Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Feb 2, 2015

Interview with the geniuses at Degoo.com

Interview with the geniuses at Degoo.com Front
Today we have with us the founders of a really interesting cloud based service, degoo.com. Often users face problems when they try to back up their computers. 

Some suffer due to lack of processing power. But, our Dynamic duo Carl Hasselskog (CEO) and Mattias Nylitz (Co-Founder) worked upon their master's thesis and created degoo.com, a service that lets you automatically back your computer on the cloud by sharing your unused hard drive space. What’s more? You can get up to 100GBs of Back-Up space for the same! 

You just need to select the folders you want to back-up and whenever changes are made, they will be backed up. The space you designate will be used for storing the back up of other users. The files are compressed and stored with 128-bit AES encryption which reduces the safety concern substantially.
Degoo is also currently working on another service which personally interests me more, i.e. Processor time sharing. A concept, which can very well be a stepping stone in the world of computing. But enough of that let’s hear it from Carl and Mattias the founders of Degoo.com!

Degoo.com

An Introduction

Mohit: Alright Carl! Here’s the first question. How did you start degoo and what does the word 'degoo' signify?

Carl: Hi! Degoo started off as my Master’s thesis at the Royal Institute of Technology in Stockholm. I felt that there was great demand for a backup but that the current solutions were too hard to use and expensive.

About the Team

Mohit: We'll be delighted to know about you and your team. What functions do you handle and how do you delegate responsibilities to the team? 

Carl: When working at a start-up you have to be prepared to do pretty much anything. One day I could be optimizing a compression algorithm, the next day I might be pitching to investors or answering support tickets. Lately we’ve been growing very rapidly and we’re therefore in the process of delegating some of the support work to an outside firm. However, we will never outsource all support. I think it’s crucial that the founders always stay very close to the customers to really understand their needs and struggles. Doing support is a crucial part of that.

On the Cloud Storage

Mohit: Though I have mentioned the workings before, I'm sure the readers would be thrilled to understand degoo's workings in the words of its creator.

Carl: There’s so much very highly technical stuff going on that it’s hard to describe everything in detail. My own Master’s thesis was written in Swedish but we have published some work in English. For instance this paper describes how we measure the online time of each computer.


Mohit: If you store all data on the computers of your own users, none of the data is actually stored on any of your servers, is that true?
We can also detect if someone tries to tamper with a fragment
Carl: Since we’re still in beta we actually store an extra copy on servers, in addition to the copies stored at users computers (just to be safe). 


Mohit: You call users providing storage space as 'subcontractors' and further add that the 'subcontractor' and not degoo is responsible to any damage to users' data stored on its computer. What if someone successfully hacks the user data stored on its PC and proceeds harm the owner of the data? Will degoo not be responsible? 

Carl: Before uploading any data the files are encrypted and then split into small fragments. You therefore only store a very small encrypted fragment of the file. We can also detect if someone tries to tamper with a fragment and if that happens we will just ignore that fragment and just one of the fragments that we’ve replicated to other users (we have lots of redundancy in place here).

On Processor Sharing

Mohit: Tell us something about how degoo shares processor time among users. 

Carl: The idea is that you will get more storage in exchange for sharing some of your processor time. This is an optional feature that you can opt-out of at anytime you like. Our long term goal is that this processor capacity will be used to create a giant virtual super computer.


Mohit: A virtual super computer sounds awfully futuristic! Do you envision your technology to be used for research and industrial applications in the future?

Carl: Yes, our long term goal is to create a super computer that drastically reduces the cost of computing in the world. We’d love to give researchers, corporations and hobbyists access to the vast amounts of computing power this would provide.

On Customer Support

It is crucial that the founders always stay close to the customers
Mohit: Why do you choose desk.com to be your front end for customer support instead of using degoo itself?

Carl: Desk.com is a great way for us to stay productive and keep track of all support tickets coming in. The support portal that we can create with Desk.com allows us to rapidly improve our support articles whenever we feel that they need to be made clearer. 
We give up some flexibility compared to doing it ourselves but we think the productivity gains outweigh that.

Question from our Readers

Recently one of our readers asked a really insightful question. Something that can be viewed both as a technical and a moral one. So, Carl here's a question from Rachel.

Rachel: Interesting concept. I hope my hard drive is not being used to store pirated or risque content of other users. How do you ensure that my hard drive is being used for legitimate purpose?

Carl: Before the upload all files encrypted and split up into tiny fragments. The data stored at each hard drive is therefore just a tiny encrypted fragment of a file. You therefore never run into the risk of storing some illegitimate content on your hard drive.

Lastly

Mohit: A large project entails gigantic problems. What was the biggest difficulty or setback that you encountered in the project?

Handling all of that complexity without confusing the user is very difficult.Carl: The biggest challenge so far has been to make the system reliable and easy-to-use despite the very complex technology going on behind the scenes. P2P makes everything much more challenging. 


