Tech Xpress

You've Got Mail? Good! Now Save your Bank Account

Our previous post (Hoax Email misleads top selling newspaper), which was an example of the consequences of blindly believing in email, left me wondering about the level of confidence of users on the authenticity of an email message.
If a top selling daily can fall prey to fraudulent email, SO CAN YOU!
Let's take 3 cases of some common variants of possible email frauds:
  • Picture this! You receive an enticing email message from some unknown person promising manifold returns from your investments.

  • You get a mail offering a fat salary job even though you never applied for one! Offcourse you'll be asked to pay some amount beforehand for whatever lame reason.

  • You get an urgent message from your bank prompting you to login to your bank account or provide sensitive credit card details.
Unfortunately, naive users will be easily trapped here because of a lack of understanding or knowledge and most of all, lack of experience of such a situation.
Wait a minute! Even the not-so-naive and advanced users fall for this, especially in the third case, which is what we will be covering in this article.
By the way, its puzzling to know that many people still get tricked by the first two cases; How could that be possible?

How are people trapped?
Email being a very popular communication medium, is a very easy and seemingly anonymous conduit for hackers to phish sensitive information such as bank account details from users.

You receive a mail from what seems like your bank, asking you to fill a form or click a link to login to the bank account.
Note the sender's address of the mail. Even if the sender address looks valid like admin@yourbank.com, don't believe it. Its probably been spoofed.

The email will surely try to persuade you to click on the links present in the mail to login to your account. Those who click on the link will be taken to a login web page which looks exactly like your bank website. Yes! It is a fake site which cleverly impersonated the original bank website.

Never ever enter your user id and password from here to login. Users who try to login from here unknowingly, will receive a cannot connect or server too busy or whatever message when in fact, their user ids and passwords will be saved in the computer of the fake website for the hacker to use.

If an email induces you to call the phone banking number provided with the mail, you are probably being trapped. There have been cases where criminals have set up a system which fluently simulated an automated phone banking facility where people have been caught unaware, thus providing their bank details through the phone.
The not-so-techie criminals may use a fake tele banker to extract details from people.

Precautions you can take to avoid being phished
If you receive an email from your bank :

  • Don't trust the email message even if the sender address looks valid.

  • Check if the email message begins with your full name. For eg. Dear Mr Sean Smith instead of Dear Sir. Most banks use their customer names.

  • Never click on a link from an email.

  • Don't reply to a suspicious looking email. Never reply if its from your bank.

  • Always check with your bank if you get an urgent mail. You can either call or visit the bank.

  • Make sure you manually type the correct official bank website address in the browser window.

  • Never call your bank from the phone numbers listed in the mail. In fact, don't use any of the contact methods mentioned in the email. The bank's website will have the contact numbers.

  • Always re-check the address you've typed in the browser address bar. For eg www.youtbank.com instead of www.yourbank.com. There is a possibility of the first address being used to cheat unsuspecting people.
Not just banks, your mail account can also be phished
Here's a nice screenshot I saw at flickr (Thanks to the original uploader,ssufian ).


The Thunderbird email client has detected a fraud email message. Notice the login link provided in the mail. It looks like a valid google account address. However, the status bar in the picture points a different link.

Conclusion

The message here is loud and clear. DO NOT always believe in what you read in your email.
Email is not the only culprit, the user too is responsible.

The latest versions of popular web browsers Internet Explorer (7) and Firefox (2) include anti-phishing capabilities. These browsers check for notorious sites from a predefined list of phishing sites. This dosen't mean that you're safe when using IE, Firefox or infact any anti-phishing software.
Phishing sites being easy to set up, are becomming common place and don't expect all of these sites to be present in the different anti-phishing databases of vendors.

Hope you find this article useful. Till then, surf safely.


Security Update:

Today I stumbled upon this video (at TechEBlog) on how someone could clone your credit card, while you are paying your restaurent bill. Check it out.






Discuss this topic..Click here to Leave a Comment...

