Blackberry services to end in India?

It’s hard time for Blackberry in India. Some Indian security agencies have asked RIM (Research In Motion, Blackberry maker) to provide algorithm to decrypt messages. If they don’t, It may lead to termination of Blackberry services in India! RIM is in touch with Indian government to resolve this issue.

Government has some security concerns to be addressed by RIM. RIM is providing Blackberry services around 130 countries in compliance with regulatory requirements of governments. But no other government has asked them to provide their algorithms. Their algorithm is the big plus to them, & they might not want to share it.

Blackberry is a very powerful service offering email & internet services on the go. It’s been one of the best business phones available. Banning it might cause lot of loss to India itself. Hope they will come to some sort of agreements with government to continue services in India.

More detailed post about the issue is at Business Standards

Subscribe to this blog's RSS feed

Keyloggers are key stroke recorders which can record all keystrokes made on your keyboard! There are two types of keyloggers, hardware & software. Hardware keyloggers can be attached to keyboard, placed below keyboard or even some keyloggers comes built in with keyboard. External keyloggers are noticeable by the user, while built in keyloggers are not. There are various types of software keyloggers also, kernel based & hook based are popular. Kernel based keyloggers resides at kernel level, which gains unauthorized access to hardware (keyboard). Kernel based keyloggers can be in the form of keyboard drivers, so be careful while installing drivers from unknown sources. Hook based keyloggers, hook to keyboard using functions provided by OS & records keystrokes.

So, let it be your banking password or email account password, it can be easily recorded. Secured encrypted connection wont avoid keylogging, it secures your password after entering & secures until it travels to server. Software keyloggers can also be programmed to send recorded keystrokes to a pre-defined email ID, to upload keystrokes to FTP server or even to access & monitor log on your local machine via internet.

How to prevent from keyloggers:

Web Keyboard: Many banks provide you with online keyboard, make use of this while logging into your banking account.

Firewall: Use a firewall which alerts you when any application tries to connect to internet. Few firewalls are available for free, Comodo is one of those.

Anti Spyware: Many anti spyware softwares can detect keyloggers & cleans your PC.

Auto form fillers: Using form fillers on your browsers will avoid keylogging & also saves your time. There’s an extension called “iMacro” for Firefox, which helps you record any event you make on Firefox & playback whenever required. Get this Firefox addon at https://addons.mozilla.org/en-US/firefox/addon/3863

Blocking unwanted calls from people you hate or from unknown people is the feature I think we should have on our mobile phone by default. I personally tired up with lot of promotional calls from tele-callers. Though many banks & services offers you to register for “Do Not Disturb”, you still receive many calls from other tele-callers. Vodafone was the first to provide “Call blocking system” to help it’s consumers avoid such calls (but at Rs.99/month). But I have not yet heard of similar service by other providers.

Fortunately there is an application which blocks unwanted calls on any network. Epocware Handy’s Blacklist is a series 60 application that blocks unwanted calls. In first run options will be provided for blocking calls from your contact list, recent callers or unknown numbers. It also provided with an option of adding rejected calls into black list automatically. It also keeps log of all blocked numbers for 60 days.

The dis-advantage of software is, It will not notify you when a call is blocked. You have to check your log to know which numbers are blocked. The application is priced $19.95 (Rs.785), I think is the better option to go instead of paying monthly rental to service provider for same. Purchase this application here.

My last post, “Anybody can use your email identity to send mails” left you (& me) with lot of un-answered questions in mind. Let’s understand how email delivery system works & how it could be manipulated & mis-used. 

Simple Mail Transfer Protocol (SMTP) is the technology used worldwide to deliver emails in Internet. Whenever you compose a mail & send, it goes to SMTP server of your email provider (say for gmail it’s smtp.gmail.com). SMTP server then checks for recepient’s email Ids & delivers it to appropriate mail servers. SMTP server could be manipulated to send spams with deifferent email Ids or identity. This is a known issue from years. Whoever has good workarround of SMTP server, can easily manipulate it for spamming. But all these are bit advanced stuff & dummies can’t make use of it so easily. 

The software I downloaded has inbuilt SMTP relay. Which means you need not to configure anything & no any technical stuff. Anyone who knows composing a mail can mis-use it. You will need to just enter “From” field while sending mail. If you send mails manipulating SMTP server, still server name gets displayed in email headers. For ex: If I send mails using SMTP server provided my hosting provider (am hosted on bluehost.com), email header will contain something like “mailed-by: box22.bluehost.com”. But when you send mails using this software, there will be no info about SMTP server in email headers! So there is no piece of evidence to find out from where that mail came from.

This is just an example; spammers use more hundred ways to manipulate SMTP servers. They use bulk email senders, automated scripts…etc. Finding a solution to this problem is a huge task. SMTP cannot be replaced by other standard or system, because it is extensively used worldwide. Millions of SMTP servers are running worldwide. Even making huge modification to SMTP cannot be done.

But since there is no other way, we have to keep our hope alive. Anti Spam Research Group (ASRG) of Internet Research Task Force (IRTF) is working on tools & technique to fight spamming. Here is what its home page says:

The Anti-Spam Research Group (ASRG) investigates tools and techniques to mitigate the effects of spam. The focus of the ASRG is on technology solutions, although it may consider tools and techniques to aid the implementation of legal and other non-technical anti-spam measures. It also provides input for standardization efforts within the IETF

I was searching for a email newsletters software to send bulk emails. Searching few minutes on Google I found an appropriate software. The software was good & did what exactly I wanted to. As I do normally, I started checking each & every option of the software.

