Sunday, October 2, 2011

Booking tickets in IRCTC? Your Credit Card might be in risk


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
    IRCTC is India's most popular travel site, having a monthly user turn over of over 8.4million! (as on April 2011, source)Many uses the site for their day-to-day travel needs. Despite the vast user base, IRCTC is still not upto the mark in protecting it's users privacy, recently only they have switched to SSL!!.
As a regular train travel, I too uses IRCTC extensively, mostly uses credit card for the transactions. Recently only I have noticied that IRCTC actually stored your entire credit card number on the local machine and there is no way to opt-out other than manually deleting the history.

 Thats some serious security hole(!!), imagine the situation of a user booking tickets on public computer like Net Cafe.Its like leaving one's credit card in the street.
Even in a private computer this practice could have serious implications(possible virus attack,trojans etc..). Its a common web programming practice not to cache sensitive entries like this, but guess IRCTC has their own practices[;)].

So what can you do to make sure that your Credit Card information is not stored?, simply delete all the private data in your browser after doing a transaction. The practice of deleting all the browser entries after finishing surfing in a Cafe is a good practice.But in case of your own personal computer this can be of big inconvenience.If you are a Firefox user there is an extension to help you out, Form History Control.It will allow you to create custom rules to delete the form entries automatically.
Install the addon and open the Form History control.Goto Clean Up and insert two entries as below one for credit card number and one for CVV number(Ya, IRCTC made sure to cache both ;)).




Make sure to check select the RegExp option to the right of Field-name else it won't work.


Select  Perform Clean up on Browser shutdown and perform clean up when a browser tab is closed options for automatic cleaning.




Use the Preview matching entries option to see if any entry is already stored.








Now Form History Control add-on should be cleaning up your credit card entires soon after the IRCTC web-page is closed, handy method till they fix the website.

I don't know any such tools exists for other browsers, will update this post once I found them.

Wednesday, May 25, 2011

Stay Safe on Facebook Part 2: Enhanced Security Features


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
      
Facebook has been constantly improving its security features to protect its users, they have added SSL,login notifications, recent activity logs etc..Recently they have added  "Two Factor authentication mechanism " to improve the security further.Its an opt-in feature which when enabled asks for a password send to the registered mobile number while trying to login from new computer. To enable this feature, go to Facebook Account Settings-> Account Security and enable Login Approvals.

You can read the official blog post about Login Approvals here.For Login approvals to work, you need to provide your mobile number, and have to ensure that you don't lost your mobile.Whenever a Login attempts happens from an unknown computer( from a system where your have never used Facebook before) an SMS will be send to your mobile number with an authorization code which is needed to login.

In case if you ever lost your mobile phone, you can change your number and/or disable Login approvals from a system already recognized by Facebook.

If somebody get holds of your password somehow and tries to Login to your account, you will get an SMS with authorization code as well a FB notification.


In cases where its not a Login by you, you can reject that Login and change your account password.Facebook also seems to provide login attempt location ( probably based on the IP address).



You can read few more posts related to Facebook security here,here and here.

Monday, April 4, 2011

Can Facebook use my name and profile picture in ads?


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
There were many speculations related to Facebook using users profile picture and social data in their own advertisements. For people concerned about their privacy please read the how to blog from F-Secure turn of this feature.
If you are a Facebook member and like a Facebook page and/or mention a Facecbook page in a wall update, Facebook can use your name and possibly your picture in ads that are shown to your friends.
In fact, your name might be appearing in Facebeook ad now saying that you like a certain brand. Facebook opts everyone into Facebook Ads. And you probably know that because you’ve read Facebook’s Statement of Rights and Responsibilities so carefully
You can opt-out of letting Facebook use your name or profile picture  in ads served to your friends by going to Account.
You can read the full version of the blog here.

Sunday, April 3, 2011

Check Your Browser's Security Level


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
Wide spread use of social networks and web based services has made web browsers one among the of the most used software, which also made them the weapon of choice for spammers,phishers and hackers. Even people who insists to keep their system up to date, forget to update some of the  browser components( browser add-ons/ plug-ins etc.) as these may not have an auto update feature.

Qualsys has released a free service that will allow you to check you web browser security. It supports all the main stream browsers ( Firefox,Chrome,Opera,IE and Safari) on a variety of platforms like Windows ( XP,Vista etc..), Mac and Linux. Though the service is in beta stage in some platforms and browsers, its still worth to check them out. Detailed list of supported platforms and plugins are available here.

Browsercheck will ask you to install a plugin to continue scanning (I was not asked to install plugin in Ubuntu with Chrome as well as FF4, guess the beta versions is not full fledged yet ), the plugin is signed by Qualsys. Install it to continue (read the FAQ to know the need for installing plugin and to know their privacy policy).
Once installed you are good to go to check your browser's patch level.Click the scan now button.


