We can check your plugins and stuff

Sunday, November 13, 2011

Don't let the spammers get you!!!!!

A few days back I helped an acquaintance help recover and secure his/her cracked yahoo account. The hack was typical ruse played by the spammer, after taking over the account the entire contact book was copied. Deleted the original contact book from the email account. Make a fake new account by adding a letter to the original account. Set up a filter to auto forward all mails received to this account, also set a filter to add a blind carbon copy to another account (This is done so just in case the original account is recovered ... via password recovery and secret question. to monitor what is going on by the cracker).

The person concerned was worried as all his/her contact were deleted from the account and he/she suspected it was a hack attempt by a business rival. I had to scan ,examine and check the laptop for any attempt of deliberate cracking. The initial scanning and testing showed that the laptop was not secure by any stretch of imagination.

Multiple and glaring security omission were noted. The OS was not patched with any service packs and hot-fixes released thereafter. The account in use was an administrator level account. The system did had antivirus software installed ... but it was something I would not recommend to anyone. It has a known poor detection rate and does not protect from any web attacks like script based worms, code injection etc. Worst of all it does not have a dedicated anti root kit and anti spyware component. To top this all multiple Service Packs and patches were missing from popular software like MS office, web browsers, browser addons, old java virtual machine. All in all the system was crying to be taken over sooner or later.

Now on the actual ruse played by the cracker. As mentioned the cracker deleted the original contact list. Before doing this the entire address book was sent a mail .... this mail is typical of the phishing attack we see these days. All the contact were told that the owner of the account was stranded in Spain and had his/her Visa taken away. He/she pleaded them to send him money via online transfer so he/she could be back into his/her hotel and get back home safely. The actual account holder had been getting concerning calls since early morning from people all over the world. Some had also fallen for the con and replied to the mail

The reply was auto forwarded to the fake email account and details was sent back of a temporary western union transfer account to wire the money. Even a contact number was given in the fake mail. (Do not call such numbers as they could be ISD calls/Premium rate numbers or and even a collect call. You may end up paying a large amount in call charges). Sadly in this case a few people did sent some money. (If you are in such a fix always make sure to contact the actual person on his/her known landline or cellphone

The victim was educated on how to secure his/her laptop and update the OS and other software's. Email account setting were restored to normal, password changed and make use of strong password and features like Secure Text/Picture of yahoo. Account logs were checked to find that the crackers first accessed the account from Kenya and later from Australia. (At this point it is not clear if they were the same person/group using proxy servers or working over the Internet.)  All spoofed emails/headers/IP address details were noted and saved. The victim was advised to contact people in his address book to not to respond to any such emails. File a cyber crime report with the local cyber crime cell, and submit the details as evidence.

Conclusion: The ruse played on the emotion of the people in the address book to skim off money via online transfer. The address book was deleted to avoid let the people know that the mail was fake. If you have been using an email account for a long time, it is a good idea to take a backup of your contacts. Check all filters/forwarding setting and make use of all security features possible. Use common sense and contact the person on a known number to confirm of any such event.

P.S --- Case of the Internet con to get a good job!!!!!

Received a similar mail today that tries to exploit on another human emotion. This one is pure con, and promised you a very lucrative job offer. No hackers or hi tech involved.. in fact the attachment it's self is a plain text file. No virus or trojan etc. 

Head Office Maruti Suzuki,
India Limited Nelson Mandela Road,
Vasant Kunj, New Delhi-110070.


Your Resume has been shortlisted for our new plant.The Company selected 45 candidates list for Senior Engineer IT,Administration,Production,marketing and general service Departments, It is our pleasure to inform you that your Resume was selected as one of the 45 candidates shortlisted for the interview.

The Company SUZUKI is the best Manufacturing Car Company in India, The Company is recruiting the candidates for our new Plants in Delhi,Bangalore, Pune and Mumbai.Your interview will be held at The Company Corporate office in New Delhi on 23rd of November 2011,at 11.30 AM, you Will be pleased to know that the 45 candidates selected 34 candidates will be giving appointment,Meaning that your Application can progress to final stage. You will have to come to the Company corporate office in New
Delhi,your offer letter with Air Ticket will be sent to you by courier before date of interview.

The Company can offer you a salary with benefits for this post 62, 000/- to 200, 000/-P.M. + (HRA + D.A + Conveyance and other Company benefits.The designation and Job Location will be fixing by Company HRD. At time of final process.You have to come with photo-copies of all required documents.

1) Photo-copies of Qualification Documents.
2) Photo-copies of Experience Certificates (If any)
3) Photo-copies of Address Proof
4) Two Passport Size Photographs.
5) Mobile Number

Please note: All requirement should be sent to this email:

You have to deposit the (Cash) as an initial amount in favor of our company accountant name in charges to collect your payment department for Rs.16,200/- ( Sixteen Thousand two hundred rupees ) through any [STATE BANK OF INDIA] OR [AXIS BANK] Branch from your Home City to our Company accountant name in charges. Account NO:,which will be sent to you upon your response. This is a refundable interview security. Your offer letter with Air tickets will be sent to your Home Address by courier after
receiving the confirmation of interview security deposited in any of the STATE BANK OF INDIA OR AXIS BANK.
This Company will pay all the expenditure to you at the time of face-to-face meeting with you in Company. The Job profile, salary offer, and date -time of interview will be mentioned in your offer letter. Your offer letter will dispatched very shortly after receiving your confirmation of cash deposited in STATE BANK OF INDIA OR AXIS BANK.
We wish you the best of luck for the subsequent and remaining stage.The last date of security deposits in bank is 20th of November, 2011. You have to give the information after deposited the security amount in bank to the Company HRD-direct recruitment via email.Your Offer Letter with supporting document will be dispatched same time by courier to your postal address after receipt of security deposited confirmation in bank. The interview process and arrangement expenditure will be paid by SUZUKI COMPANY.Lodging, traveling and local conveyance actual will be paid by MARUTI SUZUKI COMPANY as per bills. The candidate has to deposit the initial refundable security as mentioned by HRD.NB: You are advice to reconfirm your mailing address and phone number in your reply.And 16,200/(Sixteen Thousand two hundred rupees) will be the refundable amount,as 200rupees will be deducted as bank charges for funds deposit and if you are been selected or not, still the amount will be refunded to you,as the amount is just to prove that you will be coming for the interview in order for us not to run at lost after sending you the air ticket Offer Letter and you don't show up on the day of interview.

