Social Icons

Showing posts with label BROWSER. Show all posts
Showing posts with label BROWSER. Show all posts

Friday, February 27, 2015

Configuring Burp suite with Iceweasel

1.   Burp Suite is an integrated platform for attacking web applications. It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All of the tools share the same framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, alerting and extensibility. There are two versions available including a free version and also Burp Suite Professional.It is a Java application that can be used to secure or penetrate web applications.The suite consists of different tools, such as a proxy server, a web spider, intruder and repeater.BurpSuite allow us to forward all of the web traffic from your browser through BurpSuite so that you can see each HTTP Request and Response and manipulate it to your heart’s content. This post will configure burp suite with Iceweasel in Kali Linux .

2.   Open Internet - Iceweasel Web Browser

3.   Click on Edit then Preferences

4.   Preference Window will be open Now go to AdvanceNetworkSetting
5.   Select Manual Proxy then set 127.0.0.1 in HTTP Proxy area and port should be 8080. Use this proxy server for all protocols by checking the box. Clear the No Proxy field then Finally Click OK.
6.   Now open burp suite Application → Kali LinuxTop 10 Security ToolsBurpsuite
7.   You get to see the following screen
8.    After Burp Suit is opened,Click on Proxy Tab then Click on Option Subtab and watch carefully local host interface running box should be check in Proxy Listeners.
9.    Scroll down in the same tab (Proxy Tab → Option subtab) 

Intercept Client Requests

    → Select URL Match type and keep Clicking UP button till URL Match type reach at the top.

    → Check Box 'Intercept requests based on the following rules.

Now select 'File Extension' and click on Edit.Edit Window will be open. Here we will add 'jpeg' file extension. You can add or remove file extension as per your need. So, Write code and click on OK.



10.  We will Add file extension match type according to below details:
      Boolean Operator : And
      Match type : File Extension
      Match relationship : Does not match
      Match condition: (^gif$|^jpg$|^png$|^css$|^js$|^ico$|^jpeg$)
11.  Select 'File extension'  and keep Clicking UP button till 'File extension' reach at the 2nd top.
12.   Now Open Iceweasel and type www.google.com in the web address area....and u r ON if all set right

Source of help : http://knoxd3.blogspot.in/2014/05/how-to-configure-burp-suite-with.html

Friday, February 20, 2015

CARBANAK : BANK ROBBERY LIKE NEVER BEFORE

1.  As recent as a week back Carbanak, an APT-style campaign targeting financial institutions has been claimed to have been discovered by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks.The malware was said to have been introduced to its targets via phishing emails and is said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers.The criminals were able to manipulate their access to the respective banking networks in order to steal the money in a variety of ways. In some instances, ATMs were instructed to dispense cash without having to locally interact with the terminal. Money mules would collect the money and transfer it over the SWIFT network to the criminals’ accounts.The presentation brings out the executive summary of Modus Operandi of the Malware as analysed by Kaspersky.
 

2.   Carbanak is a backdoor used by the attackers to compromise the victim's machine once the exploit, either in the spear phishing email or exploit kit, successfully executes its payload.Carbanak copies itself into %system32%\com with the name svchost.exe with the file attributes: system, hidden and read-only. The original file created by the exploit payload is then deleted.

How to detect CARBANAK

One of the best methods for detecting Carbanak is to look for .bin files in the
folder:

..\All users\%AppData%\Mozilla\

The malware saves files in this location that will later be sent to the C2 server when an internet connection is detected.BAT script for detecting infections(Source : here) is given as follows :

@echo off
for /f %%a in ('hostname') do set "name=%%a" echo %name%
del /f %name%.log 2> nul
if exist "c:\Documents and settings\All users\application data\
mozilla\*.bin" echo "BIN detected" >> %name%.log
if exist %SYSTEMROOT%\System32\com\svchost.exe echo "COM
detected" >> %name%.log
if exist "c:\ProgramData\mozilla\*.bin" echo "BIN2 detected"
>> %name%.log
if exist %SYSTEMROOT%\paexec* echo "Paexec detected"
>> %name%.log
if exist %SYSTEMROOT%\Syswow64\com\svchost.exe echo "COM64
detected" >> %name%.log
SC QUERY state= all | find "SERVICE_NAME" | findstr "Sys$"
if q%ERRORLEVEL% == q0 SC QUERY state= all | find
"SERVICE_NAME" | findstr "Sys$" >> %name%.log
if not exist %name%.log echo Ok > %name%.log xcopy /y %name%.log
"\\\logVirus

