warnings related to #5:

a) Restoring the system to an earlier date will also reverse any software upgrades or installations performed since that date
b) Restoring the system can also restore other viruses and other malware. Windows prevents antivirus systems from cleaning data inside the system restore folder. It is recommended to either (1) BEFORE creating the new restore point, temporarily disable Windows’ restore feature so that the antivirus software can clean older restore data, or (2) Delete all the windows restore points before the “clean” one that was just created

Sphere: Related Content

« Previous Entries

Further Research


RSSQuick Shots




Categories


Archives