Friday, October 2, 2009

Phishing


Phishing is a new Internet crime, that is flourishing day by day. To define Phishing lets say


“Phishing is a way to steal personnel data of Internet users such as credit card information, account information etc by make a malicious web site masquerade as a trust worthy entity.

According to antiphishing.org Phishing crime rose by 43% march this year as compared to last year


Phishing use social engineering skill to fool users. Most commonly by referring to malicious web site which is made to look like the authentic site of a bank or other financial institution. Differentiating the site from the original site require keen observation. However Phishing is not only done through email or IM even the original site may be wormed to refer the user to malicious pages as happened with myspace.com

Its important to know what Phishing is and how a user can avoid being phished and what steps can IT Security managers can take to deal with phishers, consider that more than $2 billion is lost my businesses annually on insurance covers relating to Phishing. Now even some banks are not providing insurance to claims due to Phishing. Their logic is that customer made the choice to enter the information in to the fake web site.


This article will deal with

  1. How to spot phishing web sites

  2. What to do after you've been phished


How can people protect themselves from becoming a victim of a phishing scam ?


By taking simple precautionary measures we can protect ourselves from phishers, and save ourselves

from on line fraud

  1. Don’t click links within emails that ask for personal, financial, or account information. Go to main page of the organization instead.

  2. Banks usually do not ask for information on the Internet they got nothing to do with your pin code, if still in doubt talk to the customer service of the bank, and instead of using the phone number in the email its better to look the number up.

  3. A message being generally addressed instead of being specifically address to you is a sure way to tell, you are being phished.

  4. Confirm the URL in the address bar if it spells right and is not a number, like IP adress. Normally phishers change a letter to redirect to their pages; like gogle.com instead of google.com.

  5. Using book marks would be safer as it would lead you to the exact site, instead of entering every time, as a typo can lead you to a phishers site.

  6. When replying to emails with sensitive, check the message headers. The ‘From:’ address and the ‘Return-path’ should be same, if they are different then the email address is spoofed.

  7. Look at the expanded headers of the emails to trace the path of email, phishing emails use dubious mail servers, and anonymizing services.

  8. Login sites of banks and other institutions dealing with private sensitive information use secure sites so in the address bar at the beginning of the address it should be HTTP not HTTPS; for secure HTTP.

  9. Secure sites use a certificate and a certificate signing authority indicated by the padlock icon in the bottom bar of the explorer window, confirm its presence; it shows the site is validated by a certificate.


  1. Most of the phishers are able to get a spoofed certificate now a days too, so click the padlock icon and confirm the company name of the certificate matches with the URL.

  2. Most modern browsers check the certificate for expiry dates and validity instead of clicking through the certificate warning, pay attention to hem.

  3. Use a phishing filter add ons for the browsers.

  4. Phishing sites are usually like poor imitations of the originals, with spelling mistakes incorrect graphics etc, so be on the look out for the anomalies in the design.

  5. Resist greed, like free money offers; if some thing is too good to be true then it must not be true.

  6. If your friends account is compromised then the mail could come from his email address, confirm him by phone before giving out personnel information.


What action can people take if they discover that their private information has been stolen


Prevention is better than cure so the best policy is to avoid being phished, however if a negligence is already done, following measures could be taken to minimize the damage


  1. Report to the organization whose site the phiser replicated, block your account.

  2. Change your password immediately .

  3. If you are unable to login use the hint service and change password and hint and contact the organization directly.

  4. Check the transaction history, may be you are able to get insurance cover for fraudulent transactions

  5. Several sites banking sites and Gmail offer log in and activity history keep, check the history frequently.

  6. Report scam to your local law enforcement agency.

Posted by at No comments:
Labels: , , , , , ,

Tuesday, August 25, 2009

Aspect Oriented Programming

This is a two part article, first part concerns Aspect Oriented Programming, second part will give a brief tutorial of an aspect library.

Since the dawn of computing men have been drawn to the challenge of making software programs to utilize expensive computing resources efficiently with minimum rework, in a minimum amount of time.

There's been a continuous evolution in the programming languages, with various languages becoming extinct. First there was the machine language, 1 and 0, then assembly, programming in low level opcodes. Assembly languages though made the things a little easier, but did not do enough for increasing readability and maintainability.

Then came higher level procedural languages, where all the programs were written in sequence without much division of work and context. Everything was in one humongous piece of code. If something went wrong or a new resource become part of the project its was a hell to maintain and communicate.

But as the computing resources became less expensive and more powerful, resulting in software programs to be more complex and increasing in size, a paradigm shift was needed.

To elaborate consider, software is like Clay: it is soft and malleable early in its lifetime, but eventually it hardens and becomes brittle. At that point, it is possible to add new bumps to it, but its fundamental shape is fixed, and it can no longer adapt adequately to the constant evolutionary pressures of our ever- changing world. So you have to be right from the start and structure should be such that whole tower of code should not toppled over when you enter a new block of code.