Tuesday, July 29, 2014

Snowden Reveals : Projects to Profile YOU

1.  Documents revealed by Edward Snowden pertaining to the National Security Agency (NSA), US surveillance programs and US Intelligence Community partners abroad were released about a year back and revealed a horde of code named projects that were all intruding our lives in some way or the other.This post brings out the glossary of codenamed PROJECTS along with a small brief of what was the intent of the project.These have been listed here after I read " The Snowden Files" by Luke Harding.This long list is actually a miniscule of thousands hidden projects which all are after every bit of info that we all share digitally....skype...sms...mms..whatapp...fax,emails,chat,photos etc...thats all in all everything!!!!!


Blackfoot

The codename given to an NSA operation to gather data from French diplomats' offices at the United Nations in New York and this information was collected from bugged computer screens.

Accumulo

The name given to an open-source database created by the National Security Agency (NSA) but later made available to others via the Apache Foundation. It stores large amounts of structured and unstructured data across many computers and can use it to create near real-time reports.

Blackpearl

NSA has been spying on Petrobas, Brazil's largest oil company, through the "Blackpearl" program that extracts data from private networks.

Evening Esel

The NSA conducts its surveillance of telephone conversations and text messages transmitted through Mexico's cell phone network under the internal code name "Eveningeasel."

Angry Birds

Leaked documents indicate that the NSA and GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications.

Bullrun/Edgehill

The revelations claim that "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable vide  Bullrun,a clandestine, highly classified decryption program run by the United States National Security Agency (NSA) and The British signals intelligence agency Government Communications Headquarters (GCHQ) with a similar program codenamed Edgehill.

Boundless Informant

A tool used by the NSA to analyse the metadata it holds. It aims to let analysts know what information is currently available about a specific country and whether there are trends can be deduced.

Cheesy Name

A GCHQ program designed to identify encryption keys that could be cracked by the agency's computers.

Dishfire

The codename for a system used to process and store SMS message data.A leaked 2011 NSA presentation, published by the Guardian, indicated it was used to collect about 194 million texts a day, adding that the content was shared with GCHQ.

Dropmire

The name for a way to bug security-enhanced fax machines to provide the NSA with access to documents that have passed through encrypted fax machines based in other countries' foreign embassies.

Genie

An NSA programme, identified in a leaked memo analysed by the Washington Post, which is said to involve the remote delivery of spyware to devices on foreign-controlled networks.

Marina

The NSA's tool to gather metadata about the online activity of targets and other internet users.The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target.

Thinthread

A proposed NSA system to chart relationships between people in real-time.

Muscular

A joint project operated by the NSA and GCHQ used to intercept data from the cable links that are used by Google and others to connect up their computer servers, which are located across the world .

Fallout

Identified by an alleged NSA slide, the term appears to refer to an effort to screen out metadata collected about US citizens as part of the Prism programme before it is analysed by the Marina and Mainway systems.

Nucleon

An NSA tool used to analyse voice data gathered via the Prism programme.

EgotisticalGiraffe

The alleged codename given to an NSA effort to track users of Tor (The Onion Router) - a project that aims to let people browse the web anonymously by bouncing their traffic through other people's computers.

Perdido

The codename for an NSA surveillance operation targeting the EU's offices in New York and Washington.

Prism

A surveillance system launched in 2007 by the NSA allows the organization to "receive" emails, video clips, photos, voice and video calls, social networking details, log-ins and other data held by a range of US internet firms including Apple, AOL, Facebook, Google (including YouTube), Microsoft (including Skype), Paltalk and Yahoo.

QuantumInsert

A technique used to redirect a target's computer to a fake website where it can be infected with malware.

Stellarwind

A metadata-collecting scheme from communications in which at least one party was outside the US, and none of the other parties could be known to be US citizens.
 