If you like this, click here to get updates by email

Click here to subscribe to Feeds

Image source: Softpedia

Tags:

Labels: , , ,

posted by Vijeesh Ravindran, Saturday, January 20, 2007
| link | 0 Comments |

Hoax Email misleads top selling Newspaper

There was this interesting article (pictures and transcript below) that appeared in one of India's top selling english daily, The Times of India.

Food for all
It’s party season and every one is talking about binging at weddings, launches, open houses. But the lesser-known side effect of this food orgy is the amount of food that goes waste. For those who want to spread the cheer a bit, you can call Childline (1098), a remarkable organisation that works with street children.

If you have leftovers, a volunteer will come over and pick up the food—a good way to ensure that you don’t eat that mutton biryani and chocolate mousse for breakfast, lunch and dinner the day after. And some little person who may or may not be living on a railway platform, will send you a whisp of a blessing. NAMITA DEVIDAYAL | TNN



The article published in the Sunday Times (dated 14 January 2007, Page 20) i.e the sunday edition of the Times of India, appeals to readers to generously send the leftover food from parties...etc to Childline (1098), an organization that works for children in need of care and protection.

Moved by the article, I decided to spread the word through this blog. That was before I checked the official Childline website.
To my utter disbelief, a message flashed in front of me:

Caution: We understand there is a chain mail circulating that says - one should call up 1098 to pick up left over food after a party etc so that it is not wasted. We are India's only and most widespread Children's phone outreach service (1098) for children in need of care and protection. We do not pick up food or distribute food. This mail was not initiated by us, kindly do not circulate it.


Apparently, the people concerned here blindly believed the email and did not even bother to confirm with Childline before putting it to print.
Childine India 1098 is a free 24 hour phone service for kids of all ages. This unresponsible and casual act coupled with an overdependency on email will surely put unnecessary burden on the members.

If you like this, click here to get updates by email

Click here to subscribe to my Feeds

Tags:

Labels: , ,

posted by Vijeesh Ravindran, Thursday, January 18, 2007
| link | 0 Comments |

Hide files in a Installer for Windows

There are tons of articles and software available that can be used to hide your secret files in windows.
Some articles are about the lame hide folder method in windows and others about encrypting files in a zip file or archive. And not to forget the plethora of softwares (most of them may not be free) available for this.

I figured a unique way to hide files while working on a software project for my client - Hiding your files in a customized professional looking installer program for windows.
For simplicity, this article is split into 2 sections; a small video section where you can quickly watch the how-to clips, and a detailed step-by-step section which includes pictures to illustrate the trick.

If you find this article boring..just scroll down and view the video and step-by-step sections directly. However, it would be sensible to read the next few lines before the actual steps.

Fine! So what exactly is this about?
This post will introduce you to a pretty obscure technique to not only hide files, but also encrypt them in a professional looking installer program for windows.
The end result? These files will be packaged into a windows installer program, making others believe it will install some software, which offcourse it dosen't.

The installer program I'll be using is Inno Setup, a free installer for Windows programs. In my experience, this one stands out as one of the very best installer programs to distribute software.

Encryption allows you to password protect the installer. A wrong password will prevent the installer from copying the files to the harddrive. The password feature is very much similar to the serial key or product key functionality used in other installers.
Also, the target computer on which the files have to be copied need not have Inno Setup installed.

After successful installation, an uninstall icon is also created in the target folder. The uninstaller can be used to delete the files with just a single click.

Before proceeding, make sure you have Inno Setup installed in your computer.
Download Inno Setup.

Video: Hiding files in a windows installer

The first video part below describes creating the setup file from Inno Setup.



The second video part shows the newly created customized setup being executed.



Third video part shows navigating to the installed folder and deleting the files using the uninstall icon.




Step-by-Step: Hiding files in a windows installer

1. Before we proceed, make sure you've installed Inno Setup.
Start Inno setup by clicking the icon from your desktop or from the start menu.
A welcome screen is displayed (see picture below).
Select the Create a new script file using the Script Wizard option and Click Ok.



2. This initiates the Inno Setup Script Wizard. Click Next to continue.


3. The next window prompts you to enter some basic information about your application. You can type any name of your choice for the Application name and Application name including version fields.
The remaining two fields or boxes can be ignored if you wish.