Degoo's Co-Founder MattiasSecurity, performance and reliability all become much more difficult when the underlying hardware can be unreliable and slow. Handling all of that complexity without confusing the user is very difficult.

That’s all for today folks, codemakit would like to extend its heartiest congratulations on the success of degoo.com and would hope for more innovative surprises from the firm. 

Thank you Carl and Mattias (Whose photo can be seen at the right), you've been a true sport answering every question with utmost zeal. If our readers have some queries or suggestions for degoo.com, put them in the comments section and I would make sure that they reach Carl or Mattias.

Related Reading,

You know we have seen some coding experts in the past too, have a look at An Interview with Metin Saylan from Shailan or Jacob Gube from Six Revisions.

The interview with JetBro wasn't too bad; you can check them out too.

This was,
Interview with the geniuses at Degoo.com MohitChar

Jul 21, 2014

All about Phishing and Phishers

All about Phishing and Phishers Front
Have you ever encountered a mail saying you've just won a $#insert huge sum here# lottery? 

Or wondered why does the mail address looks suspicious? Such are just a glimpse into the evil machinations of a scammer that uses his online prowess and apparently your lack of, to scam you of your privacy and your money.



What is Phishing?

First comes the definition, Phishing is basically an attempt at finding personal and sensitive information about you. Such information if divulged can lead to compromised accounts and a lot of grief at the end. 

Where Does Phishing Occur?

'Phishing Nets' (Coined by codemakit) is the place from which the scammer starts getting your attention. Most common Phishing nets (in Order of preference of scamsters) is 

1. Email: The most common Phishing location. You can check if your mail is authentic or not (Too many Phishes out here)
2. Social Networks: By posting malicious links at Facebook, Twitter etc. You can check these too (Talking Phishes out here)
3. Websites: By hosting malicious Websites that let you fill forms thereby phishing for your personal information. You can check for Website Certifications (Fake Phishes around here).

What do Phishers want?

The Phishers want your personal information, everything from your email address (Which they can spam later) to your name, address, credit card information etc. (Though, I've given a few tips to protect yourself from divulging your passwords) Once they have enough information about you they can move on towards monetary pleasures. Meaning? They'll use your information against you. For an example, one of the most common phishing nets are Emails and the most common Phishing Practices include being a bank representative. They will probably tell you, that they're from a reputed bank and have your file with them. 

They’ll throw in a few informative pieces of information gathered from you before to let you believe they actually have an official file on you. Then they'll frighten you by stating that you're password is about to expire and if you do not send the required information, your account will be blocked. Once you send the information you can safely say goodbye to all your hard earned income.

The Types of Phishing Techniques

There are 4 different types of Phishing.

1. The good old Bland Phishing

They just send out millions of spams to every email address they could think of and wait if anyone gets caught in their Phishing net and replies.

The good old Bland Phishing

2. Spear Phishing

As the name suggests, This technique is usually adopted by Phishers holding extraordinary grudges against some specific person. Which might be their second grade class teacher or a college professor who dropped him or a show-off neighbor who can't keep his dog quiet at night. The Phishers gain personal information about the particular person (Sometimes he/she already knows). Once they have the information, they'll use it in the way given above to scam you of your money.

Spear Phishing


3. Whaling

Again as the name suggests, Whaling includes phishing for a whale, i.e. a really big corporate honcho or just another person with a lot of green in their reserves. The victims can also be big shot executives who actually hold the rein to the security of their companies' databases. A successful whaling attempt can lead to divulging of company database passwords or the database itself, thus opening the door to countless other phishing attempts. No amount of extreme techniques to store your passwords will keep them safe unless you're willing to save the information from falling into the hands of cunning phishers.

Whaling codemakit

4. Clone Phishing

This is a relatively new technique, where the Phishers create a mail that is really similar to the ones sent by authentic sources. For example, a bank website sending promotional emails are often copied and modified. Then, the modified email containing everything will be sent to the victim. All but one change, the links in the email will be changed so that the user is redirected to the scammers’ website where the user will give its Username and password to login. Only realizing minutes later that he/she was scammed.


Clone Phishing Codemakit

Phishing Terms (codemakit)

Phishing: You already Know it.
Phishing Net: The place where Phishing Starts. (Email, Social Networks, Websites)
Phishers: Scammers who phish for your information
Phisheries: Shady places (might be in Nigeria) where scammers often sit in front of computers wearing an overcoat and dark glasses (Bazinga!). These are the places from where they send/create scam.

Related Reading,

You can read all about The Simple Steps to stay safe Online.
Find out about How Passwords are stored on Websites

Download Complete Report

Now you can download the Complete 23 Page Official Report on Different Types of Phishing Techniques.
You can also download the Funny Version of the Official Phishing Techniques Report, where we make fun of the phishers and their useless attempts at scamming people.

This gave you an introduction into
All about Phishing and Phishers MohitChar

Jul 7, 2014

When was a Webpage Updated

When was a Webpage Updated
Ever wanted to find when was a webpage updated? Here are some methods to find out when a webpage was updated. We'll be discussing several methods to find when a webpage was updated. 