Tempora

The codename given to an operation to create a "buffer" to allow huge amounts of data to be temporarily stored for analysis and is run by GCHQ to hold content gathered from tapped fibre-optic cables for three days and metadata for 30 days so that both it and the NSA can search and analyse it before details are lost.

FoxAcid

A tool reportedly used by the NSA to study what vulnerabilities a target's computer has. It then uses this knowledge to infect the machine with malware via a web browser.

 

Sunday, July 27, 2014

Harden PRIVACY : PRIVACY BADGER Tool

1.    Till few years back PRIVACY as a word meant the state of being free from unsanctioned intrusion in physical life from your peers/friends/strangers but the whole meaning has taken a new dimension since Snowden released his HIDDEN FILES last year around June.Today not only NSA but a plethora of third party agencies are after you all to track you..profile you...read you.Though in my earlier posts here,I had given a mention of few tools like disconnect.me,Adblock Plus,Ghostery etc but with time technology has further improved and here in this post I discuss about PRIVACY BADGER that is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.Looks Interesting..!!!



3.   Once installed as seen above we get a red hexagon..indicating installed and this has color indicators as follows :
  • Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.
  • Yellow means that the thirty party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "whitelist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and supercookies from it.
  • Red means that content from this third party tracker has been completely disallowed.
4.   Currently available for CHROME,here I have used the beta for Mozilla browser ...though the site says they will soon release the extension for other browsers incl opera and safari too.....!!!!

Monday, June 09, 2014

Google joins the ENCRYPTION Race : End-to-End Extension

1.    After Snowden leaks,one thing that has been most sought after is privacy and encryption and there have been a horde of tools and extensions that offer u the same vide many companies.Like in the last mail I mentioned about PROTONMAIL,there is another one in the offering from the horses mouth itself...ie Google offering an extension by the name of End-to-End extension...that
means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.It’s a Chrome extension intended for users who need additional security.

2.    Though it is not yet available since still in Alpha stage but as per the Google blog at http://googleonlinesecurity.blogspot.in/2014/06/making-end-to-end-encryption-easier-to.html,it is likely to be available soon for all chrome browser users as an extension.Google wants to make it harder to spy on email by encouraging maximum providers to adopt server-to-server encryption. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.
3.   So till it releases.....no options other then to wait.....

Sunday, March 23, 2014

Installing Enigmail Add-on on Thunderbird Email Client

This post only brings you the screen shots once you have installed Thunderbird and wish to use Enigmail with OpenPGP encryption..Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.Sending and receiving encrypted and digitally signed email is simple using Enigmail.
















Sunday, November 03, 2013

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/

Saturday, August 17, 2013

Reduce Tracking/Increase Privacy : Start Mozilla in PRIVATE MODE by default

1.   Earlier in one of my posts I had shown on how to start chrome in "INCOGNITO" mode to avoid any cache storing and also at the same time remove cookies at the end of the session....the following steps make way to start the mozilla browser by default in a private mode.

2.   As shown in the screen shot below...go to the Edit drop down menu and select preferences and then go to the privacy tab and select NEVER REMEMBER HISTORY

(Click on the image to enlarge)




(Click on the image to enlarge)


(Click on the image to enlarge)


 3.     The video cast below :

Tuesday, July 23, 2013

Treat your E-Mail address classified : ADVISORY

1.    Do you know that simply your E-MAIL disclosure to a person with malicious intent can be a key to disclosing your E-mail content and other personal attributes of life?...I mean it can invade your privacy...and just for info this is an active organised crime in the cyber world.

2.   What is the most important first thing that a hacker desires to know?....and the answer is the IP Address of the victim..and all it takes to know the IP address is to send a dummy mail at the victims id.. that's it....strange it may sound but there are so many websites offering you free solutions on how to get not only the IP address but also the browser and OS system details of the victim.One of the leading sites offering a free solution is SPYPIG...this site facilitates to let you know when your email has been read by the recipient! ...this happens in form of a intimation by SPYPIG as and when the e-mail is read by the recipient.

3.   Now some thing about SpyPig ....is a simple email tracking system that sends you a notification by email when the recipient opens your message.It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others.In addition to the notification it actually sends you additional but undesired details also which can be exploited by malicious intent person.Thde details that can be used and exploited are shown here in the screen shot below in one test mail....

