Myth – BBM is Secure
I felt secure communicating on the BBM… Till some time back!!
It was probably the fact that the BBM messages do not travel over the internet was making me feel ‘secure’ about it, or was it the fact that BBM only works on a Blackberry Devices and my belief that Blackberries are secure by design. Not Sure…but somehow I thought it was the safest IM App available.
I fired my browser and landed on Google. I couldn’t find many articles about the security of messages communicated over BBM. I couldn’t even find any notes on the BBM architecture. I will just summarize what I was able to understand from many different pages.
Blackberry Messenger is a skin on top of the basic PIN to PIN messaging which has been there on these devices for long. A “PIN” is a hardware address, similar to a MAC address, and is unique to every BlackBerry device. A “PIN” however is not an authentication password nor is it a user identifier. It is the method by which the BlackBerry device is identified to the RIM relay for the purpose of finding the device within the global wireless service providers’ networks. (more…)
Double Check Privacy at Google Buzz
With all the privacy issues that Google Buzz had faced initially, it is once again trying to revamp the privacy concerns, giving the users the control over the privacy. Initially the Google Buzz users were automatically following the people whom they used to email and chat with most frequently. But now Buzz suggests people whom they could follow. (more…)
Best password managers for everyday use
Passwords are the first line defense in protecting the identity in the computing world. To ensure the protection of the online identity, it is important to protect the passwords of your online access. Be it your email account or your job site password, the protection of these passwords are very important.
The typical weaknesses of passwords are:
- Same password for multiple accounts and applications and mostly with same user name and occasionally the username is the email address
- These days the memory of people are becoming weak and people tend to forget passwords. As a workaround we write down passwords in small paper sheets/sticky and stick around the computer location
- Another way of remembering passwords is by storing passwords in excel or other sheets in the computer itself without protecting it. (more…)
Knowing the Account Activity in Gmail
Google has lauched a new feature in Gmail which provides information about the last activity on a mail account. It is visible at the bottom of the Gmail page. Click on the Details Link and a pop up appears which lists the details of the last account activities in Gmail. It helps us to be aware of any suspicious activities that have taken place, which might indicate that our accounts have been compromised. The feature lists the Access Type, the Location (IP address) and the date and time of the access. If our account is being accessed from some other location, it will also be listed and we can choose to Sign Out of all the other sessions.
Phishing Attempt on Twitter
There is a phishing attempt on Twitter which is spreading via Direct Messages. It tries to get your usernames and passwords using a Direct Message saying “You’re on Here?” or “someone posted on their blog about you” and these messages are followed by a link. Once you click on the links, it might direct you to another page, which may ask you for your login credentials. If you enter your credentials, your account may be compromised.
Do not click on such links or Enter your login credentials.
Twitter had recently created http://twt.tl as a URL Shortener to protect users from malicious sites. So if the link appears to be a potentially harmful one as per twitter, it can be re-routed to a warning page. Even though twitter does it, it is better to be careful NOT to click on suspicious links and save your accounts from being compromised!
McAfee warns Facebook users of Email scam
McAfee has released a consumer threat alert, saying that scammers have been sending emails to the Facebook users saying that the Facebook Password has been reset and the users need to click on an attachment to retrieve it. The attachment is a password stealer says McAfee, which installs when the user clicks on it. Password stealers can access usernames and passwords that are used on that computer, be it for any account (gmail, msn, yahoo or even bank accounts).
The subject line of the mail is “Facebook Password Reset Confirmation! Customer Support.”.
The best thing to do is to delete such a mail when it arrives. Facebook would never reset your password, unless you request for it. Don’t be a victim and let others not be!
Watch out for Kneber Trojan botnet
A US-based NetWitness, a real-time network forensics firm, announced that Kneber botnet had captured almost 75000 personal computers in 2,500 organizations and governement agencies. The Logins and Passwords of sites like Hotmail, Yahoo and many other accounts including online banking websites and corporate servers which is used for storing confidetial data, were captured by the hackers. Close to 200 countries were attacked and the most affected countires were Egypt, Mexico, Saudi Arabia, Turkey, and the United States.
Netwitness says Kneber is a ZeuS Trojan botnet, a type of botnet which targets and steals key information stored on the computer, such as login credentials.
“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” stated Alex Cox, the Principal Analyst at NetWitness who was responsible for uncovering the Kneber-bot, “but that viewpoint is naive. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS and consider more diverse mission objectives.” (more…)
TCS website restored
Tata Consultancy Services Ltd, (TCS), India’s largest software company, has restored its website tcs.com after hackers allegedly changed its IP address in the DNS records and put it up for sale.
The original TCS.com have the IP address 216.15.200.140. The french hacker has changed the IP address to 205.178.152.154. This is done by changing the DNS records of TCS.com, may be breaking into the account used by the TCS admins in maintaining the DNS accounts.
DNS enables the name resolution from the domain name to IP addresses. IP addresses are somewhat real addresses attached to computers and it is not easy to remember these numbers. Poisining the DNS records can lead to website defacements and other kind of security concerns
TCS website was hacked
The website TCS.com which belongs to India’s largest software vendor, Tata Consultancy Services, was hacked today by a French hacker. This hack will definitely lead to total embarrassment for the software firm who thrives on creating software and security systems day in and day out.
The homepage says:
This domaine name is for sale. Please contact us for further informations.
abed_uk@hotmail.comCe nom de domaine est a vendre
Merci de nous contacter pour obtenir de plus amples informations.
abed_uk@hotmail.com
The screenshot of the website, accessed from India, at 2:30PM today, is shown above. It is rumored that, the hackers have made changes to the DNS settings of the website. They have put up a whos.among.us widget displaying current traffic on the homepage!
Tata Consultancy Services Limited (TCS) is the top software services and consulting company in India and is the largest provider of information technology and business process outsourcing services in India. TCS is a subsidiary of one of India’s largest and oldest conglomerates, the Tata Group. (more…)