Modularity was needed to divide code according to the work assigned to it or the context, abstraction was needed so that changing implementation of one module, you don't have to change all of the code. Code reuse was needed instead reinventing the wheel every time.

The answer was object oriented programming. To model programs in classes and objects, and function being the result of relationship between those classes and objects. It made a lot of things easier, introduced modularity, encapsulation, reuse ability and to conclude reliability.

Though once revolutionary, object oriented programming has reached a certain stage where the cracks have begin to appear. Several scenarios have come to surface where object modeling is not sufficient. Many requirement do not neatly decompose in to behaviors centered on a single focus.

Lets take example of org.apache.tomcat, an open source project. XML parsing may be neatly modularized in to one, class. Same is the case with URL parsing it may be used in two classes, through inheritance, but all the necessary functions can not be modularized so neatly.

Consider the case of logging. Almost all the modules of Tomcat needs to write one thing or the other in log. Where should logging implemented ? Same is the case with session expiration, we will need to use it for the application Session, server session, Standard Manager, Standard Session Manager,and many other classes.

We end up in tangled code, same fragment of code is divided in many places. The code is difficult to reason about, difficult to change owing to its non explicit structure. The big picture of the code is not clear. If we have to change the abstraction we will have to change the code using that abstraction too. This is called crosscutting concern. The concern that is not limited to one or two classes only but is spread all around the code base. We have to make sure that no inconsistent changes are being made, and not to break it accidentally.

Well the AOP idea is that:

    • Crosscutting is inherent in complex systems.

    • Crosscutting concerns are critical, they have a natural structure and a purpose.

So lets manage crosscutting concerns in a well modularized way, with linguistic and tool support through out the life cycle. Aspects are crosscutting concerns. Object aspects are those that are common to many objects, and can not be modularized, abstracted or contained in a single class.

Aspect oriented programming provides us a way to use the principles of Object orientation for crosscutting concerns

The main issue would be adoption of aspects and aspect oriented programming, a step by step approach is suggested below:

  1. Develop support for existing code, perform performance measurement to gage efficiency gains by using aspects.

  2. Develop error handling standard and the contract with method for aspects, also a way to monitor aspects.

  3. Integrate aspects in to modular design, also make them persistent and secure

  4. make whole aspect libraries, we are at this stage with respect to aspect4j.

  5. Finally try to fit aspects in to larger picture by integrating with other product line like web development mobile development etc.

There are distinct expected benefits for each evolutionary step

  • Add aspects to existing code

      • Untangle axillary concerns for improved abstraction and modularization.

      • Improve quality resulting in less backtracking and error resolving.

      • Reduce code size due to less redundancy in the code.

      • simplify problem solving- if the need arise debugging would be easier instead of getting lost in a jumble of code.

  • restructure whole code for aspects

      • Easy to add aspects.

      • Efficient code from the start.

      • Improved code agility.

  • Aspect oriented architecture

      • Aspect reuse would be possible

      • Aspect extensibility


Resulting in architectural qualify and flexibility of code

AOP GOOD; AOP BAD; AOP GOOD; AOP BAD ???

When are aspects appropriate:

  • Is there a concern that crosscuts across several objects and classes??

  • More importantly is it beneficial to separate that concern ?? beneficial by increasing clarity, reducing tangling and making it easy to modify and extend the code.

  • Captures the story well.

  • Lead to good implementations measured by code size, tangling coupling.

  • Good modularity even in the presence of crosscutting concerns, resulting in good reputability, maintainability and evolution.

So here now you have the introduction to aspect oriented programing, next I'll shed light on the aspect J a Java library for programming in aspect oriented languages.
Posted by at No comments:
Labels: , , , , ,

Monday, August 17, 2009

Ghosts in the machine


My previous blog was about the privacy stolen by the Web 2.0, while writing that, I came across several pieces of the news that pointed toward another growing concern, not only Internet is wreaking havoc with the things we once considered our personnel dominion, but the growing number of connected devices are also in on the act.


The basic premise of this article would be to focus on how consumer entertainment appliances and mobile devices store and communicate data back to the companies, also the new definition of owner ship in the age digital media and DRM


Since start of public radio programming and broadcasting, a lot of focus is on the home entertainment, the things which we used to get only in the theaters or cinemas, delivered right to our home, and in continuously increasing quality. Home entertainment is a multi billion dollar industry, with increasing competition, increasing market saturation and as a result decreasing peace of profit pie. How they would continue milking the cash cow, what innovations that they need to do, how much more hi def and hi-fi video and audio will become when it will hit the proverbial glass ceiling so that It makes no difference to the user. Well the new twist is Internet enabled devices.