For example the WayBack machine method, change Detection method and JavaScript method.



The WayBack Machine

One of the most popular methods for non-programmers is the wayback machine method. Codemakit had already discussed the method in one of its previous articles on the Internet Archivist.

It is a project by 'The Internet Archive' a non-profit enterprise which has been receiving data from Alexa and many websites. In short it is a type of library that stores versions of your website.

WayBack Machine


The usage is awfully clear, you need to enter the URL of the website which you need to check in the search bar and press enter. The previous version would be right before your eyes. Now it must be clear that you cannot use the Wayback machine for determining the last updated version of a website that needs a login before you enter, simply because, the website would need authentication.
Another problem is you would not get a very accurate date. For a smaller/ not so popular website it would be in the range of a month. If you need a more accurate method of finding when your page was updated, keep reading.

Change Detection Method

A website known a change detection also performs a similar task but differently. Here you need to paste the URL of the page and your email address. So, whenever the website/Webpage URL changes, you'll be the first one to receive a notification. The only problem with this method is you will not be able to get any historical data. The mails would start from the point when you enter the email address and never before.

Change Detection


The JavaScript Method

The JavaScript method is by far the most simple and the most effective method i have found to determine the last updated/modified version of the webpage. The steps too are simple.
  1. Go to the URL you need
  2. Paste the following code "alert(document.lastModified)" (without the quotes)
  3. Now type the following on the code "javascript:" (without the quotes) *
  4. Such that the complete code looks like "javascript:alert(document.lastModified)" (without the quotes)
  5. Press enter **

The steps are outlined below,

JavaScript Method


* Note. It is very important that you type in the code in third step. It doesn't seem to work without it. The code is said to work in all major browsers and gives the most accurate time and date.

** Note. You need to remember that the results are in the MM/DD/YYYY format and the Time is in HH:MM:SS format. This is particularly useful when you have a date as 01/04/2014.

This answered your Question,
When was a Webpage Updated MohitChar

Apr 28, 2014

What are blog / website cookies


What are blog/ website cookies frontNowadays, A lot of websites display a message saying, "By browsing our website you agree to our cookie policy.” Many of my friends are baffled by this sentence. They often ask what are cookies and what do they do?


First it is important to note that a cookie, contrary to what the name suggests is just a text message that a Web server sends to a Web Browser. To understand why we need a cookie, I think we need an example.


The Example

Keeping cookie in mind let us have an example of an ice-cream vendor (mmm.. desert). The vendor has a shop where every day scores of people visit and buy ice-cream from him. His store has just about every flavor under the sun.

Little Sam and Susie have been coming to the store for the last 2 weeks. Their mother had once handed out a list to the vendor about the things Sam has allergies to. Sam can eat only chocolate with sprinkles and Susie likes plain strawberry. Whenever they approach the store, without asking, the vendor begins to prepare the ice-cream cone beforehand.

Why? After seeing them at the store for so many days, he knows their likes and dislikes. He knows that Susie will not eat anything other than strawberries and Sam will not have anything without sprinkles. So he modifies any order given to him likewise. This way Sam and Susie always get what they like.

The Relation

In our story, the recipe given by their mother is a cookie (Not an actual cookie but the internet one). The cookie does the important job of giving information of the preference of a particular browser, thereby helping it display content that is relevant to the visitors. The vendor would never give Sam anything listed on the paper that his mother gave. Hence Sam and Susie will always be happy and revisit him every day.
website cookies explained

Why do Websites use cookies?

The Design of a website is important in terms of visitor experience. Your blog is adorned with awesome layouts and dynamic and slider templates with exquisite patterns (Chosen in consultation with a design professional). But in the end, what matters is "Does the User likes it?". Similarly, in the internet world, preferences and personalization often matters. When a mail that you receive has your name on it, you are bound by curiosity. When a commerce website offers you range on cheap shoes you are delighted because that was what you were searching few hours ago. 

In short, cookies help you get a really personalized experience from a generic website and that is what gives you an edge over your competitors. It might even reduce your bounce rate (though bounce rate are not that important)or keep visitors longer at your website leading to higher revenue.

Know the cookies in your computer

Even you can check about the cookies stored in your computer with some simple steps.

Cookies in Chrome


Cookies in Chrome


Types of Cookies

Now that the concept is clear to you, we shall go forward and understand what the differenct types of cookies are. Essentially there are just two types of cookies,

Session Cookie (Temporary one) 

This one gets deleted once the browser is closed. They cannot collect information from your computer and is stored in temporary memory.

The persistent cookie (The permanent one) 

It is stored on your hard drive and stays there until you delete them manually. (We shall discuss how to delete cookies manually)

The Good and Bad Cookies
Hope you've understood the concept of Cookies.
If you have any more questions, Drop it in as comments, we'll update.