Red Encircled are the Critical Info

4.     But sadly,the recipient will never know of the fact that he is being tracked and so much of critical info has already swapped hands with unknown guys...I mean the OS,the browser with their respective versions etc....so in the state today the following preventions can be taken to avoid such a hijack :

-           Avoid opening E-mails from unknown sources

-      Disable Image display by default in E-Mail settings.This is important because this works on the funda of a hidden script in the image sent along with the mail.So if you disable the images display by default,it is unlikely that this will be executed.

-           Avoid sharing and disclosing your E-Mail addresses openly.

5.     To know about spypig visit : http://www.spypig.com

Thursday, April 18, 2013

Browser Updates

1.   Without emphasizing on the need of why we should always keep our browsers updated,I am briefly bringing out here how to check and update your browsers.These browsers are invariably the most commonly used one's ...so I just updated few of them although the browsers exists in plenty!!!!


Firstly

To check the version of your Web Browser, Open the  Browser 
and do the following actions :


For Opera Browser

Click on “Main Menu > Help > About Opera”.


For Firefox

Click “Main Menu >Help> About Firefox.

For Internet Explorer

Press Alt+H and Click on “About Internet Explorer”.

For Apple Safari

Press Alt+H and Click on “About Safari”.

Secondly

To check whats the latest version doing the surfing....i advise two options...either you can simply ask google or check form the respective websites of the web browser...or another easy(but third party) way out is to check the latest versions available for download at http://www.filehippo.com/software/internet/browsers/



Saturday, November 24, 2012

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3


1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....


(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

Tuesday, June 19, 2012

Internet Explorer : Vulnerable as always!!!


1.   Microsoft IE vulnerability CVE-2012-1889 is the latest to generate interest amongst avid cyber security readers. The special thing about this vulnerability is that it focusses on users using Gmail, MS Office and Internet Explorer. And the sad thing is that this is still a ZERO day exploit...... Rapid 7,Security software company,explains the vulnerability as follows:

“This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be “state-sponsored”, and what makes it really critical is it’s still an 0-day hijacking Gmail accounts. That’s right, that means if you’re using Gmail as well as Internet Explorer or Microsoft Office, you’re at risk. We expect this vulnerability to grow even more dangerous since there’s no patch, and it’s rather easy to trigger.”

2.    Whatever may say...majority of the users still by default keep using IE across the globe....when I see my own blog stats,about 60 % of the visitors use IE...and as we all keep seeing the exponential growth in the users of internet across the globe....but sadly the awareness level of how vulnerable they all are is unknown and is growing at a similar rate!!!

3.    Got the reference from here.Thanks https://community.rapid7.com.

Friday, February 10, 2012

CHROME INSTALLATION ISSUES IN UBUNTU : SOLVED

1. Recently tried installing Chrome browser in Ubuntu 11.10....so I downloaded the .deb file and tried installing it from the terminal via this command

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

...which showed some error in between installation and came out on the terminal prompt....

2. So googled and found this solution that involves prior installing of few library files as follows :

sudo apt-get install libnspr4-0d libnss3-1d libxss1 libcurl3

this command will install the missing lib files and then on it is the repeat of the earlier command ie

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

3.   Should solve...let me know if u have any thing unsolved!!!


Wednesday, February 01, 2012

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE

Monday, January 23, 2012

SURF SAFE : SURF http'S'

1. In our endeavor to safely surf the web,rest assured ....we will never be safe in recent times to come.But we can always keep improving our surfing habits so that we are not easy victims.

2. Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

3.  As on date almost all the browsers offer plugins from their respective web stores that include what I am talking about here ie HTTPS ENFORCER.The HTTPS Enforcer extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Enforcer supports.