4. Click Next in the Application Directory window (Fig below) of the wizard with the default values. The Application Directory window is where you specify the target folder information.


5. The Application Files screen is next. Use this screen to select the files to pack inside the installer.
Don't forget to select The application dosen't have a main executable file checkbox.
Click the Add file(s) button or Add directory button to choose the files you want to pack.
Click Next.


6. Next is the Application Icons window. Uncheck all the checkboxes as shown in the picture below and click Next.


7. Click Next in the Application Documentation window.


8. Select the language in the next window. (Fig below)


9. In the Compiler Settings window, browse and select the folder where the setup file is to be created in the Custom compiler output directory box (First box in pic below).
Type the setup file name in the Compiler output base file name box (Second box in pic below).
If you want your setup to be password protected, type the password in the Setup password box (last box in fig below).
Don't forget this password as it will be required when you run the setup later.
Leave the password field blank if you don't want a password for the setup.


10. The next is the last window of the wizard. Click Finish.


11. Now, a small window pops up which prompts you to compile the script. Click Yes to compile the script.
Note: The compilation may consume a lot of time depending on the size of files specified. Inno Setup allows splitting the installation into multiple files by using disk spanning. Please check the Inno Setup help file for further assistance.

12. After compilation, the setup is created in the Custom compiler output directory that you mentioned in step 9.
In our example pictures, it is D:\Tech Xpress Testing.

You can click this compiled setup file to install the files.
Note: The setup will prompt for the password that you specified in step 9.

After the installation is complete, the files are unpacked in the target folder the user specifies. Here, an uninstall icon is also created (see picture below).
Clicking the uninstall icon will unistall i.e delete the files from the computer.


If you like this, click here to get updates by email

Click here to subscribe to my Feeds

More Reading:
View your site online in different browsers
Disable tabs in IE7
Megaupload trick to bypass country download slots
Get last updated Date & Time of a web page

Tags:

Labels: , ,

posted by Vijeesh Ravindran, Friday, January 12, 2007
| link | 1 Comments |

Join Multiple Video (flv, mpg) files in Windows

Hello Readers!
There are times when you get multiple files in small chunks of the same video clip or movie.
What do you do? Offcourse you play the files in your media player.

So what is the problem?
The media player disturbs the flow of the movie after each file. Even if the files are properly arranged in the list of the player, there will always be a small pause.
What's more annoying is the number of files required for a single movie.

The following 3 tricks will help you to combine multiple video files (only mpg files, other formats may work with the second trick).

Update
: There are comments that this works for joining flash video (flv) files as well. These are the type of files you can download from YouTube.
If you get timecode corruption after merging FLV files, check out this comment to avoid timecode problems when joining flv files.

This small compilation won't make you sweat. It's really easy to try. Give it a go if you are interested.

Trick 1

1. Open a blank text file.
2. Type copy /b *.mpg FullMovie.mpg
3. Save the file with a .Bat extension.
Let's say you saved the text file as Joiner.Bat.
4. Now Copy and Paste this Joiner.Bat file in a folder which contains more than one mpg files.
5. Double click the Joiner.Bat file.

A combined file named FullMovie.mpg is created from all the mpg files in the folder.
Based on the limited testing I did, this trick didn't work with avi and wmv file formats.
However, you can try and check if this works for other file formats.

Below is a small video demo (click to play) of this trick





Trick 2

This is an old trick I used a lot.
1. Here, you'll have to add all the small mpg files into a zip file. This can be done using Winzip.
2. A very important thing to remember here is the files must be zipped without any compression.
3. Arrange the order of the files in the zip.
4. Rename the zip file as an mpg file.
5. That's it! Click and enjoy the movie.

This works pretty well with mpg files. You can try this with other file formats. Please comment or reply back if this trick works for any of the other formats.


Trick 3

The third and final method is a superset of the first method.
Here, the command prompt is used to join files. An advantage over the first trick is you can specify the files you want to join.