Related Memes




This answered 
What are blog/website cookies Mohitchar

Mar 9, 2014

Simple Steps to stay safe online

Simple Steps to stay safe online
With the advent and increased participation in hacking and phishing attempts, one must be sure to be safe. A busy blogger (obviously not a potato blogger) or a workaholic designer or an innocent professional who thinks that the web is safe enough is obviously and blatantly mistaken. The terms Online Privacy, cookies and IPs are being popular day by day. Staysafeonline.org celebrates world privacy day on 28th January too. So one must learn to retain their information and stop it from falling into the hands of bad guys. What do you do? Obviously a request on your Facebook page or personal blog will not deter the shady guys wearing a sly grin. (Notably this actually worked against spammers at codemakit when they were informed about Nofollow attribute.. digress..). So one must employ a better and sometimes more sophisticated way of hiding your personal data.

Why do we need to hide our data?

The answer can be very well explained to you through a rhetorical question. "Why do you keep your bank passbooks and checkbooks safely? Or why do you keep your credit cards, super safe?" Simply because there are chances of such things being misused and in most cases against you!
Let us take a really simple case, many people use their middle names or nick names or their combinations as passwords, a quick look by a cyber criminal on your Facebook/twitter page will reveal phenomenal details about you. A cyber criminal with a grudge against you (Now that's something you would not want) will skim through social networking sites and try accessing your email account through such passwords, eventually if he/she gets through, you will have a lot to worry about, as most online accounts have a facility of resetting passwords

The criminal can go to your account enter your email address and click "Forgot password". Now the website on receiving such request will innocently reset the password and send a new one to your mail. Only catch is that the cyber criminal has access to your email address. He/she can wreak all kinds of havoc on your life by messing with your online persona. Usually the popular ones include accessing your social network and posting a vulgar video or an obscene picture or a hilarious yet defaming comment about yourself like "I am coming out of the closet now!" or some other less subtle messages. But the ones which do not make the headlines are the sudden loss of a large amount of money from a bank account. Even less reported are the cases of Blackmail.

The Steps for staying safe online

In Order to Avoid hassles and to stay super safe, outlined are a few steps that your must follow to keep yourself safe online. remember better safe than sorry! So lets go through the process once.
mail(temporary,junk) browser(incognito,deletion) surf(privacy settings, proxy servers)

Take Charge of your Accounts and Email

1. Keep your accounts close!

You might have many accounts at various websites, but do you know how to keep them safe. How to prevent your login information from a previous article where some offline methods are discussed to store your Usernames and Passwords.

2. But your Email closer!

First and foremost just as the above example depicted, You must first take control of your email. Conventional emails offer simple username password security out of which username is always known to people. You just rely on your password to keep your account safe. The password might be really long and extremely convoluted but in the end it is just a combination of characters (You would be shocked if you find how simply websites store usernames and passwords).
If you are using Gmail (If you're not See a complete list of features of Gmail) kindly opt for Google's two step protection. You will have to provide your mobile number for the same and if you're logging-in from an unknown computer, you will receive a code from Google as a text message which forms the second step of protection. Without entering the code you cannot go further. Some email service providers also provide an arrangement for two passwords, which is not as effective as Google but it does the job doesn't it?

3. Use Disposable/temporary email

Sometimes people need to provide email address for web content. Websites are often found begging and sometimes strutting while asking for your email address. In simple words, I have an eBook, You have an email address, lets exchange! (codemakit too asks for email address for its SEO and Content Guide ebook) but don't get us wrong. there is an inherent theory behind asking email addresses, Often websites with quality content are targeted by their competitors who employ hackers/helpers in large numbers to harm the website. An email authentication or just the provision of an email often helps curb this menance. But if you do not want to give your personal email address to a website you do not trust, you can either check out the website certifications, you can use a temporary one. here is a list of
Temporary mail providers

1. Guerrilla Mail is know to scramble the address too. It Updates the inbox in every 10 seconds and exists for about 12-15 minutes after which it vanishes.

2. The 10 minute mail obviously exists for 10 minutes and then disapears. Until then you will recieve mails to your temporary inbox.

3. Get airmail has one blatant advantage over every one of its competitors, there is no time-limit to your inbox. The mail will remain valid indefinitely until and unless you close your browser.

4. Yop mail is one of the most trusted providers among its competitors. You can even name your own email which would look more authentic than a bunch of randomly generated numbers.

But websites have their own ways to check. so sometimes the method does not work (maybe 5-10%) If you do not want such hassles of visiting the site again or creating a new one every time you need something, It is better You create a permanent mail which will hold all your junk emails. This mail must have really simple username with an even simpler password which can be recalled any time you need. Even if it is hacked, It will be the hacker's loss and not yours.

Take Charge of your Browser

There are cases when you need to employ security tactics at the root of internet surfing, i.e. the browser, It is the application which actually transforms your request and returns with a webpage. So, how fo you safeguard your browser?

