Ajit Gaddam: TechNews and Security

Many spam-filtering techniques work by searching for patterns in the headers or bodies of messages. For instance, a user may decide that all e-mail they receive with the word “Viagra” in the subject line is spam, and instruct their mail program to automatically delete all such messages. To defeat such filters, the spammer may intentionally misspell commonly-filtered words or insert other characters, as in the following email example

The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a literal computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods; such as the non-standard use of punctuation or numerals into unusual places, for example: within in a word.

(Note: Using most common variations, it is possible to spell “Viagra” in over 1.3 * 1045 ways.[29])

So, how do we get around such Spam techniques?

Most of the spam that sneaks into my inbox past SpamAssassin and my Bayesian spam filter gets there because almost every word in the message is intentionally misspelled. By not giving the filter recognizable content, the messages get past. So how about a spam filter that works by spell check? If more than 50% of the words are misspelled, there’s a good bet that the message is spam or in a language I can’t read anyway.

Microsoft has some charity initiatives going on right now. One of them is using Microsoft Windows Live Search for the purpose of charity. This charity initiative is titled “Searching for a way to help. You have found it.”

There are over nine million refugee children worldwide. The United Nations Refugee Agency aims to help and focus on these children. You can help them learn, help them play. Stability comes from community. Education is the right of every child — UNHCR(United Nations Refugee Agency).

Help raise awareness and funds for refugee youth with just a click! Every time you search from the below link or on the image below, Microsoft will make a donation to ninemillion.org, a UN agency-led campaign providing education programs for the nine million refugee children around the world. This is a very noble initiative on behalf of Microsoft which seems to be following its founder Bill Gates direction who is giving away most of his fortune to charity.

For every search performed from this page between January 17 and March 31, 2007, Microsoft will make a contribution to ninemillion.org, a UN agency-led campaign providing education and sports programs for the nine million refugee youth around the world.. All contributions will benefit ninemillion.org to support educational programs for refugee youth.

On March 2, beta service for most Windows Live OneCare customers will be discontinued. You would need to make alternate arrangements before that date to ensure that you have full protection and PC care.

To continue using Windows Live OneCare service, you can subscribe to it by following these steps:

1. Uninstall the OneCare beta.

• On the Start menu, click Control Panel.
• Double-click Add or Remove Programs.
• Under Currently installed programs, click , Windows Live OneCare and then click Change/Remove.
• In the Uninstall Windows Live OneCare dialog, click Uninstall.
• Follow the directions to uninstall OneCare and restart your computer.

Read the rest of this entry »

There are several things you can do that can help minimize the chance of your site being flagged as suspicious. Think of these as best practices or optimal Web site design ethics.

# 1: Use secure sockets layer (SSL) certification with a current server certificate issued by a trusted certification authority if you ask users for personal information.

# 2: Make sure that your Web page doesn’t expose any cross-site scripting (XSS) vulnerabilities. Protect your site by using anti-cross-site scripting attack tools

# 3: Use the fully-qualified domain name. All domains should reverse to actual domain names, not numeric IP addresses. This means a URL should look like “microsoft.com” and not “207.46.19.30.”

# 4: Avoid using the @ symbol before the fully-qualified domain name in your URL. The @ symbol enables phishers to concoct deceptive URLs and is therefore immediately suspicious to Phishing Filter.

# 5: Don’t encode or tunnel your URLs unnecessarily. If you don’t know what this means, you probably aren’t doing it.

# 6: If you post external or third-party hosted content, make sure that the content is secure and from a known and trusted source.

# 7: When building the content on your site, don’t use invisible text, JavaScript redirects or doorway pages

Related Links:

1. What a PayPal phishing email looks like and How to detect it

2. Unauthorized access to your PayPal account

3. Spammers using TinyURL to flood comments

4. Microsoft Phishing Filter site

This email format is one of the most classic PayPal phishing emails with the subject being that there was an unauthorized access to your PayPal account and you are asked to verify your credentials.

The Images and everything else are taken directly from the valid PayPal site. To verify, hover your mouse over the PayPal logo. You would see that the header image comes from https://www.paypal.com/us

Read the rest of this entry »

By default, Windows Vista can be installed, used and run without any license, product key or the need of activation for 30 days grace period, for purpose of trial or evaluation. Although Microsoft initially stressed that users should purchase a license with valid product key before the trial period expires, or else Windows Vista will lock into Reduced Functionality Mode. However, a “rearm” method has long since been discovered to be able to extend, or reset the remaining time for activation to another fresh 30 days, for up to 3 times.

To extend, reset or restart the initial OOB grace period of Windows Vista to another 30 days, use the following steps:

You need to run the command prompt under the Administrative mode. You can either use the step outlined below or just type in cmd in the Start Search Box. Once command prompt is displayed in search results, right click and select Run As “Administrator” and then follow from step # 3 otherwise follow from Step #1 as shown below.

Step # 1: Click on Vista Start button and key in Cmd in Start Search box.

Step # 2: Press on Ctrl-Shift-Enter to open Command Prompt with administrative credentials (equivalent to “Run as Administrator”).

Step # 3: In the Command Prompt, type the following command and press Enter when done: slmgr -rearm or you can use sysprep /generalize

Step # 4: Reboot the computer.

Step # 5: Rearm again when the remaining activation grace period timer counts down to 0 days.

Rearm option resets the computer’s activation timer and reinitializes some activation parameters.

via [neowin.net]

This started out from performing a Spam message analysis we receive everyday at AskStudent.

What is spam?

Spam is usually meant as unsolicited email messages sent to your account. Spam is also referred to as “unsolicited commercial email/posts” and “unsolicited bulk email” sent to either your email accounts on message posts online on websites or blogs. They range from advertising usually Viagra to potentially offensive(child Porn).

Why am I getting all this spam?

Spammers(the people who send spam) “harvest” email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers. Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to “cold calling”; they’ll keep trying email addresses until they find a valid one.

For example, a spammer could send a message to fit.edu addresses and just use all known common first names before the @ sign. The invalid ones will bounce but the valid ones will get delivered.

We will walk you through a new method being used by spammers –> 

Have the spam link on online message boards originate from a valid and a reputed site such as a .edu or a University/college website.

Spammers have determined that if they register for a message or university discussion board account, they can then leave a link to their webpage. The link shows up on the message board user list. What the spammers then do when leaving a link on comments on a web site such as AskStudent’s , instead of leaving an obvious link to a spammer site, the link would be something like the following:

web.universityname.edu/deptname/disc1_frm.htm

This URL looks relatively innocent, after all it is coming in from a university web site and probably some students there have a discussion going on, on their message boards about the article on which the “comment” was placed. But, if you follow the link, you get to a discussion board that uses JavaScript to immediately redirect you to the spammer’s site.

The problem with this hacked .edu message boards is that they are coming in from a Trusted domain. So what happens when a link from a trusted domain is posted on your blog. It results in something like this coming into our moderation queue everyday. Spam links which originate from .edu domains.

Links being used for SEO

Still not convinced. Try a Google search for phentermine, a drug that is among the most promoted by spammers. In the results page on Google, two out of five top results return hacked message board pages advertising and promoting phentermine.

Read the rest of this entry »