free adobe palace script font download

Adobe Photoshop CS5 cheap free safe download of adobe acrobat reader download crack for adobe authorware 7 cheapest download stand alone adobe flash adobe elements download

adobe cs2 download free crack key generator

Adobe InCopy CS5 for Mac cheapest adobe flashplayer free download adobe version cue update download windows cheapest adobe illustrator 10 free download adobe photoshop 70 download

download adobe photoshop cs2

Adobe Creative Suite 4 cheap adobe photoshop cs3 iso file download free adobe acrabat reader download buy cheap adobe acrobat raeder v7 download free download adobe acrobat professional 6

adobe photoshop font download

Adobe cs5 Design Premium cheap adobe flash reader download free ware download adobe photo shop buy cheap download adobe imageready free adobe dream weaver 8 download

free download adobe photoshop cs2

discount Adobe Flash adobe 8 reader download adobe version 7 download buy cheap manually download of adobe flash player 9 how to download adobe premiere pro free

adobe illustrator download free

cheap PDF to-EXE Converter adobe photoshop font download download adobe indesign cs3 buy cheap adobe reader download full download adobe acrobat megaupload

adobe illustrator cs3 crack download

Autodesk Simulation 2012 buy cheap adobe 5 free download adobe purchase products maintenance download contacting typeface cheapest adobe reader free download for windows vista download adobe premiere pro

adobe acrobat 6 full download

AutoCAD Electrical 2012 discount adobe reader vista download free download adobe photoshop cs3 extended me trial buy cheap download adobe professional download adobe svg viewer

download adobe gamma

cheapest Autodesk AutoCAD download adobe download manager free acrobat adobe download cheapest download adobe reader fur windows 2000 free download adobe flash player

crack adobe photoshop cs3 download

buy cheap AutoCAD 2010 adobe pagemaker download full free free adobe image ready download discount adobe illustrator cs2 trialware download adobe flash player 8 free download

free download adobe premiere pro cs3

AutoCAD 2012 buy cheap adobe image ready download download adobe photoshop elements discount download free adobe standard sf86 sf 86 sf 86 download adobe pdf

adobe download photo shared shop

cheapest AutoCAD for MAC adobe premmiere free download download adobe shockwave player discount free adobe acrabat reader download adobe flash player and download

iran download adobe photoshop

cheap adobe acrobat x free download of adobe reader 8 download and edit adobe files buy cheap adobe fash player download adobe after effects full download

adobe flash lite download

adobe acrobat x suite discount buy adobe photoshop download free download adobe acrobat reader professional 6 cracked discount adobe flash player 9 active x download free adobe ilrator download

adobe premiere tryout download

buy cheap adobe creative suite 4 download adobe photoshop 50 download adobe photoshop full cheap adobe photoshop download discount software download adobe 5

download adobe gamma download

discount adobe creative suite 5 how to download adobe on psp free ware download adobe photo shop cheapest adobe flash player version 9 free download free download adobe lightroom

cnet download adobe

adobe cs5 cheap adobe player download center free download adobe ilustrator discount best adobe acrobat download adobe indesign 2 for windows download

adobe acrobat download for mac

Adobe cs5 Design Premium cheapest adobe audition full download adobe photoshop element download buy cheap adobe acrobat reader 5 0 free download adobe download 8

adobe player 8 download

cheapest Adobe CS5 for mac adobe gamma download adobe acrobe free download cheap free download adobe pagemaker can we download adobe flash player file

download adobe flash player stand alone

buy cheap Adobe cs5 Production Premium adobe internet explorer download security adobe cs3 patch download discount adobe premier download crack free download adobe flash

download and install adobe flash onto my computer

cheap Adobe Dreamweaver CS5 download adobe photoshop 70 adobe pdf reader free download discount where can i download adobe flash player 9 download adobe creative suite 2 premium

how to download adobe flash files

Adobe eLearning Suite discount adobe premmiere free download free download adobe photoshop cs2 cheap pc wont let adobe plug in download download adobe illustrator cs

adobe flashplayer 9 download

Adobe eLearning Suite 2 buy cheap direct download links adobe download adobe illustrator cs cheap adobe illustrator 8 download adobe shockwave player download

