Saturday, May 07, 2005

Take precautions before closing deals online

John Hammond,Arkansas,U.S has been sold the Indian Prime Minister's House in New Delhi for $8000,000 !

Read on to find what actually happened and how risky online transactions are without appropriate precautions.

Friday, April 29, 2005

A few Safe practices to follow

With due credits to the author it is reproduced 'as is' from http://securityawareness.blogspot.com/


Posted By Riff Raff: A Highly Respected Infowar.com Administrator.


Always use both Numbers, Letters and Characters in your password. A password comprised of only letters or only Numbers can be cracked/guessed fairly easily, there are applications that will try every possible word or numerical combination to guess your password.

Applications like John The Ripper (JTR) and Brutus are just two of the more popular password cracking software that is available to anyone who wishes to download them. But don't be fooled into thinking theses are the only way of getting your password, there are plenty of other ways. For example, a yahoo password isn't susceptible to Brutus or jtr. For someone to guess your password or even just change your password. All they need is some basic information that you would probably divulge in a normal chat with someone - like your user name , your Date of Birth, Postal code or even the country you live in.

Ok, now you are thinking it's not that easy to get all that info. IS IT? Yes it really is easy. Consider your last Instant Message with a new person. First thing you find out is their age, location and if they are male or female. Right? In just a few sentences you've told them a lot. Social interaction is normal. It's what draws us to the net. Communication is why we use Instant Messaging.

Social Engineering is a way of getting enough information from you to crack or change your password. Social Engineering is getting you to tell on yourself. Now they know your user name, date of birth, location and probably some other minor things, such as pet names or your nick names. The bad guys are half way there. Soon your new contact has stolen your yahoo identity and they have access to all of your contact lists and email addresses - all from a short chat that you didnt think you've told them anything they can use.

If you make it harder to guess, it's harder to crack. Always use an informal and apolitically combination. Never use a pets name in your secret question and answer. When you do fill out your secret answer to your secret question make them nonsense like pets name could be your mothers maiden name or combination of letters and numbers.

Safe practices will keep it your account. Rule of thumb - a 13 letter, number and character password is almost impossible to break ( it can be broken but it takes much more time and effort than most people want to spend).

Sunday, March 27, 2005

Security for All

Online Privacy for Layman

Whenever you use hotmail, yahoo,gmail, lycos etc for sending mails, they get stored in central servers. These mails are readable for the central server administrators . Do you think that no administrator will ever go through your mails. Wouldn't you go through a mail if some one leaves it open in your desktop. True, you may not do any harm to the sender of the mail, but then you never know whether all of them are harmless as you are !

What if your secret business information is revealed to your competitor by the server administrator ?

What if your secret affair with your lady love is broken to your wife !

What if you want the information to be confidential between a group of people ?

Solution: Do not send email messages !

I hear you saying 'Impossible' !

Then what is the solution ?

encrypt your mails ?

But encryption and decryption is for geeks and not for me Alice.

Cheer up !.

Of late there are quite a few who provide encryption services with some amount of simplicity.

For instance, have a look at these people at http://www.keygloo.com/ They seem to have done something good for layman. The solution assigns you a 10-digit number ('keygloo number' )
similar to your phone number.

This number is given to you once you install the software. The software generates a RSA Key pair consisting of the private and public keys. The public key gets registered with the 'keygloo'
server while the private key is stored as a encrypted profile in your local store.

Once you are done with the installation, you can

a) encrypt files in your desktop

b) send encrypted mails for yourself.

For you to send encrypted mails to others, you need to know the keygloo number of them.

Once you specify the keygloo number of the receiver, the component installed on your machine picks up the corresponding key of the receiver and encrypts the message with that key

To cap it all, it works with the popular web mails like hotmail, yahoo and also with Outlook express.

If you think your privacy in the web is at stake, then it is time for you to look at such solutions.

Richard Newman
Security Consultant

Note:The contents above are my personal opinion about technology and problems. It is not my intention to question or belittle the security policies adopted by any vendor or Service provider.