1. Delete your traces

Firstly, your browsing history, stored cookies, passwords(important ones), and other information that the browser has stored for your luxury; in one word; DELETE. The above elements stored ina  browser are one of the richest source of information about you. Your cookies, browsing history tell a lot more that you could ever tell in a day. Also remember to disable chrome autofill settings. A regular deletion of such information will provide you an assurance of "My browser has nothing you can steal, (The Mojojojo Laugh)". 

2. Browse Incognito

Secondly If you're really cautious, You must operate your browser in the famed incognito mode. Nearly every browser offers an incognito mode where none of your personal data or browsing activity will be stored in the computer. So you don't have to come back and delete the stuff again. Usually the incognito mode(as Google Chrome Calls it) can be found in almost all browsers and can be activated by a shortcut key combination. Here are the list of browsers and Shortcut key combinations.

Browser Method
Google Chrome CTR + N
Mozilla Firefox CTR + SHIFT + P
Internet Explorer CTR + SHIFT + P
Safari Settings - Private Browsing
Opera CTR + SHIFT + N

3. Virtual Private Settings

You Can even surf cautiously. For places where you cannot afford to make a mistake, you can use a proxy server, where you hide yourself and then browse it is comparable to wearing an armor and going to war.
Geeks are often known to use VPN or Virtual private networks, a discussion of these methods is beyond the scope of the article. However you may find information at PCWorld or at Howtogeek. Information on IP Masking can be found at whatismyipaddress.

And Finally, Surf Safe

Another thing you can do to prevent your information from falling into the hands of smirking black hats is by setting your privacy policy at the other end, i.e. the websites you use like facebook, quora, twitter (list would have stopped at 5 miles). Go there, click on settings and find out privacy settings. Change them to your personal accord. Just five minutes once is enough to spare you the hassle of a lifetime. More the methods you employ, the safer you feel, the next time you surf on a website.

Note. If missed a step or if you know any better method, just post it in the comments section.

Do you feel safe now?
Simple Steps to stay safe online MohitChar

Dec 23, 2013

How are passwords stored on websites? The Basics

How are passwords stored on websites? The Basics Front imageEver wondered how are messages transferred through email clients. What does gmail actually mean when it says your mail is encrypted before sending to another person. Or what does adobe mean when it says, "Your document is encrypted, Enter Password to continue.."

Data encryption has long been in use since the advent of data storage and transmission. It has been in use for website certifications, Storing your passwords and usernames etc. You will have to first understand how you need to protect yourself from divulging or giving away your passwords before understanding how passwords are stored on websites. A recent case of Adobe password leak is sufficient to say that encryption is one of the most important things which websites must remember.

The following article dwelves into the basics of encryption, Further posts might include a more deeper understanding. Lets start with the what and how of data security and privacy. 

Before we proceed..

For newbies, You must know this to go further, Input goes through a function (process) and comes out as an output. This output is called hash code. Using this analogy, Hash Code is the output generated by a Hash Function. This function varies and can produce different outputs based on the content of the message. The output is of a fixed length always and hence the code is a highly effective form of storing and transferring data, used in huge number of applications. There are many different types of Hash function methods available. 

An interesting discussion on data encryption would be for pretty good privacy method. Let us understand this based on an example. Let us assume a small string of letters for our convenience. Lets start with "sheep". Now this is the message we need to encrypt and send to a friend. 

The Pretty Good Privacy Method (PGP)

The Three steps to Encryption

  1. First the string "Sheep" is used to create a key, Let us suppose the key created by string "sheep" is 22RX (pretty cool digits, huh!). This key will be used to encrypt the message (You Know, this key will determine which hashing function will be used).
  2. Now using thie key, the string is encrypted. Let us suppose the key led to the simplest of encryption, i.e. converting into a hexadecimal value. (We use decimal values on day to day basis, i.e. 0 to 9 (Base 10). Hexadecimal values  on the other-hand is present in base 16 and ranges from 0 to E. Converting any text to hexadecimal is fairly easy to do. The converted hexadecimal value for Sheep is "7368656570". Now this was converted based on the key "22RX". Now, second step is encryption of the key itself. The encrypted value of 22RX is "32325258".  
  3. Third stage is concatenation of both key and the message. So, the completed encrypted message would be 323252587368656570 (Assuming key comes first and not mashed into the message). A mashed message might however look like this, "372336252865658570", Which as you can see is much more difficult to decrypt.
ENCRYPTION USING PRETTY GOOD PRIVACY (PGP)

The above flowchart would help you understand the encryption using PGP method without mashing.

ENCRYPTION USING PRETTY GOOD PRIVACY (PGP) MASHED

The above flowchart would help you understand the encryption using PGP method without mashing.

One Step to Decryption

  1. The decryption process is similar too. The message "323252587368656570" is received, the encrypted key is separated, This key is then decrypted and the value obtained is "22RX" now this key is used to decrypt the original message left after removing the key, i.e. "7368656570", After encryption this would be "sheep". This is how your friend will receive the message and privacy will be maintained between the two. Symantec acquired PGP on June 7, 2010. 
DECRYPTION USING PRETTY GOOD PRIVACY (PGP)

The above flowchart would help you understand the decryption process using PGP method.