1. Click Start >> Run.
2. Type cmd and press Enter. This will open the command prompt.
3. In the command prompt, type
copy /b "D:\FirstClip.mpg" + "D:\SecondClip.mpg" "D:\FullMovie.mpg"
where FirstClip.mpg and SecondClip.mpg are the video files to join and FullMovie.mpg is the resultant combined file.
You can specify any number of files to join.
Also notice I have typed the entire file path in the above command.
4. Press enter and the files will be joined.


Using Other Softwares
Check out the tools below that may just do the trick for you (Got them from reader comments) :
a. Movica
b. AviDemux
c. FLV Binder
d. Andy's FLV Joiner

If you have any other tricks, feel free to contribute or comment....

If you like this, click here to get updates by email

Click here to subscribe to my Feeds


More Reading:
Using 'No to All" while replacing files in Windows
Capture Video screenshots from Windows Media Player
Create "Nameless" files in Windows
Rename multiple files simultaneously in Windows
"Type to create a Table" in Microsoft Word
Remove "Folder Options.." from Tools Menu in Windows

Tags:

Labels: , ,

posted by Vijeesh Ravindran, Monday, January 08, 2007
| link | 132 Comments |

Adding a Chat window in your Blog

Adding a chat window to your site or blog can help visitors easily communicate with you and with other fellow visitors.

And there are a host of services which allow you to set an instant messaging platform for your site.
Let's take a look at some of these.

Chatango




First of all, Chatango provides a very simple and easy looking interface.
Here, you can add a public chat room(a group) in your blog where you are the owner of the group.
The owner can block users from the group and delete messages from it.

Apart from group chat, Chatango also allows you to add a private chat window where you can have a one-on-one conversation with your site visitors.
The Chatango chat window I have implemented above is a private chat mini box.
You must be logged on to chat with visitors.
Get a private mini chat window from here.


Meebo Me





Of all the chat plugins that I have come across, Meebo Me has got the most impressive interface with a nice Web 2.0 look.
Again, like Chatango, you'll have to log in to chat with visitors.


Cbox






Cbox provides a free Basic chat plugin (above) which is Ad supported and a Premium one for $2 a month or $20 per year.
The Cbox chat interface is not the best looking one around.
You can signup for a Cbox chat plugin here.

Gabbly

Gabbly has a unique way of usage where you just have to prefix http://gabbly.com/ to the site.
For Eg. http://gabbly.com/http://txpress.blogspot.com will open a Gabbly chat window.
However, you can also embed the Gabbly chat window by generating the code from the Gabbly site.
Gabbly is more like a discussion forum or a group chat service than a private chat one.
Gabbly can play sounds to alert users for new messages and also allows RSS subscriptions for the messages.
Javascript must be enabled for Gabbly to work.

These are the chat widgets I have tested. Please let me know of any similar plugins.

If you like this, click here to get updates by email

Click here to subscribe to my Feeds

More Reading:
View your site in different browsers
Download Free Music from Bebo
Megaupload trick to download files

Tags:

Labels: ,

posted by Vijeesh Ravindran, Thursday, January 04, 2007
| link | 3 Comments |

Your Face as password in Lenovo notebooks

Lenovo has unveiled two notebooks in India which store your face as password.
The Lenovo 3000 series Y300 and Y500 models are the ones that was unveiled.

How does it work?
These notebooks come with biometric facial recognition technology that takes digital pictures of your face.
Key facial features are then used from these pictures to create a digital map. This digital map will act as the password.

When unauthorized attempts to login are detected, the notebook takes the snaps and stores the photos in a log which can be referred later.

I would still bet, users will find ways to work around this. It's only a matter of time!

The Lenovo 3000 Y300 retails for 61,990 INR and the Y500 is priced between 31,900 INR to 69,990 INR.

Read full story from Hindu Business Line

Check the Video below for the Lenovo notebooks (via Digital I.T Blog, Thanks to Atul)



If you like this, click here to get updates by email

Click here to subscribe to my Feeds

More Reading:
Password Protect folders in Windows XP
Video: Lucky couple escape death
Sneak through remote online cameras
Google currency converter

Tags:

Labels: , ,

posted by Vijeesh Ravindran, Wednesday, January 03, 2007
| link | 0 Comments |

Snap Preview: Let visitors 'SEE' your blog links


Snap Preview is a cool service that allows visitors to preview links in your site without leaving the site.

