Ajit Gaddam: TechNews and Security

There are several things you can do that can help minimize the chance of your site being flagged as suspicious. Think of these as best practices or optimal Web site design ethics.

# 1: Use secure sockets layer (SSL) certification with a current server certificate issued by a trusted certification authority if you ask users for personal information.

# 2: Make sure that your Web page doesn’t expose any cross-site scripting (XSS) vulnerabilities. Protect your site by using anti-cross-site scripting attack tools

# 3: Use the fully-qualified domain name. All domains should reverse to actual domain names, not numeric IP addresses. This means a URL should look like “microsoft.com” and not “207.46.19.30.”

# 4: Avoid using the @ symbol before the fully-qualified domain name in your URL. The @ symbol enables phishers to concoct deceptive URLs and is therefore immediately suspicious to Phishing Filter.

# 5: Don’t encode or tunnel your URLs unnecessarily. If you don’t know what this means, you probably aren’t doing it.

# 6: If you post external or third-party hosted content, make sure that the content is secure and from a known and trusted source.

# 7: When building the content on your site, don’t use invisible text, JavaScript redirects or doorway pages

Related Links:

1. What a PayPal phishing email looks like and How to detect it

2. Unauthorized access to your PayPal account

3. Spammers using TinyURL to flood comments

4. Microsoft Phishing Filter site

This email format is one of the most classic PayPal phishing emails with the subject being that there was an unauthorized access to your PayPal account and you are asked to verify your credentials.

The Images and everything else are taken directly from the valid PayPal site. To verify, hover your mouse over the PayPal logo. You would see that the header image comes from https://www.paypal.com/us

Read the rest of this entry »

By default, Windows Vista can be installed, used and run without any license, product key or the need of activation for 30 days grace period, for purpose of trial or evaluation. Although Microsoft initially stressed that users should purchase a license with valid product key before the trial period expires, or else Windows Vista will lock into Reduced Functionality Mode. However, a “rearm” method has long since been discovered to be able to extend, or reset the remaining time for activation to another fresh 30 days, for up to 3 times.

To extend, reset or restart the initial OOB grace period of Windows Vista to another 30 days, use the following steps:

You need to run the command prompt under the Administrative mode. You can either use the step outlined below or just type in cmd in the Start Search Box. Once command prompt is displayed in search results, right click and select Run As “Administrator” and then follow from step # 3 otherwise follow from Step #1 as shown below.

Step # 1: Click on Vista Start button and key in Cmd in Start Search box.

Step # 2: Press on Ctrl-Shift-Enter to open Command Prompt with administrative credentials (equivalent to “Run as Administrator”).

Step # 3: In the Command Prompt, type the following command and press Enter when done: slmgr -rearm or you can use sysprep /generalize

Step # 4: Reboot the computer.

Step # 5: Rearm again when the remaining activation grace period timer counts down to 0 days.

Rearm option resets the computer’s activation timer and reinitializes some activation parameters.

via [neowin.net]

This started out from performing a Spam message analysis we receive everyday at AskStudent.

What is spam?

Spam is usually meant as unsolicited email messages sent to your account. Spam is also referred to as “unsolicited commercial email/posts” and “unsolicited bulk email” sent to either your email accounts on message posts online on websites or blogs. They range from advertising usually Viagra to potentially offensive(child Porn).

Why am I getting all this spam?

Spammers(the people who send spam) “harvest” email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers. Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to “cold calling”; they’ll keep trying email addresses until they find a valid one.

For example, a spammer could send a message to fit.edu addresses and just use all known common first names before the @ sign. The invalid ones will bounce but the valid ones will get delivered.

We will walk you through a new method being used by spammers –> 

Have the spam link on online message boards originate from a valid and a reputed site such as a .edu or a University/college website.

Spammers have determined that if they register for a message or university discussion board account, they can then leave a link to their webpage. The link shows up on the message board user list. What the spammers then do when leaving a link on comments on a web site such as AskStudent’s , instead of leaving an obvious link to a spammer site, the link would be something like the following:

web.universityname.edu/deptname/disc1_frm.htm

This URL looks relatively innocent, after all it is coming in from a university web site and probably some students there have a discussion going on, on their message boards about the article on which the “comment” was placed. But, if you follow the link, you get to a discussion board that uses JavaScript to immediately redirect you to the spammer’s site.

The problem with this hacked .edu message boards is that they are coming in from a Trusted domain. So what happens when a link from a trusted domain is posted on your blog. It results in something like this coming into our moderation queue everyday. Spam links which originate from .edu domains.

Links being used for SEO

Still not convinced. Try a Google search for phentermine, a drug that is among the most promoted by spammers. In the results page on Google, two out of five top results return hacked message board pages advertising and promoting phentermine.

Read the rest of this entry »

Okay, I think I used Yahoo! as a search engine for … lets see maybe the fourth time ever. I was playing around with Flock and the default search engine in the Flock Browser is Yahoo. So, my justification for using Yahoo as a search engine aside, I wanted to check out Yahoo! Photos. Since I didn’t know the exact URL, I pop in Yahoo Photos in the Yahoo Search Engine and this is what I get.

