Bug disables 150,000 Gmail accounts

NEW DELHI, INDIA: Gmail, with its huge storage capacity, is considered a store house of personal information for many, where many valuable informations are securely kept. But think twice before relying too much on keeping all your informations there alone.

Because, Google's email service has been affected with a bug and almost 150,000 Gmail account holders have reportedly lost their e-mail, attachments and Google Chat logs lost.
Google said it is investigating a glitch in the service of Gmail, which has caused the huge data lose for many users.
The bug reset the affected accounts and showed a welcome message to some users. Google said in a statement that the bug had affected less than 0.08 per cent of all Gmail users. Yes, percentage wise it is a small amount, but 150,000 not a small number too!
It said that their engineers are trying to solve the glitch and as soon as possible the accounts will be restored soon.
“Affected users will be temporarily unable to sign in while we repair their accounts. For those Gmail users reporting missing messages, our engineers are working to restore them as soon as possible,” Google said in a statement.

Read More

Firefox spoofing flaw reported

Mozilla’s Firefox web browser is vulnerable to spoofing attacks, according to an Israeli security researcher. Aviv Raff reported on his blog on Wednesday that Mozilla Firefox v2.0.0.11 allows information presented in a basic authentication dialogue box to be spoofed, opening up the possibility of users being redirected to a malicious website. Earlier versions of the browser may also be affected.

According to Raff, when a web server returns a 401 status code, it causes Firefox to display an authentication dialogue box. The 401 status code is returned by the web server when it recognises that the HTTP data stream sent by a browser or bot is correct, but access to the URL requires further user authentication.

The authentication dialogue box displays the server URL in what is called the WWW-Authenticate header field. This URL is in part defined by the realm value and, according to Raff, it is possible for an attacker to create a specially crafted realm value that will look as if the authentication dialogue came from a trusted website. This is due to Firefox failing to sanitise single quotes and spaces in the WWW-Authenticate header field, after a legitimate realm value enclosed in double quotes has been given.

At least two possible attack vectors are opened by this reported flaw, according to Raff. Man-in-the-middle attackers could create a web page with a link to a trusted website such as a bank. When a victim clicks on the link on the malicious page, the trusted web page would be opened in a new window. A script would be executed to redirect the newly opened window to the attacker’s web server, allowing username and password details to be compromised.

Alternatively, an attacker could embed an image in an email or web page which, when clicked on, would return a specially crafted dialogue login from the attacker’s web server, again allowing authentication details to be compromised.

President of Mozilla Europe, Tristan Nitot, told ZDNet.co.uk that Mozilla is in the process of investigating the report, and so could not comment further at this time.

“We take security seriously,” said Nitot. “We are taking this report seriously, and are investigating.”

Read More

Computer security--Take Care When Downloading and Installing Programs

When you buy an appliance, you give little thought to it doing you or your house any harm. Why? Because there are organizations like Undearwriters Laboratories that set standards and certify products. When you see a certifier’s label, you have more confidence that a product will be safer than a competing product that does not carry the same label. You’re willing to accept the risk because you believe the product has met some standards and has been certified by a respected authority.
Unfortunately, the Internet is not the same. There are neither standards nor many certification organizations. Anyone who writes a program can distribute it through any means available, such as through the web or by sending you a copy. Speaking of that, have you ever received a CD-ROM in the mail? How do you know that it contains what the label says? The answer is: you don’t know. More importantly, it’s difficult to know.


No matter how you acquire a program, it runs on your computer at the mercy of the program’s author. Anything, any operation, any task that you can do, this program can also do. If you’re allowed to remove any file, the program can too. If you can send email, the program can too. If you can install or remove a program, the program can too. Anything you can do, the intruder can do also, through the program you’ve just installed and run.
Sometimes there’s no explanation of what a program is supposed to do or what it actually does. There may be no user’s guide. There may be no way to contact the author. You’re on your own, trying to weigh a program’s benefits against the risk of the harm that it might cause.
What’s the problem you’re trying to solve here? You are trying to determine if the program you’ve just found satisfies your needs (say it provides a service that you want or you’re just experimenting) without causing harm to your computer and ultimately the information you have on the computer. How do you decide if a program is what it says it is? How do you gauge the risk to you and your computer by running this program?
You address these same risk issues when you purchase an appliance; you may just not have realized that’s what you were doing. When you make that purchase, you buy from either a local store you know or a national chain with an established reputation. If there’s a problem with your purchase, you can take it back to the store and exchange it or get your money back. If it causes you harm, you can seek relief through the legal system. The reputation of the merchant, the refund/return policy, and the availability of the legal system reduce your risk to a point where you make the purchase.

