Latest

Has your Gmail been compromised?

Do you have Gmail?

“Last account activity: 5 hours ago on this computer. Details.”

How often do you check if your account has been intruded?

You should do so often! These are links I got my information:

But I don’t go to bad sites or give out my password so I don’t have to worry!

What? Are you seriously that naive? I have a good password and good security and even I, a few days ago, found this in mine:

Unknown    China (119.39.21.154)    Jan 17 (3 days ago)

http://i.imgur.com/CaBGx.jpg

As you can see it is first accessed through one IP (66.212.31.35) through a browser and then sold to someone else (someone in China (119.39.21.154) who bought the info) who checked it through a browser as well to make sure he could access it, and then accessed it on his own (shown by Gmail highlighting it in dark red) through some “unknown” means.

Actually I am assuming that is what happened as I have no hacking experience what so ever.

So what can be done once you find out someone has accessed your account????

Well you first scan your computer to make sure it doesn’t have a Trojan or key-logger on it giving out your login information. You scan first because if you are infected with those then no matter what you change your login information to they will know it.

And then what? What if it is clean?

Then you access through a clean computer and change your Password AND your Security Question. Make it unique and one that has NOT been used on ANY other sites!

Is that all?

Next I went through my emails looking for any information they could use (such as log ins or emails from sites verifying my log ins) and changed my password and security question with all other sites. I didn’t wait for any other intrusions or invasion of my privacy!

Here is more reading that will help you:

How to recover a Hacked or Compromised Gmail Account
By The “C” Man and Brett Carver

http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info:  http://www.google.com/help/security/
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments:  http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70

And even more reading (originally found posted by the same guy (bkc56) at https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en):

Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password.  Never follow a link that doesn’t go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380

Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.

Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154

Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
- Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095

Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).

Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of malware type scanners is good too.
- Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760

Password guessing
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Server attack
* When someone compromises a company’s server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.

Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.

Am I actually supposed to read all that?

Yeah I know it is long but trust me, you will wish you had read them after you find out your account has been accessed without your permission. The indented parts are quotes of some of the links I checked out myself. Very informative information by The “C” Man and Brett Carver! The rest of the info I found doing Google Searches and the links to those are listed at the top of the blog. Just be glad I did this searching for you! Or else it would take you longer than just reading this!

- K

Has your Gmail been compromised? :  http://wp.me/pQWLB-2v

January 21, 2011 | Categories: Security | 6 Comments »

Vote Now for the Top Freeware Product of 2010

Vote Now for the Top Freeware Product of 2010

http://www.techsupportalert.com/content/vote-now-top-freeware-product-2010.htm

Here are the choice in the vote:

CCleaner

Microsoft Security Essentials

Firefox 3.6 – I personally prefer this to IE

LastPass

Revo Uninstaller

Everything Search

Google Chrome Browser

Sandboxie – I absolutely love this program and use it in investigating suspicious web links.

IrfanView

PDF-Xchange Viewer

7-Zip – Make sure you use .org and not any other extension as there are fake sites out there.

Opera 10

VLC Media Player – I use this to watch my DVD’s on my computer in Windows 7

FastStone Image Viewer

Open Office Suite – Excellent alternative to MS Office and its free!

NotePad ++ – I love to use this for all my coding as I don’t go for WYSIWYG

Secunia PSI – Great program for telling you if any of your programs you have installed are insecure or out of date and need to be updated!

Superantispyware – Love this one for keeping spyware at bay

Malwarebytes – Good for scanning for Malware

Microsoft ICE

Personally for me it was a hard choice on which one to choose as I have tried 14 of those 20 listed to vote for.

What will YOU pick?

December 22, 2010 | Categories: Uncategorized | Leave A Comment »

Symantec warns of new Cutwail URL tactics

Symantec warns of new Cutwail URL tactics

Today, 11:30 am

V3.co.uk Shaun Nichols in San Francisco

Retail spammers are using new URL shortening to fool existing security systems, say researchers.

Security vendor Symantec has spotted a new round of spam emails believed to be connected to the Cutwail botnet.

Researchers say that the messages attempt to thwart security protections by combining a number of free hosting sites with link-shortening services and JavaScript coding tricks.

According to Symantec Hosted Services senior software engineer Nicholas Johnston, the spam operation begins by directing the user to a link which has been concealed by the use of a URL-shortening service.

Upon clicking on the link, the user is directed from the URL-shortening service to a site created through a free hosting site. Within the free hosting site is specially crafted JavaScript code which redirects the user to yet another site which hosts the actual retail page.

Further complicating matters, the JavaScript code on the page has been obfuscated in an attempt to hide the code from security researchers.

The company said the sites all advertise holiday shopping and gift ideas.

URL shorteners have emerged of late as a favourite tool for spammers to hide the addresses of their pages from users and security protections. Specially crafted and obfuscated JavaScript has also been a favourite technique among cyber criminals.

This latest attack, however, combines the two techniques to add an additional layer of insulation between the spammer and the actual spam email.

“Redirecting users in this way shows that spammers are going to considerable lengths to hide the addresses of their actual spam sites, and actively trying to make detection by anti-spam companies more difficult,” said Johnston.