Wishing you the best of luck.

Shinzo Nakanishi
Chief Executive Officer, Managing Director,


Conclusion: Now you have to use common sense, some of the details may be true. But how in the heaven I am being offered a job at MARUTI SUZUKI when I did not even apply. My CV is not even online at any job portals :P :P LOL. By reading the text marked in RED, it should be very clear that this is an attempt to rip you off the money and IS TOTALLY FAKE.  Do not send any details or the money to them. A company like MARUTI SUZUKI (automobile makers) will never use a Hotmail id to send you official emails from HR.

Gmail is not marking such mail as spam right now. If you happen to get such a mail, mark it as spam. Report to the company involved of the ongoing scam. Tell the world, your friends and your dog about this. Save them all :)
Be safe...

Friday, November 4, 2011

Some personal musing on Linux...

Have been using Computers since early 80's old fond memories of chunky, springy old BBC micro keyboards back at school as small kids... staring at the small burning phosphor orange or green screens... it was all 'awe' and 'awesomeness' .. LOGO and turtle :D :D fun times.

Till early 90's I did not even own a personal computer... by mid-late when I did get one it costed an arm and leg. Had no idea about "free software"... back in the days one friend had a fast PC with the Pentium Pro chip ... we got hold of a Slackware CD via a popular computer mag.. booted with it and borked the windows 95 boot loader... I had to literately had to take the slack ;) for that... It was good I knew how to re-install Windows.

We had no Internet and support to speak of... First there was shell/acc (which was too expensive) and the dial up modems. I recall few people had heard of Linux/GNU in our circles. I once subscriber to a national level mailing list... as my software modem (sm56) would not work under Linux...  I was overwhelmed by the huge 
volumes of emails in my inbox. Over 300 mails in 2 days.. It did not make any sense too.. (to be true mostly flame wars and ego trips). Had to unsubscribe in just four days.  

I was given the typical RTFM treatment, and asked to grind the soft modem type advise... being on dial-up and raking up huge phone bills... where I was paying by the seconds did not help.. need less to say I was put off .... 
After a few years I did try Mandrake Linux and that did work with my dial up. I had to actually mail the maintainer of sm56 kernel module maintenance. He was kind enough to write out step by step commands. I did a actual compile of a custom kernel and module.. all without  realizing the depth or importance  of it. All I remember is that it took like three hours and forever.....  on my PIII :P

For years I did not look at Linux as a full time indulgence... things moved on the tech sphere.. was lucky to have indirect access to high speed Internet access via VSAT and ISDN via few government and research facilities. Saw them using Unix and Linux full time, the bug was on :)

A Indian tech mag had a big role in my trying Linux properly. There was a lot of useful discussion and proactive help. I even ended up been one of the unofficial beta tester for the distro they rolled out in '04, '05 and '06. After this there was a on and off spell of Linux Distro hopping ... Had a good run with the Sarge DVD... Fedora Core series. By now had seen all sorts of holy wars and flame wars on every thing under the sun from to call it GNU or not, KDE vs Genome, rpm vs apt vs yum, Windows vs rest of the to Open source world, happening/not happening Desktop Linux.  I had ADSL by this time, bills were reasonable now. 

Linux became main stream, at least usable for semi techie people. Lots of info on the Internet in the form of How-to, guides, web sites, and even videos. Major changes in hardware and better compatibly made things easy. Like all things tech ... things are moving at a rapid pace...  In all this my major observation is that the end user should have access to decent Internet speed. If he/she is driven enough the support and proper info can be found to make Linux work. Today points such as games/office suits/XYZ software on Linux is often mute. It works and works well indeed.
Major changes in hardware and virtualization technology, better and easy desktop environment, great hardware support in the latest stable kernels also made it easy for non *nix users to try out Linux and use it.  Now you do not have to a OS guru to install Linux. Don't want to install it just give a Live CD a try... it almost a non issue.

Now we are seeing a new wave of support issues, many places still don't have xDSL/cable or fiber. Many  people are on slow connections like GPRS, dial up even today. Many have just begun to taste the fruits of 3G wireless Internet. From what I have seen is 3G can be great enabler and can even used at places that do not have land-lines/xdsl. In this way my friends in the western countries are way better off.
For them it is just a matter of minutes or less then an hour at the maximum to try a new release DVD. On the other end for many of us it is still no fun to wait and keep downloading a DVD of around 4GB after several days. 
For what I see it is not some magical feature or the next killer app that helps in major Linux adaption, but it is rather the available of cheap data plans and faster Internet connection. Better hardware support for wireless devices like 3G HSDPA USB modems, pain less support for "tethering" with mobile phones. The Internet is "THE" medium of all types of content delivery , be it the all elusive killer cloud app or Linux adoption for the masses.