Simpler Method

with a plethora of Hashing algorithm available, it might be really difficult to determine which algorithm should be used. Hsould you use SHA1 or SHA233? To avoid such mess, you can use your own key to be used for encryption and decryption. Let us go with the "sheep" again. This time I use a key 31, Suppose the function this key uses first interchanges the odd and even digits from the right, i.e. from "sheep" to "sehpe".

ENCRYPTION USING SIMPLE METHOD


Then it is converted into hexadecimal values i.e. "sehpe" becomes "7365687065". Remember, no key is added to the string. So the message's reciever is dependent on you for the key. You send the encrypted value "7365687065" to him and contact him for the key. When your friend gets the key, he/she can very well use it to decrypt the message to get "sheep".

DECRYPTION USING SIMPLE METHOD

This methodology proves to be better than the previous method discussed. This is because, If one gets your message encryped using 'pretty good encryption' or pgp, he/she can spend hours/days/months on cracking the code but eventually, the hacker will know the contents of the message. However consider the case when a hacker intercepts a message encrypted using second methodology, It might be centuries before he/she could break the code without knowing the key used between you and your friend.

Secure Hash Algorithm

Lastly, one method, which is quite popular nowadaysis the Secure Hash Algorithm (SHA), which is a simple yet highly effective way of storing passwords, used by websites in the present. A simple explanation would be that it takes a string of characters (including numbers alphabets and special characters) and converts them into a code of a fixed size

The size depends on the alorithm used. (There are several types of SHAs used, SHA0, SHA1 etc. Secure Hash Algorithm follows a very simple algorithm (in computer's perspective ofcourse), Which will be explained later. There are many different functions too, which can be used to encrypt strings using hash tables, Geometric hashing etc. which  of-course does not come into the purview of "The Basics"

This explained (in brief) about
How are passwords stored on websites? The Basics Mohitchar

Sep 30, 2013

The Attacks of Syrian Electronic Army

The Attacks of Syrian Electronic Army front
War has many faces, It Kills and It spills. On account of Syria crisis in Aug-Sept, It is clear that the attack has spilled over to the internet regime too. Syrian Electronic Army also known as SEA had hacked into American Marines websites in September. When any user would try to access the website, he would be redirected to a small para ending with 'Delivered by SEA".

Six pictures were posted with people holding placards with messages written in English. SEA had largely focused on "Phishing" attacks on social media accounts by tricking people to give away their usernames and passwords. The Associated Press, which is an American non-profit news agency , had their twitter account compromised and displayed a message, that US President Barack Obama  had been hurt in an explosion. Though the news was harmless as compared to others, but nonetheless it led to a serious downfall in the DOW JONES Index  at that time.

The attack on The New-York Times was more disastrous. SEA Managed to redirect the visitors towards its own website.

serious downfall in the DOW JONES Index

According to Wiki, "SEA launched its website in 2011, its proponents stated that they were not affiliated towards any government body but are merely patriotic young people trying to defend their country."

Now why would an article like this be on codemakit.com?
This is because of the type of attack. Hack attacks have been popular since the inception of websites. SEA Used two types of attacks, One was Denial of Service or DOS attack and The other was Website defacement

Under Denial of service, 

The hacker tries to access the server on which the website is hosted and make it unresponsive to any attempts at receiving the website on a browser. In simple words, your browser would request to access the page hosted on the server but server would not respond and you would not be able to view the website.

So, How do they do it? One easy method adopted by hackers around the world is by overloading the web server. This is done by giving too many requests to the server using its resources to the maximum. In this situation the server will not respond to any request from any user, the website will load sooooo slowly that the visitor will have to leave the website to shave away the beard that he grew while waiting for the site to load, thus the hacker will have won.  

There are 4 types of Dos Attack,
1. Hacker will overload the processing capability of the server
2. Editing of the router information
3. Resetting of TCP sessions
4. Physical Network component damage like wires.

Then there are techniques like, Internet Control Message Protocol (ICMP) flood, SYN Flood, TearDrop Attacks, Permanent denial-of-service attacks, Application-level floods,OWASP HTTP Post Denial of Service Tool, R-U-Dead-Yet? (RUDY) etc. More information can be read at the wiki page.

In Website Defacement,  

The hacker gets into the web server on which the website is hosted and replaces the files of the website with some of their own. The common method of defacement is SQL injection, one of the most common techniques used by hackers worldwide. So here, when your browser requests a website, it actually gets the website asked but, it is clearly defaced or edited and thus the hacker wins again.

As a footnote, It will be worth noting that, you can always protect yourself from other special targeted attacks towards your mail. If you have suspicions over a website you can always choose to view its certificate.

Updates


October 28th, 2013,

On October 28th, the Group hacked into US President Barack Obama's  Twitter Handler too. A message appeared saying, "Immigration is a bipartisan issue" followed by a link, which carries a half an hour video which starts with the 9/11 attacks. Check out The Guardian for more.