Originally posted: http://uk.news.yahoo.com/16/20101213/ttc-symantec-warns-of-new-cutwail-url-ta-6315470.html

http://yhoo.it/e21nBf

December 13, 2010 | Categories: Security | Tags: | Leave A Comment »

Beware of URL Shortener Links and where they take you

Be wary of any Shortened webpage link

Scammers use url shorteners just like bloggers do … to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.

The redirection happens as quick as a flash and will not be noticed by the caller.

For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don’t question it and follow the link out of curiosity. But you don’t expect where it is taking you and wish you never followed that link!

Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as “Long Url Please

Bit.ly is different though when it comes to security!

There is one I came across. Bit.ly actually does have warnings! Check this out: http://bit.ly/cgBT8e brings you to this warnings page:
https://bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to http://5z8.info/cockdock.gif_z7g9w_openme.exe

(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to http://safeweb.norton.com/ and is safe)

Also Bit.ly tells us on their blog (http://blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
https://addons.mozilla.org/en-US/firefox/addon/10297/

And if you add a + at the end of any bit.ly url you will get more info on where it will take you.

Continue reading about this here:

http://kasha.freeforums.org/be-wary-of-any-shortened-webpage-link-t14.html

 

There is also a write up about url shorteners / redirecters here:
“How to Avoid Being Caught by Bad Tiny URLs”
http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

What is the issue, why is it a problem, and what can we do about it?

Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.

So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.

When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.

Sounds good so far, right?

The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.

A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.

Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.

You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.

To continue reading the rest go to http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

December 13, 2010 | Categories: Security | Tags: | Leave A Comment »

Odin Sphere

oh dear here we go again with some more Square Enix masterpiece

Today Review be about Odin Sphere!

This is one of the coolest and most beutiful grapich i ever seen on PS2
i dont understand why the make more of this, or i have perhaps just miss all other game how have same? are they crap? or too good? i will never know (if no one tip me one haha)

we begin with the characters
there are 5 playable characters and these are

Gwendolyn

Cornelius

Mercedes

Oswald

Velvet

Ok these character how we will follow will have a problem to solve and try to do the right in there world.

Story
is war between Odin and the Fairy queen. and the Queen have a ring how Odin was to make him to the most powerful person. This ring will activate to a big machine how can make a so like called “Rangarök”. this game have some out take of nordic history but very small out of it.

Gameplay
simple beat them up sidescrolling and with some RPG element. you can even choose to have Japanse voice or English voices. i prefer the japanse one

i just find a english version of a gameplay but here it goes

My thinking of this game

this was a game i found very cheap in a shop.  it looked intressting for me and i buy it. It was so worth it, this game give nice feelings while play, and the story is really intressting more you understand it. this is a really beutiful made game.

i will give this game  9/10
why i dont give it the last 1 point is becuse something was missing, a litte thing but i cant know what but 9/10 is much anyway and is a really good game!

see ya!

November 29, 2010 | Categories: Games | Leave A Comment »

Final Fantasy 6

Halloj i gonna today review about the game final fantasy 3 or 6. Becuse 3rd it calls in Usa and 6 in japan, why you ask. it was becuse final fantasy 3 and 5 wasnt released in usa.  final fantasy 4 be the 2nd game in usa. so f**ked up. but whatever lets talk about
final fantasy 6 “we say 6 to make it easy”

Final Fantasy 7 is the most popular final fantasy game many know and liked, and yeah it was a great game But i think final fantasy 6 is much better. becuse of the character. all have a rule in it, even the bad guys or the side characters. All of them make sense. not make unaccary moments. so you will give all love to every character you will learn about in this game even the Kefka how will hate you!

 

 

Story
is about 2 worlds, our world and the espers world. epsers and humans once share one world and lived together but later the human got greedy and used the espers as power and then for that epser go in another world. it was a war with magic but then disappear becuse of the espers. later on a guy named Kefka did find a way to get magic again and got a girl called Terra and mind controll her, this girl Terra was a mix between human and esper and knows magic becuse of this.

Gameplay
pretty typlical, commando which how choose which attack/support skill one character gonna use. and its fun with so simple

my thinking of the game

This is the nummber 1 final fantasy game i know. i like all character but if i must choose 3 person they would be theses guys

Kefka

Locke

Edgar

Kefka is the most EVIL video game character i know and the most charming one too. hes have a very funny humor and special style how make him so charmy diffrent from all other typical evil  video game character , and yes i look at you

ehm. anyway Locke is very kind person and lucky with the girls even if Edgar how is the girl crazy one dont get any! how unlucky for him! Edgar is one of the funny in the team and have cool tools! as Chainsaw or crossbow

the music in this game is reallllly good is sounds like magic

and yes of course we cant miss Kefka´s meanie theme

i get this game a 10/10 this game dont miss a thing this is a real game

i cant wait for this game have a remake on the NDS like all other games and soon we hope for Final fantasy 5 remake so we able to play that game

see ya later!

November 20, 2010 | Categories: Games | Tags: | Leave A Comment »

« Older Entries
Follow

Get every new post delivered to your Inbox.