4.  So install HTTPS plugin for ur respective browser...and SURF SAFE.

Sunday, November 27, 2011

Cookienator : Option to control cookie menace


1.   Cookienator is a tool that will helps us remain anonymous from search engines such as Google and other web-usage trackers such as Doubleclick or Omniture.This a simple program that will leave most of cookies alone but will remove the ones that put your privacy at risk. The best part about this is the size and ease of installation.....It is lightweight; it's a single executable, when run, it will tell you how many cookies it would like to remove. It is available for free to download and is available in two forms : msi windows executable and a zip file



Sunday, September 25, 2011

Common Malware Symptoms


If you are malware hit....u r likely to see one or few or all of these symptoms:

 Your programs and files are suddenly missing.
 Homepage of your web browser has changed.
 Search results are being redirected.
 You start ending up at websites you didn't intend to go to.
 New icons & programs appear on the desktop that you did not put there.
 Your desktop background has changed without your knowledge.
 Your programs won’t start.
 Your security protection have been disabled for no apparent reason.
 You cannot connect to the internet or it runs very slowly.
 Strange or unexpected toolbars appear in your web browser.
 Takes longer to start and runs more slowly than usual.
 Computer shows strange error messages or popups.
 Freezes or crashes randomly.
 Computer is performing actions on its own.
 You cannot access security related websites.

Monday, April 04, 2011

Revenge : YouTube Style

1. Now this one is really good....we already know that IT has revolutionized our lives in so many aspects...all aspects like banking,office work,exchanging mails,,,blogging.....making a social networking identity....keeping updates etc etc...but how many thought out the way to take REVENGE in such a effective manner that the culprit bows down...and pleads GUILTY....GUILTY..... 

2. An original lift from http://www.securitynewsdaily.com is putup below for details.....


“A computer thief in Boston learnt the hard way that performing an embarrassing victory dance is not the best way to celebrate your crime.
After his MacBook Air laptop was stolen two months ago, Bentley University freshman Mark Bao took digital revenge, accessing a cloud server on which his computer’s data was stored to identify the culprit who’d taken his computer, Gawker reported.
According to messages posted on Bao’s Twitter account, Bao used the backup server Backblaze to download the thief’s Safari Web browsing history and Facebook profile.
The sweet revenge, however, came when Bao found a video the thief had made of himself dancing to the Travis Porter song “Make it Rain.” Bao uploaded the video to YouTube with the title “Don’t steal computers belonging to people who know how to use computers.”
The video, posted on March 19, quickly became a viral hit, and has been viewed more than 376,000 times. “Come on, if you’re about to record a video of yourself dancing on a stolen laptop, at least be good at dancing!” Bao wrote on Twitter on March 19.
From here, the story of savvy techie versus celebrating crook takes an unexpected turn. Embarrassed that his dancing routine was made public and open to ridicule, the thief returned Bao’s laptop to the police and wrote an email to Bao expressing his regret and asking for the video to be taken down.
In an email the thief wrote to Bao, which Bao then posted on Reddit.com, the crook said, “I know I am in no position for asking you for favors but Can [sic] you please put down the videos that you have put up of me. I know what I did was wrong and if I was a different person fine leave it up but I do have two Professional jobs that iif [sic] something like that gets leak I can get in more [sic] trouble and be more embarrass [sic] as well.”


3. So what does the episode mean…we should all start taking backups in cloud…or do we start using Backblaze or….or….or what?....the best way to keep out from this …is to KEEP A CLOSE TAG OF YOU LAPTOP……    Thanks http://www.securitynewsdaily.com

Sunday, December 05, 2010

Full stop from being tracked online :An attempt from FIREFOX

1.  Firefox is working on a system which will provision web surfers to stop from being tracked online.We all know how  behemoths viz Google,Facebook and a plethora of OWMs use such information to sell targeted adverts and make money without ever asking the consent of the user.Such a move would be welcomed by privacy campaigners who have long complained that Google & Facebook are taking indecorums with the information .Currently these information seeking companies make use of 'cookies' that automatically save themselves onto users computer when they surf the web, and then keep a track of the browsing history.This data is then sold on to advertisers who put highly lucrative targeted ads on the individual's screen, depending on what internet pages they have recently been looking at. 

2.  Vice president of engineering at Mozilla,Mike Shaver,summed up the plan by saying the aim was to "put the user in control but not overwhelm them".And this would not only be a welcome step being used against information thefts but also actually be a booon for users who have been taken on a ride for so long on which they never ever desired to also......
Powered By Blogger