K World

Recently, too much action happening when it comes to email accounts. Couple of friends complained that they’ve lost their logins all of a sudden. One friend from college complained that his girl’s email account was compromised. They believe that some hacker at brazil opened his terminal and wrote ./hack user@gmail.com to hack them. Few really think that it as simple as opening Microsoft Word and write “Access Granted” in Green color to hack.

I want to tell them one thing. These days, most of the email services are fairly secure ( *cough* *cough* Not talking about rediff which added ssl login a month before or India times which use to save password in cookie as plain text) But, I’m talking about services like Gmail or Yahoo. But, we need to accept the fact that even though we are intelligent and we’ve some protection on our computers like Antivirus, firewalls for windows folks, or like my friend Hari tells, install Linux, or as Ashok suggests OS X … we are busy most of the time. Some times, we don’t use our brain while doing some small things.

You would be talking to your friend on mobile phone and checking orkut for new scraps. The guy one phone might be telling you about his new project or something like that and you are involved in the chat. There could be some scrap from a girl … Karteek, greeting card for you !!! As usual, we click on the link, and it tells you that you need to login to view the card and you just login while talking on phone.

…

…

…

[Recap]

What happened ? -> You clicked on the link

After that ? -> It asked you to login

Then ? -> You logged in

Then -> It might tell you to login again as your password is wrong

After that ??? -> You logged in or it logged you in automatically or you just left it

…

…

Now, the analysis part. Well, nothing big happened. You were just Phished. You tried to login to a service on a fake login screen. You might lose many things through that username and password (your email might have much info).

Now, coming to the important part, how to escape from it ? Well, be careful is my answer. But, I know that I told you that we might just get carried away sometimes. For that I coded a small greasemonkey script which will protect you from low level phishing attacks. Yes, only low level. If the hacker is intelligent, he can game it easily, but most of the time intelligent hackers have much more useful things to do than to hack you. So, dont worry much about it.

The script is well commented. It doesn’t do wonders but just serves the purpose. Feel free to edit it make it more useful and share with others. I dont care about licenses, so I don’t mind even if you tell your girl friend that you coded it to protect her from being phished

Very important. Never ever install a greasemonkey script unless you read it and damn sure that its secure. Anyway, you can find the script here.

Update : Code made little more logical. Now it won’t annoy much. And by default, I made it support Google, Yahoo, Hotmail and Wordpress. Adding other services is very easy.

Guess you know what is DNS ?
If you don’t know what it is …
Its Domain Name System. All the servers will have some set of numbers to identify them (IP), to recognize them easily we give them a name (domain name) and for internet to work, DNS maps these names to numbers. (Duh, read wikipedia for more info)

For the techie folks who know whats DNS, you might have missed this news. There was a bug. It was just a bug when people din’t know. Few days before , its was a problem as bad people know that it exists. And couple of days before, it became a major problem as bad people got to know how to tame the bug and exploit it. And today, its frigging Pain in the A** as our dumb ISPs are not fixing their DNS servers.

Well, the bug is that bad people can manipulate DNS lookups. Which literally means, when you open Google.com, then can send you to Yahoo.com too. Search engines need not be a problem, but if they manipulate DNS of a bank … the answer is … somebody is gonna get hurt real badddddd

So, I request you to check (@Doxpara) whether your DNS server is vulnerable to such bug or not, and if it is, change it to OpenDNS (208.67.222.222 and 208.67.220.220) and stay secure. As of today, I’ve tested BSNL and Airtel DNS servers (Chennai) and both of them are vulnerable. Guess, we need to take a huge rod and shove it up into someone’s a** and make them fix their DNS servers so that we can stay secure.

For extra-super-terrestial technical folks, I need not tell you about this, but incase you missed it, check (@Securebits) the exploiter released.

Google introduced a new feature in Gmail service. Gmail now shows last 5 access types and IP addresses which accessed the current account and lets you end sessions from other locations (where you might have hit remember me option)

Seriously, this is one kick ass feature I’ve been looking for in gmail and they’ve done it with a sweet add-on (I never expected the remote sign-off feature) and for this feature, love you Google.

Don’t ask me why I’ve covered my IP address, I’ve no clue why I did that. May be because, I usually find IP addresses and IDs concealed in screenshots.

This is an old news, but I came to know couple of days before when I was watching TED Talks couple of days before, I came across “The true face of Leonardo Da Vinci” by Siegfried Woldhek. The presenter himself is an artist and he has done a good research on finding the true face of Da Vinci. He uses the known facts about Da Vinci and proves that Da Vinci did three pictures of himself. And he points out the similarities of the three pictures. Well, you can watch it here

But, for the lazy folks who cant/wont/dont have time to watch the show, here are the three pictures.

1. Franchino Gaffurio, The Musician
   
2. Vitruvian Man
   
3. His portrait in red chalk
   

He also stated that the age of the subjects in the photos suit the age of Da Vinci and the time of the photograph. For me, the rather interesting and fascinating thing is that the man in the painting Vitruvian Man was Da Vinci himself. Anyway, this research was presented in an interesting manner and the talk is a small one. So, now stop being lazy and watch it.