Many of us use gmail because of it’s simple design & featureset it has to offer us. Google has introduced a new security feature for gmail, remote lagout. Many of use more than two computers to login to gmail. If you take my example, I login to gmail from home & office. Some times we often leave the browser opened & not being logged out of gmail, if the computer is at office or any public place your account might be mis-used. Now sitting at home computer you can logout of gmail in office computer or any other computer.
Footer in gmail contains your session details, when you last logged in & from which IP.
You can click on “Details” link which shows you a pop-up having details about your last sessions.
Check for all the sessions, see all are yours or somebody else is logging into your account! Click on “Sign out all other sessions” to sign out of gmail at all other places exept the current.
Remote logout from your Gmail account
Microsoft offers 5GB of online space to store your files |Skydrive
Microsoft is providing 5GB of space to store your files online. As the above picture illustrates, you can save files for yourself, share files with friends & also share on world wide web. It provides three level of access control for your files.
Private: Store files which are only accessible to you. This could be used to store files which are private & should not be accessible to anyone else.
Shared: Share files only with your friends, but they need to have an MSN or Hotmail account. Other than your friends can’t access these files.
Public: Upload files to public folder to make it available to everyone. After uploading files you can share link with anyone & they can download the file. If you have a web page or blog & want to provide a download to your visitors, it also provides attractive badges to insert in your web pages. Clicking on it, user can download that file.
Users who already have MSN or Hotmail account can straightaway start using it by logging in. If you don’t have one, you can sign up for a free account. Sign up or login to Skydrive at http://skydrive.live.com/
Freeware to download & convert streaming videos from video sites
“Vdownloader” is the software which need not to be installed, just run .exe file (good news to guys who are using office PC without administrator privileges!). It has a very good interface, just give the URL where you are watching & select output format, click download. The video will be downloaded & automatically converted to the format you had chosen. It also has an inbuilt browser so that you can browse video sites (ex:YouTube) & download.
Feature Set:
Following are the video site that are officially supported by Vdownloader:
- Youtube
- Google Video
- DailyMotion
- MySpace
- Stage6 DivX
- Porkolt
- Metacafe
- Break.com
- 123 Video
- Bolt
- VSocial
- Lulu TV
- Guba
Following are the output format that Vdownloader provides:
- AVI
- MPEG
- VCD (NTSC & PAL)
- SVCD (NTSC & PAL)
- DVD (NTSC & PAL)
- Ipod & PSP Compatible videos
- Original (this will original FLV file)
Links:
IF u want to convert the .flv files downloaded from streaming sites and in your hard disk try this freeware flv converter converts flv video into four popular formats. AVI,MOV,MP4 & 3GP (for Mobile Phones). Its a very tiny
software 2.53Mb of download & takes 8-9 Mb of disc space after installing.
This FLV converter saves output file at the same path where input file was provided.Converted videos
are of good quality & doesn’t contain any Labels/Ads/Links.Totally its a very good FLV converter.Only two features lacking are:
1. There is no provision to select output path.
2. No batch conversion.i.e,If you have large number of files to convert,then you need to
convert them one by one.
But these are negligable since its a Freeware & tiny.
DOWNLOAD
Re design the web with the stylish firefox extension
Stylish is a Firefox extension which enables you to change the look & feel of a web site. . If you take example of Gmail, it has the same interface from the day one. Though slighter changes were made in adding functionalities like chat inside email, there were no changes made in color scheme & look/feel.
Stylish enables you to define your own stylesheet for a website. But for writing a stylesheet of your own, you should be having knowledge of CSS. Hey, don’t stop reading! there are lot of ready stylesheets for many websites, which you can just load into Stylish.
Stylesheets are available at http://userstyles.org
Procedure to install Stylish & load new stylesheet:
- Install Firefox if you don’t have from getfirefox.com
- Install extension Stylish for firefox from addons.firefox.com
- Browse available stylesheets at http://userstyles.org & load stylesheets you want
- That’s it!! start re-designing the web!
Email Scam Targets Microsoft Customers
We have recently found out about the latest in an ongoing string of email scams that target Microsoft customers. This particular scam contains the Backdoor:Win32/Haxdoor trojan as an attachment. We have seen a few emails targeting Microsoft customers that look like the email below:
Dear Microsoft Customer,Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.As your computer is set to receive notifications when new updates are available, you have received this notice.In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.We apologize for any inconvenience this back order may be causing you.Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
Hackers Compromise the World Bank - Reflections on Indian IT Security
According to this article from the USA Today, Hackers broke into 18 Servers at the World Bank and had access to and possibly stole sensitive information from at-least 5 of the servers. Indian Banks have been relatively lucky, facing a majority of phishing/scam attacks rather then out-right "Hack" attempts from skilled organized criminals such as these.