3rd January, 2014,

In its latest attack, the SEA on 3rd January 2014 kicked off 2014 with its very first hack attempt. SEA hacked into microsoft's very own Skype (which was acquired by the software giant on 11th October 2013). But users shouldn't worry as in an official statement released by microsoft reverts that no user personal data was compromised.

The Hacktivists had hacked into the blogging and microblogging media owned by skype. Through the attack on Skype's facebook page, Skype warned users from using microsoft's email services like hotmail and outlook, thereby alleging sale of user information to the US Government. Skype's Twitter Account witnessed similar defacement when the tweet "Stop Spying on People" was visible with CIA hashed alongwith. Skype's official blog too saw defacement by the hacktivist group when a message was displayed warning against spying by the US Governemnt. Accounts were taken back into control by microsoft and an appology statement was issued shortly.

More..

Find out more on cyber security articles by codemakit,

This was all about,
The Attacks of Syrian Electronic Army mohitchar

Mar 18, 2013

Tips to protect yourself from divulging your web account's passwords

Tips to protect yourself from divulging your web account's passwords
How can you protect yourself from giving out your passwords? Here are simple points for protecting yourself from divulging your passwords. 


For any webmaster, there will be scores of usernames and passwords which must be kept as secret as possible. Though unintentional, but a leak is a leak and can be very disruptive if not handled carefully. There are hackers looming nearby, You could be the next target.



Here are some tips to keep yourself protected at all times. It is the small things that matter the most. The following are the tips 


  1. Never use the default password given by the website itself, always change it whenever you get the time.
  2. Also when you ask for a password reset, always change the password once its done. Do you know how passwords are actually stored on websites? Take a look.
  3. Always keep your mail passwords with utmost privacy because once your mail password is divulged, anyone can reset your mail password or any website account password with just a click.
  4. If you are a web personality or choose to live your life on the web, you would obviously be burdened with the task of storing the passwords somewhere. Never make the mistake of storing it in a simple text file. Use simple but advanced measures (Take a look). So that even if your PC/Laptop is out of your reach, you'll be at peace.
  5. Never give your password to any website or authority. Keep it in mind that no one should ever ask for your password, if they do they’re not authentic.
  6. When in a café, Hotel, Restaurant etc. with an unsafe Wi-Fi, never open up any of your important mail or website accounts like your bank accounts.
  7. Never use the same password and username for every account but use a single password with slight modifications for each website account, Eg. Create a base password like 93110299, now for gmail the password might be 93110299gm, for your flight travel account, it might be 93110299ft or 93110299jet etc, this will save you the hassle to remember different passwords and thereby remove any need to write them down.
If you're still unsure or you need more information, You can have a look at some simple steps to stay safe online.

These were some
Tips to protect yourself from divulging your web account's passwords Mohitchar

Mar 13, 2013

Techniques to store your passwords safely


Techniques to store your passwords safelyRecently 450,000 user account passwords on Yahoo hacked in addition to 6 million LinkedIn accounts and the 32 million on RockYou.com

According to pc world,  A professional hacker can access an account in one second leading to a total of 17 minutes to break into 1000 accounts.

So what do you do to keep your most prized possessions away from those criminals? A budding enthusiast will always have a problem lined up after the other. One such problem is the storage and protection of passwords for your online user accounts. To achieve this feat, one must create a system in which the passwords are stored properly and safely.

For Storage of Passwords

Since your usernames and passwords are the key to unlocking your account information and practically everything about yourself, You first need to create a system for the storage of the usernames and passwords so that they do not just lie around for everyone to watch and read.

Never write Usernames and Passwords in small chits or pieces of paper. There are two reasons: First, you then have to keep track of each and every chit at your home/office and Second, The chits are open to everyone for use.

For the hardware lovers,

Those who think the best way to store confidential information is on paper. These people are cautious, and have utmost confidence in the hacker community, why because they are sure that one day will come when each and every account of theirs would be accessed easily by a bearded, spectacled guy sitting with a laptop. For such cautious paper-philiates only job left is to print out a template on an A4 sized paper. Once printed they can then fill-up the details of carious mail and online accounts through a pen and then keep it in a locked drawer of yours or a small safe.

For the software lovers, 

There are two options available. First to create your own system, i.e. to create an excel file or a Microsoft access file with the below template in use. Second to rely on another predefined system, i.e. a password manager (online or offline).

Use of an Excel file
An excel file is one of the most easy and most trusted ways of keeping your passwords safe (other than that of the paper method). Its advantages are the ease of use and the safety.

Techniques to store your passwords safely

The excel file can be created based on the above template. Once a template has been created, you then just have to enter the website name, your username and the password for the website.

Techniques to store your passwords safely

Now next important step is to secure the complete document. It can be done in the following ways.

