Posts tagged with: Hacking

7 Points to Stay Safe in the Social Web

Facebook Population

How many of those people you know doesn’t have a Facebook account, or an Orkut or MySpace account? I won’t be surprised if you say your 90yr old grandmother is tweeting or your 3yr old brother is playing mafia wars in Facebook 🙂 With the ever increasing participation of people in social networking sites, the more vulnerable their security is being. As this Mashable post says, a guy named Israel Hyman posted this status message in his twitter account saying he’s enjoying his excursion to Kansas city. Later, he returned home to see that his house had been burglarized.

Ok, now let me tell you how to stay (relatively) safe on the social web.

1. Use Strong Passwords

This is the most basic rule. A complex password may be difficult to remember, but it is worth it, believe me. If you know your dad’s high school sweetheart’s name, try it as password in his mail account or Facebook account. You have good chances. Personally my mother still uses my dad’s nickname as her Gmail password. Using simple, easily guessable passwords is most common in less tech savvy people, like your parents, uncles or high school principal. Recently, a social media website called TeensInTech was hacked and a lot of confidential information were compromised. Later after investigating the issue, the company said that their easily guessable password is what gave them in.

2. Avoid easily guessable Security Questions.

Almost all websites including social networking sites rely on security questions for the purpose of retrieving account access incase if password is forgotten. Using easy to guess security questions is a more common scenario than that of using simple passwords. There was this guy in my college I had a grudge against. I found out his email id from his Orkut profile page. It was a Gmail account. I tried the ‘forgot password’ option in Gmail. I was presented with the security question he had set – “What is my college?” 😀 You guess what happened next. There was another guy whose security question was “What is my country?”. I searched for his name in Google and found that most of the results were related to brazil. So I could easily guess that he was Brazilian. Even if that is not the case, any stupid can see that there are less than 300 countries in the world and it is only a matter of time before guessing the correct one.

Avoid questions like these:

  • My mother’s maiden name? – your relatives may know that.
  • What is my pet? – Your neighbors may know that.
  • My first teacher? – Some of your friends may know that.
  • Where did I first meet my boyfriend/spouse? – At least your boyfriend knows that 😀

There are loads more.  Besides these guessable questions, avoid questions which can have only a limited set of answers, like these:

  • Which month am I born in? – It is only a matter of trying the 12 possibilities.
  • My favorite flavor of ice cream?- It is more than easy to guess, unless you are some weird Eskimo chef 🙂

3. Share less / Share wisely

The main agenda of social networking sites is to make you feel like sharing the most. These sites will make you think that it is a good thing to share everything. You will be even given option to marks some of these information as ‘private’, so that only those in your friends list will be able to see it. Believe me, you can trust no one. You won’t believe if I tell you the number of guys who have asked me to crack their girlfriends’ mail id. I regret to say that I once cracked one of my best friend’s email account, just for fun. I felt terrible after doing so, so I confessed – after a few months!

Your personal information like zip code/postal code, mobile number, birthday etc can be used to retrieve your accounts if forget your password. So it is very important to to share wisely.

Try not to share the following information in social networking sites:

  • zip code
  • address/exact location
  • email address
  • mobile number
  • birthday
  • And other similar information.

4. Add people only  you thoroughly know as your friends

Increasing our friends is one of the thing social networking sites have been doing all these days. Even 5th grade kids seem to have 999 friends. To increase our connections, these sites present several options – importing email contacts, friend suggestions etc. It is not rare getting friend requests from people we hardly know. Most of the time, we accept all the requests, just because we don’t want to say no, and appear to an anti-social jerk. Sometimes you get friend requests from total strangers, and you will accept them just because he is from your state or district. Don’t Do That.

There is this new kind of attack method crackers/hackers are using, called Social Engineering, where hackers gather your personal information and use it to access your online accounts, reset passwords etc. So as I said, when you get a friend request, examine his profile thoroughly and accept the request only if you are fully satisfied. Never accept the request if you have at least a lil bit doubt left.

No, it’s not done with yet.

