As you know HTTPS sites are secure sites and your transaction with them is safe from eavesdropping. Google recently launched Google ssl for this purpose hwre your search is secure.

Now Electronic Search Frontier has developed an add on for firefox browser that will help you surf the web in HTTPS.  Sites like the New York Times, Washington Post, Twitter and Facebook,  Google services and a good many popular and semi-obscure sites are covered.

On installation, your browser automatically goes for the HTTPS/SSL connection option, or uses TOR’s resources to make it encrypted.

However , remember that unless Firefox displays a colored address bar and a complete lock in the status bar the  connection is not secure. This is because the webpage may contain third-party elements like advertisements which can be exploited.

Please note that surfing the web in HTTPS is comparatively slower than surfing without it.

Download the addon at EFF

A link  to a phished page of Twitter is being sent as a direct message to followers. Most probably the tweeter, who is automatically direct messaging his followers, might have typed in his username and password in the phished page himself. Using that details the attacker can send DM’s to all the followers with the hope of getting more victims.

If you look at the url, it is linked to bzpharma.

http://commonwealthcommunications.com/?rid=http://twitter.verify.bzpharma.net/login

http://cbsi.net/?rid=http://twitter.secure.bzpharma.net/login

These are actual links that I have received. Firefox 3.6 and Chrome 4.0 will warn you about this site as Reported Web Forgery. If you visit the site you will be taken to a login page and when you enter your details you will be taken to this page http://bzpharma.net/login/err.html which has a pic of Fail Whale with the message Twitter is overcapacity. After that you will be redirected to the actual twitter homepage.

Please take care about the links you click on and where you put in your login details. Use latest browsers like FireFox 3.6 and Chrome 4.0.

Google in its Chrome Blog has announced rewards to developers who discover and report the bugs to Google. This is in line with Mozilla’s Security Bug Bounty Program where you can earn US$ 500 for reporting a new bug in the latest version of FireFox , ThunderBird and other software.

Google’s cash reward like Mozilla’s starts from US$ 500 and can go up to US$ 1337.  You must be the first to report that bug. Depending upon the severity of the security hole, you will get a suitable reward.

However, in both Mozilla and Chrome, the bug must be in the core browser. Vulnerabilities due to third party software and OS will not be rewarded.

So, there you go; one more reasons to learn hacking.

The latest version of these software can be found here ->Mozilla and Chrome

The most popular technology site Techcrunch has been hacked (12.05 IST). You can only find the word  ’hi’ on the top left corner of the page.

It is the most popular site in Tech niche and the most popular source on Techmeme.

Edit: It is back up after 10 mins (12.15 IST) What might have gone wrong? Maybe they might write a post explaining what happened.

My gmail Id was hacked. Most probably it was at the cyber cafe where I had gone for surfing the internet. Some prankster might have installed keylogger or something. Thankfully, the email id I used at the cafe  was not important. But the issue of security made me ponder for a solution for such situations where we are forced to rely on others to secure their computers and networks.

The only thing I could think about is semi login. How about making a provision of logging in with limited powers and access. Similar to linux computers where we are encouraged not to login in with full administrative powers. But instead of having different username, we could have only different passwords.  The password entered in the password box should decide whether the user wants to login using full login or semi login. This will ease the users from the hassles of remembering many Usernames.

For example, suppose “xyz@gmail.com” has the main password as “qwerty” and semi login password as “asdf”. When logging in to the the service if the user enters the username “xyz@gmail.com” and the password as “asdf” then the service provider must know that the user wants to login using semi-login. Or else, we can make a option button that the user can select if he wants to use the semi-login functionality so that the service provider is notified abut it.

Consider a situation for a Gmail account. Google has conquered our online world. It is the login for our email, adwords , adsense, shopping account as well as used as an username for third party services like Paypal , etc.

If for some reason the Gmail account has been compromised then all other accounts are also in peril. This all could happen just because we wanted to check a friend’s email forward or a newsletter.

The solution is having something as semi-login. When  logged in using semi-login, we must only have access to emails which are  pre-decided by the user to be shown when he is in full login. That is, the user can decide what all emails and which senders’ emails can be accessed  in semi-login. The user can easily make the “funny” mails, mail forwards and newsletters, ie. the unimportant stuff, accessible via semi-login. He cannot access other mails or change any account information.

The user can decide what all things can be accessed and modified when in semi login. Which mails he wants to access and which mail he can reply to.

Also, in Adsense or paypal we can use semi-login to check today’s earnings and nothing else. No inside data like channels, previous earnings, etc or account access , only the figure that will let the user know how much he has earned today.

Even if the semi login password is compromised, the hacker can only access the unimportant mails. The advantage of semi-login password is that the user can use the same password for semi-login for all his online accounts as it won’t make much difference in the event that this password is known to someone else. As his main passwords will be different from the semi login password, as well as from each other, the hacker cannot cause any damage.

For example, suppose the main password for  ”xyz@gmail.com” is “qwerty” and for “xyz@hotmail.com” is “zxcvbn” then we can use a semi login password for both the account “asdfg”.