download adobe media encoder

Adobe Flash Catalyst CS5 cheapest download adobe premiere effects adobe photoshop elements download discount adobe lightroom update download mac osx adobe reader kostenloser download

adobe after effects cs2 download

Adobe Illustrator CS5 cheapest adobe player download center adobe download free premiere discount adobe illustrator 8 download adobe flash direct download

free download for adobe streamline 4

cheapest Adobe Indesign CS5 free download adobe after effects for mac download adobe reader cd cheapest adobe acrobat reader free download download adobe ultra

adobe creative suite 3 download

cheap Adobe Photoshop CS5 adobe audition download free adobe acrobat reader 6 download cheapest adobe acrobat writer download adobe 10 download

macintosh download adobe acrobat reader

Adobe Photoshop Lightroom 3 discount adobe audition 3 free download adobe macromedia flash player 7 download discount free adobe photoshop full download adobe photoshop elements 5 free download

Archive for the 'Security' Category

« Previous Entries
Next Entries »

E-mail security: detecting spam

Published by
madelman
March 27, 2006 in Beginner, Email, Security and Spam. Comment

If the volume of spam we receive is overwhelming us and we can’t keep up with classifying , we need an automated way to separate spam from legitimate mail. One of the most famous methods was proposed proposed by Paul Graham in a paper called A plan for spam, where he talked about some algorithms which use probability to classify each message.

The basis for this method is a previous training of the algorithm, where we must feed it with spam messages and legitimate mail telling which is which. With this data, the algorithm breaks the messages in words and assign a probability to each word for being in a spam message and another for being in a legitimate mail.

When a new message is received, it’s broken in words like the training messages and the saved probabilities of each word are analyzed with a formula called Naive Bayes, which returns a final probability for the mail being spam or not.

Most of the known mail classifier use, at least, this method, usually combined with others, but we can see this is a really powerful way of classifying.

Another approach to classification is the one used by Spamassassin which has a series of rules that assign some points when it applies to the mail. As more points are assigned the mail has more probability of being spam, and it is classified as such when it surpasses a threshold.

Spamassassin also uses the Bayesian filter but it’s not the only way to check for spam, as it usually has distinguishable characteristics which may make it different enough from legitimate mail to be easily classifiable.

But spammers are adapting to the measures, modifying the mails they send so they are not detected as spam by the filters and it’s necessary to tweak these filters and find new ways to throw spam to trash.

E-mail security: spam

Published by
madelman
March 25, 2006 in Beginner, Email, Security and Spam. Comments

Spam is one of the most common types of undesired mail. It is sent in bulk to lots of people trying to sell some product or service. Many times, these products are not legal at all, as some drugs, but other times legal services are offered this way.

For an e-mail to be spam it must be sent without the consent of the recipient, that is, an e-mail with a commercial advertisement is not spam if you have asked for it. The legislation of each country is more specific as to what is spam and what is not.

The products which get more advertising in spam vary with time, but it is quite usual to receive spam about drugs like viagra or valium, about how to get fake college diplomas, how to get a mortgage or illegal software.

The problem of spam is economic. Sending spam is really cheap, so even if only a really small percentage of the receivers buy the product it’s still profitable. So, you must never buy products advertised this way, so spammers get the message that people don’t like to receive these kind of messages and won’t buy their products.

In the same way, the most expensive part of the spam is not payed by the spammer. He only has to find somewhere from where to send the spam and, once it has been send, he doesn’t have to pay anything more for it. But the message has to travel through other networks, has to be stored somewhere and has to be, finally, read or deleted. This has a cost in network bandwidth, in disk space occupied in, more importantly, in time spent by the final recipient having to classify and delete the e-mail.

For many people, the quantity of spam received is bigger than the quantity of legitimate mail, so they need some way to classify it automatically, as it almost gets impossible to do it by hand in a short time.

E-mail security: how they send the e-mail

Published by
madelman
March 22, 2006 in Beginner, Email and Security. Comments

Once spammers have a list of e-mails addresses they have to send their message to these recipients. When undesired mail was not a big problem as it is now, they could use their own infraestructure to send it, that is, their own servers or even from their own e-mail account. But as more spammers used this server administrators began to implement techniques to avoid being used to send spam, as it was a big consumption of resources, so they had to switch to using other’s servers.