Even if the friend request is from a close friend or a person you know very well, there is a good chance that you are being manipulated. It is easy for a hacker to create a copy of one of your friend’s profile and send the request. So when you get a friend’s request, first check whether he’s already in your friends list. If you already have the same friend in your list, bet one of them is fraud. If possible, call the friend and ask him whether he just send you a friend request.

5. Do not Over-Tweet.

Twitter is the most trendy social web service now. Every cat, cow and corporation now has twitter account. When it comes to posting status updates in twitter, people seem to think that it is okay to post anything. And they post information which would’ve been kept confidential otherwise.

Know your audience (followers)

If you plan to tweet about utterly personal things, it is better to keep your tweets private. If you set your tweets to be private, your status updates won’t appear in the public timeline as you post them and will not be searchable. If your friend or brother wants to follow you, you will be asked to approve first and then only they will start getting your tweets.

Even if you are just comfortable with keeping your tweets public and wants to keep them so, then it is okay, but keep an eye on what you are posting.

6. Use the address bar to visit the site.

Trust the address bar.

Do not trust links.You may receive emails, saying ‘you have one friend request, click this link to accept’ or anything like that which can be extremely convincing. Do not click on links you receive in email to log into your social networking sites. These links may lead to bogus log in pages that may exactly look like the original login page. And once you enter your username and password into it, hoping to log into the original site, rest in peace.

Bu
t if you want to log into your Facebook account or Twitter account, use your browser’s address bar to type in the address of the site. Also before entering your login details in the site, make sure the address in the url is Facebook itself. Phishers (hackers) can employ addresses similar to the original site. So it is good to double check the address. For instance, I can create a fake Facebook login page in the address www.facebook.com.login.devildesigns.net. The address looks like a genuine one (www.facebook.com) in first look. But it is actually a sub-domain, which anyone can easily create. Only careful look can make out the difference. Tip: There is this Firefox addon which highlights the original root domain. See the screenshot below.

location-bar

You can see the root domain (mozilla.com) is highlighted.

7. ..And finally, Trust No One.

Just keep in mind that everyone you meet online has a good chance of being a malicious user. Trust no one (even if he’s claiming to be ur dad. no no, uncle. okay?). The world wide web is a magical world where anyone can be everyone and everywhere. One can easily disguise as someone else. When next time you get a tempting friend request from a hot young lady, just keep in mind that probably it is some fat, balding guy with his …h…d…hangin s… e … w c (guess it is enough 😉 )

Let me know your opinions/ideas through the comments.

Lighter Side

Identity Theft

Image Source: Flickr


The most funny police warrant!! For sending email and using Linux

I usually do not post about news events. But this one here made it irresistible for me to keep from blogging on it.

I got this news from the EFF Blog. A Boston University student’s computer, cell phone and other properties were seized by the police as a part of an investigation to find who send an email to the college mailing list saying that another student is a gay.

hacker1

Though there is no indication of any crime he has committed, the police has issued a very stupid and funny warrant. Some of the supposedly suspicious activities listed include: the student being seen with “unknown laptop computers,” which he says he was given by Boston College for field testing or he was “fixing” them for other students; the student uses multiple names to log on to his computer; and the student uses two different operating systems, including one that is not the “regular BC operating system”(I think BC stands for Boston College. And BC operating system is some customized version of Windows) but instead has “a blackscreen with white font (I cannot stop laughing… they should have sepcified the font  size too..) which he uses prompt commands on.”

During their search, the police seized (among other things) the student’s computers, storage drives, cell phone, iPod Touch, flash drives, digital camera, and Ubuntu Linux CD ( Oh, I never knew u can send email from iPod Touch or Ubundu CD). None of these items have been returned to him.

To strengthen their arguments, the police also says the (computer science major) student is considered a computer genius by other students (Oh my god, they are hunting down geniuses,.. I must be careful 😀 😀 😀 ).

The student who was employed by college IT department was suspended from job. EFF has filed an emergency motion to quash and for the return of seized property on behalf of a Boston College computer science student Riccardo Calixte.

[poll id=”2″]

cya. bye.

Reference: Computer science student challenges tech seizure – CNET News