  1. Firstly, encrypt the document
  2. Secondly, set a password to open the document
  3. Thirdly, set a password for modifying the document
  4. Fourthly, restrict access to the document
password

Use of a password manager
Many tech savvy people rely on password managers who claim to keep their user’s passwords safe. Some might even go to the extent of using an online password manager. In my experience, password managers if free are of absolutely no use. The companies cannot afford the kind of security needed to ward away hackers with users swarming with free accounts. But paid ones can afford and you will stand better chances with them. Some of the advantages of a password manager are:

  1. Provides a nice template to help you store your passwords in a more effective manner
  2. Help you create stronger and healthier passwords
  3. Ease of use
  4. Relieves you of the hassle of remembering the passwords
  5. Simultaneous updation of passwords
Though I would not recommend it, but for busy bodies, here are some of the password managers

Related Reading,

You can store your passwords safely, but can you prevent yourself from unknowingly giving away your passwords?

Though you know the techniques to store your passwords safely, are you aware of other methods to say safe online?

Also read, everything about phishers and phishing. Learn, how they trick you into giving away your information.

These were the,
Techniques to store your passwords safely mohitchar

Feb 27, 2013

Which creative commons license would suit your site

Which creative commons license would suit your site front
You have a website and you're searching for the best licence under the creative commons banner. Which licence would suit your site? Read the about each and every licence, their conditions and some examples of websites/works which have already implemented creative commons. 

The creative commons have been discussed before, here you’ll find out of the licenses made available by the creative commons, which license would suit you best. 

The creative commons website has made it clear that there are no registration fees for protecting your work with a creative commons license. You just need to select which of the six license would suit you most and marking your works so that others know it is protected with a creative commons license.

The following are the main condition modules (or the conditions under which you’re allowing the user to use your work)

Which creative commons license would suit your site chalkdudesAttribution (BY)

The user will have to cite/attribute you (author/creator) in the works taken from you. Most suited for website/blog/vlog/music content with highly generous authors who do not mind their works to be used for commercial and derived purposes. It is also good for new and first time websites.

Example,
Read the cc Blog Post on the publishers
Repository for teachers on Syria, Read the CC Blog post on the website.
India based Pratham Publishers,  Read the CC Blog Post on the publishers

Attribution Share Alike (CC BY-SA)

The user will have to cite the original author and the same applies to any one who uses the derived work.  Most suited for video and blog content with authors who do not mind their works to be used for commercial purposes. However this type of license is most suited for video and music blogs.
Example,

Attribution No Derivatives (CC BY-ND) 

The user will have to attribute the original author and should not change/modify the works. Most suited for Image creation websites. For example websites or blogs which are into image creation/touch-ups like photoshoped wallpapers, abstract arts, and photography websites.
Example,

Attribution Non-Commercial (CC BY-NC)

The user will have to attribute the original author and can use it freely without using it for commercial purposes. The author must remember that for such a license the derivative works is not subjected to the same license, i.e. the same license does not apply to the works used from you. Most suited for video blogs or video content creation websites like tutorials, personal videos (wouldn't recommend).
Example,
The Paly voice Read about it at CC Blog post

Attribution Non-Commercial Share Alike (CC BY-NC-SA)

The user will have to attribute the original author and cannot use it for commercial purposes. Also the same license applies to any derived work at any level. Most suited for written content from blogs with somewhat reticent authors. 
Example,
We the media from ORielly , 
Video Documentary “An Island”
The very popular Khan Academy

Attribution Non-Commercial No Derivatives (CC BY-NC-ND)

The licensee/user will have to attribute the original author, without modifying or using it for commercial purposes and the same license is applicable to any work derived. Video blogs or VLogs always use this licence. Most suited for image websites which morph and create images, patterns etc. The author can finally relax that even copies of copies of his work cannot be morphed or edited. 
Example,
Photosynth Online Application, Read about it at CC Blog
Monk Turner’s Album 'Love Story'

Share Alike (SA) 

Here, derivatives of the work is allowed but the same license will have to be applied to the derivatives, i.e. The derivatives of their work will be allowed under the parent license.
Most recommended for photo blogs.

Non-Commercial (NC)

The works under this license cannot be used for commercial purposes
Most recommended for music or video blogs

No Derivative Works (ND)

Here, the user can use the works as it is and should not edit/derive from the original works
Most recommended for music or video blogs

Additional (CC0)

The license renders the work with a No Rights Reserved, it has been found that such a license is less ambiguous and can achieve the desired effect on a global scale, rather than limited to some jurisdictions.
Examples to be added for each type of licenses

Note. Just like any official document, there are amendments  CC licenses after amendment has an upgrade in its version. As per 2013-14 the version for all licenses available is version 3.0. If you have a licence of a lower version, then you can apply for an upgrade. One thing though, you cannot downgrade your licence, i.e. going back to a lower licence version. If your website is a global website with global needs, you would need un-ported licences. CC offers the same six different licenses based on the international treaties  also on copyright.

Feel free to comment if you find any other examples of websites implementing cc licences for their content.

This cleared your concepts about,
Which creative commons license would suit your site MohitChar