In Preferences of that software, there was “Sender Options”, where you will give sender’s email ID & name. When I used this first time I used my actual email ID. Just got bit curious about that option, I entered a non real email ID (anything that came to mind) & sent a mail to my gmail. Shocked! in a second I received that mail in gmail with from email ID exactly as entered in “Sender Options” of the software. Here I will show you how exactly it worked with screenshots:

1. As you see in below screenshot, I have given email ID as admin@google.com & name as Google.

Click to Enlarge

2. I composed a mail & sent it to my gmail & Yahoo IDs

Click to Enlarge

3. The mail got into my inbox in seconds:

Gmail:

Yahoo:

I got this email in my gmail inbox & Yahoo! identified it as Spam. But in this email, no way you can find out it is sent by someone else & not Google. This means you can enter whatever you want in “Sender Options” of the software & send mails. You can enter your boss’s ID, your cousin’s, a bank’s…..whatever. I think you already realized how dangerous this could be. Without hacking anything, any password of email accounts you can use other’s email IDs (identity) for whatever kind of emails. But in gmail still there is a way to find out that is a fake email. When you open a mail in gmail, click “Show Details”. You can find “mailed by & “signed by” information there.

Click to Enlarge

These two info is missing in emails which I sent using that software. But a very less people will look into these options. I am not a hacker & don’t know what’s happening in the background. But I think major email providers should have any algorithm to find out these kind of mails & should block them. Yahoo! even found it as spam, if recipient looks into spam folder & finds sender is known to him, he/she will definitely mark it as “Not a spam”.

Update:

Few more Screenshots

Since many of readers got confused with post, am posting more two screenshots. This time I enter my cousin’s email ID as sender & I will send a mail asking credit card details.

But my cousin is not aware of this email & sent using a software by anyone (here it’s me) And it can also be made such that reply to this mail could go to some other email ID. Gmail is also showing online/offline status of sender & his profile picture on mouse over!

Here my cousin could never know somebody sent a mail like this using his identity.

Aw! This post has become too lengthy.

Name & information of the software I used is not disclosed in article for security reasons.

Today afternoon I got a mail from HDFC Bank saying “Your HDFC Bank Account Need Authentication To Keep Your Account Activate Otherwise It Will Get Blocked”. In the first look only I got some doubt about the email. There was a link to login to HDFC Bank account. When I put mouse over it, it was pointing to some other IP address. This is what exactly the mail was:

Click to enlarge

To investigate further I clicked the link & the page I got was exactly same as of actual HDFC login page.

Click to enlarge

To digg more about that IP, I removed all subdirectories from URL & entered only IP. Now I got really shocked! It showed up a web directory with two directories, one for HDFC & another for ICICI Bank! Check ICICI Bank’s page from same IP below:

Click to Enlarge

If you have noticed one thing in this post, first screen shot was taken from Mozilla Firefox, other two are from Internet Explorer 7. You know why? Firefox instantly showed that was a fraudulent URL! but IE don’t have such feature.

Click to Enlarge

That’s why whole world says Firefox is more safer than IE. If you still want to use IE, you can install MC Afee site advisor. I tried same URL with Site Advisor enabled on IE & Site Advisor successfully found it fraudulent & landed on it’s own page saying site was improper. It’s always better to use Firefox. Get Firefox Here

Continued from Part 1

AVG - Anti Virus Software

AVG is the best free Anti Virus software available. I think it’s self explanatory, not finding anything write. Get your copy here http://free.grisoft.com/

Free Download Manager - Download manager

Downloading content like music, softwares, pictures…etc from internet has become almost daily activity. Eventhough browsers have inbuilt downloader, those are not recommended for large downloads. Using download manager you can pause a download & resume it after. Get Free download Manager at http://www.freedownloadmanager.org/

Filezilla - FTP Client

Uploading images & files to my web host is again a daily routine for me. Filezilla is an open source FTP client which I use to do that job. You can queue jobs or transfers & can have multiple connections. Get Filezilla at http://filezilla-project.org/.

Irfan View - Image Viewer

Irfan View is one of the popular image viewers worldwide. It’s more than an image viewer, resizing images, converting images to different formats could be easily done. It also supports batch conversion. It also useful for web designers, click anywhere on image & it shows HEX of the color in title bar. Get Irfan View at http://www.irfanview.com/

Picasa - Photo Organizer

I think most of you already know about Picasa, photo organizer software provided by Google. After installation, Picasa will search all your PC & shows up all photos. It also basic editing features like red eye removal, resizing, converting to gray scale, applying some available effects…etc. Could also be used to view photos as slideshow, create collage, print them, also email them through Outlook or Gmail. Get Picasa at http://picasa.google.com/

Thousands, lakhs of web pages are getting created everyday on internet. In this huge internet it’s been a big problem to find which web site is good one & which one is fake. People are loosing thousands of money everyday because of fraudulent sites.

Download & install McAfee site advisor from www.siteadvisor.com. It works on IE & Mozilla Firefox. After installation it integrates into your browser & resides in toolbar. Whenever you visit a website, it automatically checks URL & loads it’s reports from McAfee database. So you will instantly know whether site you are visiting is good or bad.

You can also opt for paid version of Site Advisor for about 10 USD for better security.