Browser check will scan your browser, plugins and addons against known vulnerabilities and give you a report with installed plugin/addon details along with its patch status. Detailed status report descriptions are available in FAQ, but as a rule of thumb "Green" means fully patched and "Red" means vulnerable. 
Clicking the button will give you more details regarding the problem and possible remedy. Mostly it will be a link to download the latest version.
After fixing all the security holes in your browser, I strongly recomment to scan it once again to ensure the security, as some times plugins/addons comes with additional software( for eg google toolbar) that may ruin the security of your browser.
On a final note  as with any security solution, browsercheck is not a single self sufficient solution for online security, the ultimate security comes with awareness.
Happy browsing with a secure browser :)

Friday, March 18, 2011

World's First PC Virus "Brain" Turned 25


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)

Image Courtesy www.techlahore.com
Worlds First PC Virus Brain turned 25 in this January. Researchers from F-Secure managed to get an interview with Brain's creators Basit and Amjad Farooq Alvi from Lahore Pakistan. The short but interesting interview is available here.

From Wikipedia 
©Brain affects the IBM PC computer by replacing the boot sector of a floppy disk with a copy of the virus. The real boot sector is moved to another sector and marked as bad. Infected disks usually have five kilobytes of bad sectors. The disk label is changed to ©Brain, and the following text can be seen in infected boot sectors:
Welcome to the Dungeon © 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages....$#@%$@!!
The virus came complete with the brothers' address and three phone numbers, and a message that told the user that their machine was infected and for inoculation the user should call them:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
The reason for this message was the program was originally used to track a heart monitoring program for the IBM PC, and pirates were distributing bad copies of the disks. This tracking program was supposed to stop and track illegal copies of the disk. Another programmer copied the technique for DOS and it became the (c) Brain virus. Unfortunately the program also sometimes used the last 5k on an apple floppy, making additional saves to the disk by other programs impossible. The company was sued for damages and was quickly dissolved.
 Few interesting points from the interview,
  • Unlike present day viruses, Brain was not intended to cause any damage to the users, it is merely meant to be a "friendly virus"
  • It is a boot sector virus, which is named after the company Brain Telecommunications Ltd owned by the brothers
  • It left the address and phone number of its creators in the boot sector of affected floppies 

For more information about Brain and its writers please read the  Techlahore article.

Saturday, February 26, 2011

Secure Your Facebook Account With SSL and Login Alerts


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
Recently Facebook has rolled out few new features that will enable the users to user their Facebook account with better sense of security. The newly introduced Secure Browsing feature allows users to always  use secure connection(https) for Facebooking. While facebook were already using secure connection for their login sessions, regular user activity was not protected.

Enabling Secure Browsing ensures that your data can't be seen by ISPs,your company Admins or other users. This is especially important in cases,where you are using Facebook from public computers or while surfing on an unencrypted wireless network.

To enable Secure Browsing functionality in your account go to Account -> Account Settings -> Account Security.
Check the option "Browse Facebook on a secure connection (https) whenever possible". From now onwards all your facebook conversations will be over https(you can verify this from the https:// prefix in the address bar).

 
There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.
Two more useful features are also available now, Login alerts and Activity viewer.
Login alerts will send you login notifications to your email or phone(if you have added a mobile device to your account) when a login occurs from an unknown computer.This will act as a early warning  in case somebody tries to access you account.
Activity monitor will let you check the recent activities happened in you account, how many logins happened in the recent past,how many sessions are still open.If you finds that there is any unauthorised activity in you account, there is an option to end that particular session also.

You can read the facebook blog post about new features here

Saturday, September 25, 2010

Bom Sabado! Orkut Worm!!


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
Today I have been getting many scraps from friends (in Orkut!!!) with just the text "Bom Sabado!". Google translator tells me that it means "Good Saturday!", well seems like its going to be not so good Saturday for many!!.As time passes by more and more people seems to sends this scraps, indicating clearly that this is  some kind of a worm.
So I thought of digging into it a bit deeper, I created a dummy account so that my normal account will not be affected.Then added myself as friend in the dummy account, so that I can monitor it.Then I opened the scrap I got from the dummy account.While inspecting the source code, I found that the suspicion is true, it in needs is the work of a worm!!.I found following iframe  code injected along with the message into scrap.
This injected iframe loads "worm.js"  script from tptoolsorg which apparently causes all the problems.

Downloading the worm.js from the source and decoding it gives me following observations.
  1.  It uses standard JS Objects and XMLHttpRequest to all sorts trouble.
  2.  Code is obfuscated by using octal representation for objects and weird names  (eg: _0x7c2bx4) for variables. 
  3. It does the following if you opens a scrap page.  
  • Makes you join 5 communities.
  • Sends Scraps to all your friends.

Following shows the part of the code that is responsible for the problems.

The main sign of infection is that, your browser will be hanged for a while if you open such a page.if you find it happens to you, close the browser immediately. It will prevent the worm from spreading.


Recovery Methods
  1. Clean all the cookies and private data stored in the browser. 
  2. Install Firefox and NoScript addon, it will block all the scripts. Allow only those you wanted. But be careful not to allow scripts from tptoolsorg.
  3. Remove all those "Bom Sabado!" scraps from your Scrapbook.
  4. Be careful not to visit any of the infected pages until Google fix this injection vulnerability.