Apply these same practices when you buy a program. You should

* Learn as much as you can about the product and what it does before you purchase it.
* Understand the refund/return policy before you make your purchase.
* Buy from a local store that you already know or a national chain with an established reputation.
Presently, it is not as clear what the legal system’s role is for a program that causes harm or does not work as advertised. In the meantime, the LUB practices are a good first step.
Today’s Internet has a feature that standard products don’t have, or at least have but to a lesser extent. This feature is free programs. There is a multitude of free programs available for all types of systems, with more available each day. The challenge is to decide which programs deserve your confidence and are, therefore, worth the risk of installing and running on your home computer.
So then, how do you decide if a program is worth it? To decide if you should install and run a program on your home computer, follow these steps:
1. The Do test: What does the program do? You should be able to read a clear description of what the program does. This description could be on the web site where you can download it or on the CD-ROM you use to install it. You need to realize that that if the program was written with malicious intent, the author/intruder isn’t going to tell you that the program will harm your system. They will probably try to mislead you. So, learn what you can, but consider the source and consider whether you can trust that information.
2. The Changes test: What files are installed and what other changes are made on your system when you install and run the program? Again, to do this test, you may have to ask the author/intruder how their program changes your system. Consider the source.
3. The Author test: Who is the author? (Can you use email, telephone, letter, or some other means to contact them?) Once you get this information, use it to try to contact them to verify that the contact information works. Your interactions with them may give you more clues about the program and its potential effects on your computer and you.
4. The Learn test: Has anybody else used this program, and what can you learn from him or her? Try some Internet searches using your web browser. Somebody has probably used this program before you, so learn what you can before you install it.

If you can’t determine these things – the DCAL tests for short – about the program you’d like to install, then strongly consider whether it’s worth the risk. Only you can decide what’s best. Whatever you do, be prepared to rebuild your computer from scratch in case the program goes awry and destroys it. Task 5 - Make Backups of Important Files and Folders tells you how to make a copy of your important information should you need it.
Your anti-virus program prevents some of the problems caused by downloading and installing programs. However, you need to remember that there’s a lag between recognizing a virus and when your computer also knows about it. Even if that nifty program you’ve just downloaded doesn’t contain a virus, it may behave in an unexpected way. You should continue to exercise care and do your homework when downloading, installing, and running new programs.

Read More

Tools to Track & Recover Your Stolen Laptop

Off late, in coffee shops, college campuses, hotel lobbies and even in cars, laptops and notebook computers are being targeted by criminals. And these incidents are increasing at an alarming rate.[sintuhack].As per FBI, 97% of the stolen laptops are never recovered. That is a staggering stat. But don’t worry, we can increase the odds of recovering / tracking your stolen laptop and that too for FREE![sintuhack]

Ways to Track and Recover your Stolen Laptop

1. Track your Stolen laptop with Adeona

Adeona from University of Washington provides an open source, [sintuhack].free and completely non-proprietary way to track your stolen laptop. [sintuhack].You can install Adeona on your laptop and go as there’s no need to rely on a single third party! What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can be rest assured that no one can abuse the system in order to track where they use their laptop. You can read the detailed article on Adeona here

.[sintuhack].
2. Locate your laptop with LocateMyLaptop.com

LocateMyLaptop is a free service that offers a stealthy app on your laptop which reports its position whenever the computer is connected to the Internet.[sintuhack]. If it’s lost or stolen, you can issue a self-destruct command to erase all the data on the hard drive – but that requires upgrading to the Platinum Plan, which costs $3/month. But you do not need to pay anything until the disaster strikes. this is because, tracking of laptop is FREE, and you can upgrade to the platinum service only if your laptop gets stolen.

3. Browser Plugin to Track your stolen Laptop – Loki[sintuhack].

Loki is basically a service which can add location of users to any website.[sintuhack]. But it can be tweaked in such a way that you can log directly into Loki to see your laptop’s location on a map, or enable “sharing” – which blasts your location to a public Web page, to Twitter, Facebook, or a handful of other services.[sintuhack]. Only concern is, Loki is not always reliable as it sometimes fails to update the public page with laptop’s location.[sintuhack]. This issue is seen even when Loki browser plugin on the laptop knew where it is.[sintuhack]. Hopefully this issue should be fixed by the next release.[sintuhack]

4. Locate your stolen Laptop with LocatePC

LocatePC is FREE software which lets you track and finally get back your stolen computer or laptop back to you.[sintuhack]. LocatePC sends you a secret email message from your stolen computer or laptop with some crucial information. But again, we will be hoping that the thief will connect the laptop to the internet before formatting. Still, something is better than nothing right?[sintuhack]

Read More

computer security

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
   Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.

Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

Read More