What's good about Snap Preview?
I only see one! Snap preview has very good potential to retain site visitors. They can simply check the links from your site instead of clicking and visiting them.

What's bad?
Those small boxes that pop up can be very annoying.
This won't work if javascript is disabled.

Implementing this for your site or blog is a very easy 3 step process.
1. Click here to go to the sign up page and fill the details.
2. Enter the security token, agree to terms and conditions and generate the code.
3. Copy the generated javascript code and paste it before the closing Header tag in your blog template.

That's it! Enjoy.

If you like this, click here to get updates by email

Click here to subscribe to my Feeds

More Reading:
Flash Mind reader Secret revealed
Create "Nameless" files in Windows
Rename multiple files simultaneously in Windows
Megaupload trick to bypass country download slot limit

Tags:

Labels: ,

posted by Vijeesh Ravindran, Tuesday, January 02, 2007
| link | 0 Comments |

Video display in your Spectacles


Oh yes! Now you will be able to watch movies in your eyeglasses.
An Israeli company, Lumus-Optical, has developed spectacles that will redefine the way we watch media content.

The Lumus eyeglasses have proprietary optics lenses with micro-projectors and LCD micro-displays on the side of each lens. These miniature projectors and displays are fitted on the frames of the eyeglasses.
This gadget has the amazing capability to deliver high resolution content in full color.

The latest prototype from Lumus has high VGA resolution with 640 x 480 pixels.
The Lumus is designed to give you the "watching a 60 inch TV from 10 feet away" experience.

The images produced in the Lumus glasses are transparent. This means you will be able to look through the glasses when video content is displayed. The Lumus screen won't block the viewer's vision.

At present, this device is not available for people like you and me.

Lumus will be demonstrating the video glasses at the 2007 Consumer Electronic Show in Las Vegas this month.

You can read the full story from here

If you like this, click here to get updates by email

Click here to subscribe to my Feeds

More Reading:
Pen that requires no Ink
Smartest Phone: This one "knows" its owner
Capture video screenshots from Windows Media Player
Inside view of a ripped open PlayStation 3
How to download Free music from Bebo

Tags:

Labels: , , ,

posted by Vijeesh Ravindran, Tuesday, January 02, 2007
| link | 0 Comments |

Protect Passwords from keyloggers using KeyScrambler

KeyScrambler is a Firefox addon which protects your keystrokes from keyloggers.

What are keyloggers?
Keyloggers are harmful stealth programs like trojans or viruses that record your keystrokes. Your keystrokes may include banking passwords, mail passwords etc.
Some of these keyloggers may have the capability to send your recorded data (i.e passwords) to remote computers.

How will KeyScrambler protect me?
KeyScrambler tames the keyloggers by encrypting the keys you typed at the kernel level.
Keyloggers will only record these encrypted keys and not the original ones.
The encrypted keystrokes are then decrypted at the browser level for you to see.

The biggest advantage here is, you will be protected against unknown keyloggers as well.
While entering sensitive data, a screen is flashed at the top of the browser which displays the encrypted keys.

I have observed mixed results with the limited testing I had performed using KeyScrambler.
KeyScrambler worked perfectly with Firefox 1.5.0.9 on a Windows XP machine.
This did not work with Firefox 2.0 on a Windows Server 2003 computer.

As far as I know, KeyScrambler is only available for Windows. Also, the installation process of this Firefox Addon is more like a normal Windows application installation.
KeyScrambler can also be configured to work with Internet Explorer during installation.

Download and Install KeyScrambler for Firefox
Note: You may also want to read what others have said about this addon at the Mozilla site.
And quite a few people have had problems with this addon. However, you can install it at your own risk.

If you like this, click here to get updates by email

Click here to subscribe to my Feeds

Related Reading:
Password Protect folders in Windows XP
Bypass Megaupload country download limits with this Firefox Addon
View Pages in Firefox using the Internet Explorer engine
Disable automatic image resizing in Firefox 2

Tags:

Labels: , , , ,

posted by Vijeesh Ravindran, Monday, January 01, 2007
| link | 0 Comments |