Throughout my time as a Security Professional whenever discussing Financial Fraud, Phishing and other attacks faced by Banks & Financial Institutions, I have always been of the opinion that they will soon face much more devastating attacks that will make the current attempts pale in comparison.
Why the pessimistic view? Well its simple.
Attackers have always been "creative" coming up with new and complicated schemes in-order to get access to Credit-Card details and Banking Information. The reason they have the time and ability to do so is: Economics. Bottom-line is that most of these attackers are walking away with fistfuls of money at the expense of Banks and their Customers.
If we consider a typical phishing scam, an attacker would send out a million e-mails (approximation) with a success rate at best of 1% (a very generous number considering that a good percent would be picked up by Anti-Spam, Anti-phishing, Mistargeted Users, Smart Users etc) they will walk away with 10000 working banking details.
Instead if the attacker starts targeting servers belonging to Banks, systems belonging to Bank Employees and more importantly any of the thousands of Indian Shopping web-sites with Exposed Customer Information, SQL Injection vulnerabilities etc they could walk away with 100K - 200K Credit-Card details or Banking Information.
As a matter of fact, last week, a colleague of mine ordered for a product from one of the most popular Indian Shopping Portals. When the product was delivered; the label was a print-out invoice at the bottom of which was the URL: http://shopping-website/ecommerce/admin/vieworders.php. After typing this into the browser we were shown WITHOUT AUTHENTICATION plain-text Credit Card details, Order Information, Banking Details etc.
This for sure is one reason, why I do-not personally carry out Online Banking or Shopping besides for maybe on Amazon.com or my Bank Account with Free Fraud Insurance.
What IS ClickJacking
ClickJacking is a relatively old vulnerabilitiy that has been around since 2003-2004, however it has been recently brought back to life by Robert Hansen and Jeremiah Grossman. ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site etc. ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser. So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.
So while you are simply trying to close the javascript pop-up on your screen, play a flash game or interact with some ajax web-site -- you might really be clicking on the button to wire-transfer money to a russian bank account.
A slightly more technical description would be: A malicious page in domain A may create an IFRAME pointing to an application in domain B, to which the user is currently authenticated with cookies. The top-level page may then cover portions of the IFRAME with other visual elements to seamlessly hide everything but a single UI button in domain B, such as 'delete all items,' 'click to add Bob as a admin,' etc. It may then provide its own, misleading UI that implies that the button serves a different purpose and is a part of site A, inviting the user to click it.
In other words, the hacker would dupe users into visiting a malicious page -- through the usual methods -- but then hide the nasty bits under what appears to be the real-deal content from a legitimate site.
How Serious is ClickJacking?
On its own ClickJacking doesn't sound to be a very serious vulnerability, since user interaction is required. However as I have always said, in the world of vulnerabilities 1+1 does not always equal to 2, and might just equal to 10^2. By this I simply mean, that ClickJacking in combination with other vulnerabilities could become a very serious issue.
Example - ClickJacking can Spy on your Webcam and Microphone
Just as I wrote this blogpost a new use for ClickJacking has been disclosed where it can be used to spy on your Microphone and Webcam. This is based on a new vulnerability discovered in Adobe's Flash Software and published about on Guya.net, Rsnake's Blog and Jerremiah Grossman's Blog.
A particular vulnerability exists in Adobe's Flash Software, which allows the malicious attacker to use ClickJacking to gain access to the user's web-cam and microphone.
The vulnerability works as follows:
1) You visit a web-page with a flash application/game embedded in it.
2) You click on the flash button.
3) Your click is "click-jacked" into allowing the server to access your web-cam and microphone.
Whatis really happening:
1) You visit the web-page, in the back the target application (in this case Adobe's Settings Panel) is loaded and made invisible. The Allow button is made to float invisibly.
2) While you click on the flash button, the invisible Allow button is floating on top of the flash button and actually receives your click.
3) The Flash application now has full permission to access your web-cam, microphone etc and even have it stream to a server where it is recorded for future viewing.
You can see a video of this in action at: Youtube and Vimeo.