However, online services must enforce policies to safeguard the main password like not allowing the semi login password to be a sub-string of the main password, etc.

Edit: Unimportant mails would include newsletters, etc. You can also mark any email you receive as unimportant. Also, you can filter incoming mails from friends who send email forwards, etc. Of course, the obvious problem is that what if that friend sends important email. However, usually most people have different email accounts  for sending and receiving important emails and for leisure purposes like sending forwards.

Terrorists have been using open and unsecured wireless networks to send threat emails, latest case is of the American citizen Haywood who was living in the city of Navi Mumbai. Here are some tips that will help you secure your home or office Wi-Fi network from unwanted elements. You must change the default settings of the wireless router in order to protect yourself as it is weak . If you know how many computers are there in your Wi-Fi network, it’s easy secure yourself.
Follow these steps:

1: Change the default password

Each router has a default username and password which you must change before you start using it. Otherwise, a stranger, after gaining access to your User-1d and password might be able to reconfigure your router rendering all your other security measures useless.

2: Change the default IP address

Every company have common default IP (Internet Protocol) address for their routers. This should be changed. However, you have to stay within the series (eg. 192.168.xxx.xxx) but the last values can be changed to anything as you like.

3: Disable the DHCP service

DHCP (Dynamic Host Configuration Protocol) enables remote computers connected to the router to access your IP address and connect to the network without needing to know the IP and router address information. If possible, set up the computers with static IP addresses. If you still want to use DHCP , restrict the number of DHCP IP users to the number of computers you have on your network.

4: Change the default SSID

The SSID is the name of your network. It reveals the name of a house or office ie. the origin of the signal, allowing hackers identify the physical location of your router. To prevent this change the SSID to some random name, or disable SSID, if possible. Disabling makes your invisible to laptops and cellphones in the area which can automatically scan for Wi-Fi hotspots to try and join them.

5: Use WPA2 or PSK security over WEP

WEP (Wired Equivalent Privacy) keys can be cracked easily, so choose WPA (Wi-Fi Protected Access), which makes use of 64-bit or 128-bit encryption. PSKs are Pre-Shared Keys, which provides more security than WEP or WPA. These encrypted keys are shared by the router and your Wi-Fi devices. The higher the encryption rate, the more difficult it is for a hacker to crack your network.

6: Enable the MAC Filter

Enable MAC (Media Access Control) address filtering to restrict or authenticate a particular computer on the network. If an unauthorized computer tries to connect to your network, it will be rejected.

7: Use the router’s firewall

If your router has firewall feature enable it.

8: Disable remote administration

Remote management features is a helpful and convenient feature if you are always on the move, but can also be the weak link for hackers to exploit. Enable this feature only when you really need it.

9:Keep the router switched off when not in use

Switch off the router if you are not going to use it for long periods, such as at night, when travelling, etc.

10: Disconnect the Internet when not needed

If you do not need to use the Internet at all times, you should unplug disconnect the internet connection.

11: Make your router difficult to access physically

If possible, keep the router at the center of your home or office so that no one can easily hit the reset button rendering all your security precaution useless.

If you liked this post check out how to secure your laptop.

Planning to go to countries where privacy of citizens is of little or no importance to the Government? Most of us like the internet because it helps us escape the real world and also allow us to keep our anonymity while doing so. Unfortunately, many countries are keeping track of their citizens tracking behaviour. If you are surfing the internet using a public hotspot, you are in grater danger of reavealing your sensitive information to unwanted people.

Here are some free, open source software that will  help you maintain your  privacy:

1. UltraSurf for Windows) It helps protect Internet privacy with anonymous surfing,by hiding IP addresses and locations and cleaning browsing history, cookies,etc.
2. Hotspot Shield for Windows and Mac) It secures your web session using HTTPS encryption. Hides your IP address.Helps you bypass censorship and firewalls.Protect you from snoopers trying to get sensitive information about you at  hotspots, airports, hotels, corporate offices and ISP hubs.
3. Tor for Windows, Mac and Linux) Tor defend you against any form of network surveillance that will threaten your personal freedom and privacy, confidential business activities.Tor works with many applications such as web browsers, instant messaging (IM) clients, remote login and other applications based on the TCP protocol.

Please note that Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugins, etc.  can be manipulated into revealing your IP address. Please be careful while surfing anonymously in certain countries with tyrranical governments where even a small mistake can lead to your arrest on most occasions.

For most of us laptop have become an important part of our life. Whether you are a business man or a student your notebook might contain several valuable contents. So what do you do when you are forced to leave your laptop unattended like while going to the loo? You can lock it using a password. What if you forget or you were using your computer in front of several prying eyes?

There is a solution for this. Rohos Logon Key 2.6. This program is like a key to your Desktop Computer or laptops. Just like your car won’t start without a key and removing the key would stop your car’s engine, this software when installed in your USB flash drive acts just like the key. When you insert your USB drive your computer gets unlocked and when you remove it you computer is locked again.

You have to install the program in you computer and then connect you USB drive. Do the necessary settings so as to make that particular USB drive your computer’s key.