This is a big annoyance for the owners of the servers, as they will be probably black-listed and will not be able to send legitimate mail, causing a disruption of the service for legitimate users.

In a first instance, spammers used mail servers which were incorrectly configured and allowed anyone to send e-mail through it (technically, it is known as relaying mail). It’s very cheap to use this technique, as to send massive amounts from the server the spammer only needed to send it once. Fortunately, nowadays most administrators configure their servers correctly and only allow authorized users to send e-mail, so spammers needed to find another way to send their junk. If you administer an e-mail server and you don’t have secured it against relaying you should check how to disable it.

The most common used technique nowadays is relay mail through botnets. Botnets are groups of compromised computers controlled remotely by the attacker and spammers use them to send the e-mails to the world. Unfortunately, there are a lot of botnets in Internet and it’s quite cheap to find someone who controls one and sends the e-mails for us.

For this reason, it’s important to protect our computer so it doesn’t get used to spam all the world. Also, some ISPs implement filters so e-mail from their users can only be send through their server (technically, they close the outbound TCP port 25). This way, they can’t send spam from that account but this is also an annoyance for more advanced users, which sometimes need to use other e-mail servers as they might have different accounts in other places.

E-mail security: where they get our e-mail

Published by
madelman
March 21, 2006 in Beginner, Email and Security. Comments

Almost everyone who has an e-mail account receives some undesired mail, be it 1 or 2 a week or hundreds every day, so one has to ask how our e-mail address is collected and how to avoid it. Although we can’t know for sure all the methods used by spammers, there are some common techniques which really work.

One of the most common ones is by browsing the web. Spammers send their computers to spider the web, that is navigate and follow links, retrieving the text in the pages and analyzing it looking for e-mail addresses. They usually only look for addresses which match the pattern user@server.tld, so if we write our address in some webpage, be it our personal website, in the comments section of another site or anywhere else, it’s easy some of this robots find it and we begin receiving undesired mail.

Another method is analyzing chain letters. These are usually full of working e-mail addresses, as they are send to all the addressbook and when forwarded these list is not deleted, filling it with more and more addresses as it is being forwarded.

Some time ago, Usenet News were a really popular service where people could read and send messages. These messages contain a header with the e-mail address of the sender, so spammers collected messages and analyzed them to get addresses. Nowadays, Usenet is not so used as before and the ones who use it are more knowledgeable, so I suspect these method is falling into oblivion, although it might be used by some spammers.

There have always been dishonest companies and some of them sell their databases to spammers, so depending on where we get registered we might be giving away our e-mail address to someone unknown. Depending on the country, there might be severe laws to prevent this, but it’s not always the case.

Another method is getting the address used when registering a domain. When you register a domain (like www.example.com) you have to provide three addresses (might be the same) which are lately made public so people can contact you about the domain. As it’s really easy to get them, spammers only have to get a list of domains and scan them for addresses.

Finally, one of the most used ones is just guessing or, we might say, bruteforcing. That is, try different addresses hoping they work. As it’s really cheap to send and e-mail they don’t lose almost anything for trying a really big number of addresses, even if most of them don’t work. You can find some examples of this in some of the spam received, when looking at the destination you find a lot of e-mail addresses very similar to yours.

There are other techniques not so widely in use, so these are the most important ones. From some of them we can protect ourselves, but there’s nothing we can do to protect from the other, so we have to simply trust other people to do it for us.

Zfone, encrypted VoIP (voice over ip)

Published by
madelman
March 21, 2006 in Medium, Privacy and Security. Comments

VoIP use is rising exponentially as it allows to call anyone in the world with almost no cost. Until now, VoIP has had one big problem, the lack of privacy. As the voice is sent in clear through the Internet it is exposed to be captured and analyzed, so your conversations might be recorded.

This takes us to the need for encryption. Luckily, our favorite guru Phil Zimmermann (one of the man who has done more things for expanding the use of encryption), the creator of PGP, has just released Zfone, a software that allows to encrypt any voice call done using SIP, an standard VoIP protocol.