The concept of connected entertainment is not only limited to the home but also moving to the automobile and the 21st century of bling bling personnel entertainment devices like portable media players and the like.

But just like with the services you are given online, you are Id'd and tracked same is the case in this brave new world of connected devices and connected people.

Live updates, a concept introduced with operating systems, where critical updates are directly delivers to your machine. As the mobile networks progressed from 1st Gen to 2g and then to 3g with increasing data speeds, mobile device makers incorporated the same concepts of online updates to mobile devices also . Iphones and Blackberries the most popular smart phones now a days both support online updates. But you can never tell what the recent updates will contain. A recent news Etislalat in UAE updated the firmware onnet for several of its black berry service. After the update batteries started being drained, on investigation it was found out that Etisalat included a Trojan in the update which sends the data about the users email and text messages and location back to the company servers., though it reissued the update after enforcement from blackberry USA and pointed finger at security agencies, but suppose if the glitch has not drained batteries this snooping would never have been found. In another case the newly launched palm pre has also been found to send the GPS data back to the users, including the data on the application use.

Besides spying the connected world has turned the concept of owner ship on its head. In the older days when you bought a movie or a book you owned the media on which it was. You could ave gifted it, passed it to the next generation or store it for all eternity. But now in the world of DRM(digital rights management), you have no control over your media,. The vendors decided for how much time and on how many devices you are allowed to use that media. If you want to gift it or share it take permission from the master, you are enslaved in the world of digital rights. Suppose that a company handling DRM goes bankrupt, what will happen to you media, hat you have paid for and rightfully belong to you. It would become useless. Just a collection of 1 and 0s. Then you may ask why the sudden flourish in online media sites like netflix, hulu etc and the itunes phenomenon. Well by offering reduced prices and taking out the inconvenience associated with commuting to the brick and mortar store, they make profit on a large number of micro transactions.


But do you really own the media, not quite. Amazon sell its own book readers Kindle, and are earning a pretty penny on the sale of electornic readers and the book for these readers. Since kindle 2 readers are continuously connected to the mothership thorough 3g network, you can purchase books and download them where ever you are. Recently amazon deleted two of the books remotely from the users kindles, these ironically were 1984 and animal farm by George Orwell :). Though by reason they should not have sold the books in the first place becuase by mistake they purchased only the rights to books printed version not the electronic one. As soon as they realized this mistake, they send universal delete command and refunded the money. But imagine if the same books would be printed ones, any one breaking in to your house and taking those books would be considered a thief.

Same is the case with itunes gift cards, Apple are tracking that only the original user to whom the itunes credit was gifted use the gift cards, not any third person. In real world you could have gifted the card to any one you like, even further passing on the card.

Till now we were discussing the connected mobile devices, but the same trend has moved on to consumer devices. What we see are Televisions with built in channel guides that recommend you the programs based upon your viewing habits, which means that your details are sent to the servers, you have the option to link your TV to your open id account, it has the ability to see your favorites in the youtube accounts, photos you have uploaded and marked on flicker.

To add another interesting twist you are not safe even in your automobiles. Many vehicles come now with GPS enabled systems, and increasingly with some sort of cellular network connection too, whether for data only or for voice calls too. Example of an instance where a popular car maker incorporated the remote activation of microphone built in to cars telephony system, to transmit in car conversation to FBI, along with you location. Same thing is being done with the mobile phones too


RESISTANCE IS FUTILE, YOU CANT RUN, YOU CANT HIDE

Again the question is of trust

The easiest way is to turn off always on connectivity, choose and install your own updates instead of leaving it to the vendor. And if you really like to own media for generations for God sake keep to the physical one, even now we can get VHS, and audio cassette players, mean while many digital formats have come and gone. How many gifs can we find on todays web pages ???


Posted by at No comments:
Labels: , , , , , , , , ,

Sunday, August 9, 2009

Electronic Frontier

First there was the telegraph, then came the switched telephone systems. Parallel to these telecommunication systems there were developments in the field of computing. They evolved from behemoths like ENIAC to the computers that were within the reach of normal consumers due to invention of transistors and IC.

A simple device knows as Modem http://tinyurl.com/mpsan merged the two, and foundations of information revolution were laid. The age of global village, connected people, connected world. But where this revolution has given us many things it has also taken one think very dear to us, in fact we have gladly sacrificed it for the pleasured we get in return that is PRIVACY

In the times of Web 1.0 email or our credit card details was the only things we had to worry about. After the first Internet bubble burst, a plethora of services were launched that stored our data of one kind or the other. From keeping our schedule, contacts, our favorite sites even to our backup data.