As you can see, we get an Arabic name as the first result for Yahoo Photos. I try to copy paste the name of the site/URL into Google Translator and I end up with a loading sork

Read the rest of this entry »

I am also a Security Editor at a very popular student portal AskStudent. Like most other portals, our operations are supported by Advertising and we use Google Adsense to take care of advertising on AskStudent. At AskStudent, we cover a lot of topics such as Security, Health, Career, Jobs, Coding, Money matters, Shopping etc. We also cover Sexual Health and Love and Relationships at AskStudent.

Last week, out of the blue, our Senior Editor gets an email from the Google Adsense Team

Hello,

While reviewing your account, we noticed that you are currently displaying Google ads in a manner that is not compliant with our policies. For instance, we found violations of AdSense policies on pages such as http://www.askstudent.com/2006/12/02/maturecontentpostataskstudent/?preview=true.

As stated in our program policies, AdSense publishers are not permitted to place Google ads on pages with adult or mature content.

Please make any necessary changes to your web pages in the next 3 business days. We also suggest that you take the time to review our program policies (https://www.google.com/adsense/policies) to ensure that all of your other pages are in compliance.

Once you update your site, we will automatically detect the changes and ad serving will not be affected. If you choose not to make the changes to your account within the next three days, your account will remain active but you will no longer be able to display ads on the site. Please note, however, that we may disable your account if further violations are found in the future.

Thank you for your cooperation.

Sincerely,

The Google AdSense Team

Now, this was a problem. We did not know what Google treated as mature content. However, with respect to the post in question, it was justified. So the first step we did was remove all ads serving on AskStudent while we figured out a solution to this problem. At AskStudent, we use Adsense Deluxe plugin. If you don’t use this plugin and manually serve ads or hard coded the ads, then I would highly recommend using this plugin.

Now, There are two solutions to solving this problem of how to avoid serving ads on a mature content post but keep serving ads on the rest of the blog

Solution # 1: After disabling ads generation through Adsense Deluxe, you can manually copy and paste adsense code onto individual posts. However for a portal like AskStudent with hundreds of articles, this is almost a highly time consuming if not an impossible task.

Solution # 2: Perfect Solution: Code it up

Read the rest of this entry »

Apple aired its 30 seconds iPhone ad during Sunday’s ABC’s telecast of Oscars 2007 Academic Awards  ceremony. The commercial begins in Black & White with a ringing rotary telephone and then follows up with clips from various movie and television shows featuring both real life characters such as Dustin Hoffman, Harrison Ford, John Cusack, Kevin Spacy and also animated characters such as Mr.Incredible and Betty Rubble from Flintstones answering the phone and saying “Hello”. Towards the end of the commercial, we see the iPhone doing a 360 and then we see a full screen caption “Hello” and then ” Coming in June”.

Macworld has the entire list of 31 different movies and TV shows that were featured during the commercial. Also check out Macworld for the song featured during the commercial.

The iPhone ad aired during the Oscar ceremony’s first commercial break after the awards for art direction and scientific and technical achievements were presented.

The iPhone ad has also been posted on Apple’s Web site.

[youtube]6rk3VNB66Yw[/youtube]

Wow, check this out. This is a picture of the AT&T Global Operations Center. How awesome for the network technicians working out in the front there …

To check out a bigger picture go here or here

I heard about them before that sometime in late January of this year, Google has been tagging certain sites in search results with a Malware warning saying “This site may harm your computer”. These are sites which Google has indentified as sites with some malcode on the server hosting the site or some WMF exploit present in the code of the site.

According to Google they are doing this as they want their users to feel safer when they search the web and that Google is always working to identify such dangerous sites and provide increased protection for their users. In case you decide to go ahead and click on the site which Google has flagged as hosting malware, you are taken to a page which looks something like below. You are given a warning “visiting this web site may harm your computer. You can learn more about harmful web content and how to protect your computer at StopBadware.org” You can then return to the previous page with the Google search results for your query or you can go ahead and continue to the site you wanted to visit. You are however not given a link to click to go to that site. You either have to copy and paste the URL to visit the site.

Read the rest of this entry »

In this category, I will be posting the different and various kinds of spam messages I get. Most of them are funny. Some of variants of the Nigerian Spam and some are bordering on innovation. The image headers are being hotlinked to Microsoft’s servers to this header image http://i2.microsoft.com/h/all/i/ms_masthead_8x6a_ltr.jpg. Microsoft’s Logo comes from this link http://i2.microsoft.com/h/en-us/i/msnlogo.gif in this spam email

This spam message is from the Microsoft Award Team congratulating me on winning the Microsoft Lottery Award. It included a serial number, my lottery ticket number and also my lottery ticket winning numbers which were 14, 21, 25, 39, 40, 47 with the special number being 20. I also won £1,350,000.00 or 1 Million and three hundred and fify thousand Great Britain pounds as one of the 5 jackpot winners in this draw.

I have been assigned a fiduciary agent, a Dictor Greg Thomas, for claiming my reward who is based in the U.K and has the Email address : dictor_greg_thomas@katamail.com and a UK telephone number: +44 7 031 948 758.

The Email is also from a Bryan McDonald of the Microsoft Promotion Team who is also a Vice President at Microsoft. Her email address is not as everyone would imagine, based on the microsoft.com domain but a globedraw010@hotmail.com

Read the rest of this entry »