Next came the concept of cloud, Internet computing and on line application service providers. This means that from now on instead of installing applications we will go on line, and access applications ranging from productivity suites like Google docs to even payroll application. Result is that now even the data like our documents which were on our own computers are now in the cloud. Lets not forget social media too, sites offering to host our pictures videos so we can share with friends and then the amalgamation of these the community sites, which kept us friends too :)


but the big question is


DO YOU TRUST THE CLOUD”




Have you ever thought the how these companies make money, ADS. Not just plan old ads, but the brand new shiny more money milking customized Ads.


What customized actually means? Take the example of Google, few years ago a startup launched by a couple of college students now one of the largest companies of IT and direct competitor to Microsoft and Apple, the companies much older then Google. The reason behind their explosive growth ADS, their ad sense http://tinyurl.com/olfo8 network integrated with their awesome crawler search engine ( give credit where due). At first they only customized ads according to your search terms, since then they have launched they email, video sharing, photo sharing, blogging and a host of other services. So what customized actually means

Google can look at your browsing history, cookies, favorites, email subject and bodies, the kind of videos and picture you host and you search for, the books you read, your search interest. All of this are for them the way to throw more ads at you. Oh my God, why so much information, some of it you may not want to share with your friends and family and you are sharing it with Google The thing is will Google be trusted enough to keep it safe from prying eyes, not to sell it, not to save it, and is there a possibility of this information to be used in the court of law.

Well now the reality crunch, they sell it, it may get hacked, they save it and on they may use it in the court of law. http://tinyurl.com/lu2y7w

Another recent example i found in the guise of facilitating you to keep you information is facebook.com. Though its a power full site, and really innovative but to use it fully you have to give it all your email address with user names and password, meaning that it will have access to all your correspondence and even your mobile number. They only thing that may not be on the cloud will be my DNA unless i submit it for profiling too :o

If i don't trust th cloud what could I do ???

It all depends upon how concerned you are,

  • you could make you own mail server too, there are good free and cheap mail server.

  • Install you own applications instead of relaying on clouds

  • Make friends by physical networking not the virtual one, it would be more rewarding too

  • use physical media to share you virtual media

  • opt out of as much sign ins as you can

I may add more to it as i come along, and do add your comments

Posted by at 1 comment:
Labels: , , , , , ,

Friday, July 24, 2009

Acer Aspire one



I recently bought an acer aspire one, this is my view point about it.

Specs
  • Atom 1.66 Ghz
  • 100 inch screen native wide screen resolution 1024*600
  • 1 gb Ram
  • Two options of Hard disk, either a 120 gb normal hdd or 16 gb solid state drive
  • Two options of OS Linpus linux lite or pay extra for windows xp home
  • Wi-Fi
  • 1.3 mp web cam
  • 10/100 mbps lan
External Ports
  • VGA Out
  • MIC, Headphone
  • 3 USB Ports
  • Security Lock Port
  • 6 in 1 card reader
  • A seperate HCSD card reader on models with ssd
Performance

Acer Aspire one being a netbook comes with a pretty standard specs for a netbook seehttp://www.tomsguide.com/us/Netbooks-Asus-MSI,review-1330.html.

Regarding office suites, it runs Openoffice and MS Office 2003 with no noticeable lag making you forget it is running on a budget netbook.

It give decent performance while multitasking performing normal tasks just like editing documents, browsing and playing music. One point of warning though it wont be able to play any thing high def.

With respect to gaming 4-5 years old game may run proper on intel GMA integrated graphics but dont expect anything cutting edge to be supported on it.

Finally it can be said that it do what a netbook should do and do well, browsing, editing documents, and handling light media.


Usability

Keyboard is approaching to normal size with good key feel making touch typing easy and with minimum typos; this whole article was typed on aspire one. Placement of Fn keys is also very good especially Pg up and Pg Dn keys. Touchpad is a little small for my liking but guess you have to sacrifice due to the size of book. However one real grip is the placement of buttons on the sides of the touchpad instead of below which is the norm, which causes you to press the body when operating by touch.

Webcam gives good colour output and contrast except it jerks a little on movement even when recording locally, so its an issue of web cam sensor refresh rate. Speakers are of average quality, naturally a little inclined towards higher tones due to the size of the laptop. Built-in mic is at a good location, right at the top of the screen insulating it from typing noise.

This book is really silent, if you choose ssd model, as it prevents the normal hdd motor wheeze. Morover its a fanless design, but because of this it sometimes do get hot for a low power atom system, but if compared with other business notbooks, it feels average




Conlcusion

A netbook on the cheapside, allowing you to do what most of the users would do on a top of the line corei7 system, i.e. day to day tasks. If you are one of the those users who want a system acting as a satellite to there main systems, then this book is right for you. Thats the reality, netbook, a satellite that supports you when you are mobile, being lightweight, small easy to lug around.
Posted by at 2 comments:
Subscribe to: Posts (Atom)