If you have used PGP you will have seen that it’s a bit difficult to keep up with all the terms: PKI, key-management, public keys,… With Zfone you will not need this kind of technical expertise. You only install it and it works for you. The key exchange is done with the Diffie-Hellman algorithm which allows to share some private info through a public medium and it avoids men-in-the-middle attacks (typical of these algorithm) with the use of authentication strings which are short enough to be transmitted in the telephone conversation. This is a great idea and a really innovative way to make it easy for users to check the conversation is really secure.

The idea is to make this protocol an standard and integrate it in VoIP clients. By now, it works with any program you are currently using by capturing the data transmitted.

If you want to try you can download it for Linux and Mac and it will be released for Windows in mid-April. If you do so, remember this is beta software, so it might have some bugs and keep in mind this will only encrypt your calls if the other end also uses this software.

From | Error500.

E-mail security: types of undesired mail

Published by
madelman
March 20, 2006 in Beginner, Email and Security. Comments

We have already seen a brief discussion of how e-mails works both when we send it and when we receive it, so now it’s time to know which kind of undesired mail we can receive.

Spam: the classic and oldest type of undesired mail. In fact, any kind of e-mail sent massively and without the consent of the receiver is considered to be spam, but to distinguish them we usually call it spam when it’s some kind of advertising trying to sell legal or illegal products.

Phishing: this is a technique used to collect sensitive information from users, such as passwords or bank account details. E-mail of this type tries to disguise as legitimate mail but points to fake webservers where you are asked to enter the information.

Viruses: in old times viruses spread through floppy disks but with the rising of the use of e-mail creators have changed the distribution method and worms (as these kinds of viruses are known) are nowadays one of the most common type of virus.

Chain letters: these usually come from people we know, so it’s easier to trust them, but almost always contain false information. We can distinguish them because they try to expand some kind of rumour, such as non-deletable viruses, methods of obtaining free presents from some companies or threats of something bad happening to us if they are not forwarded to a specified quantity of people.

Trojans: similar to viruses but usually not send massively, only to an intended recipient as a method of gaining control of his computer or information stored in it.

There are some more kinds of undesired mail but these are the most important ones. We are going to have a look at each of them and discover how they work and how to avoid them.

Icons that you can’t delete from desktop

Published by
madelman
March 20, 2006 in Beginner and Security. Comments

Yesterday I had to repair a computer where there were some icons in the desktop which could not be deleted. Anything you did was useless, you could not righ-click on them or select and delete with the keyboard, so I knew that was malware trying to avoid being removed.

In a first try I installed Ad-Aware and SpyDefense, the usual anti-spyware software I use for cleaning most systems. But it seems this spyware was particularly malign and avoided deinstallation by rewriting itself to disk on reboot.

So I had to investigate a bit further and discovered that some people had some luck with OmegaKillerSM, a software specially designed to remove this kind of spyware. I downloaded it and followed the instructions in the page.

Luckily, the icons finally disappeared and have not been seen anymore. This programs does more than removing icons, it also removes browser hijacks (when your browser points to pages you don’t want to go or replaces search sites like Google for other which give you bogus results) and can remove some toolbars which get installed in Internet Explorer.

It also modifies the hosts file (don’t worry if you don’t understand this) so you can’t navigate to any of the domains which install this spyware, so you will be more protected in the future.

To get more protection, it’s best not to use Internet Explorer when browsing but use a more secure alternative like Firefox or Opera, and always keep them updated so they don’t have any security bugs.

E-mail security: how does e-mail work (II).

Published by
madelman
March 16, 2006 in Beginner, Email and Security. Comments

Once we know how an e-mail looks, the next step is see how it’s delivered from end to end. When the e-mail has written in the mail application (for example, Outlook of you are using Windows or simply Mail if you are using Mac OS X) it must be send to the destination, but this is usually a multistep process.

In first place, the mail application must use the SMTP (Simple Mail Transport Protocol) protocol to send the message to the server we are using. This server is assigned by our ISP and usually it’s name is smtp.ourisp.com or similar to this. We can see an example of the interchange of data in a tipical SMTP session (> represents data send by the server and < data send to the server):
Continue reading ‘E-mail security: how does e-mail work (II).’

E-mail security: how does e-mail work (I).

Published by
madelman
March 14, 2006 in Beginner, Email and Security. Comments

To be able to know how to protect our e-mail from all the threats it’s important to know how does it work. Let’s have a look at it from up to down.

In first place, what do you need to know to send an e-mail to someone? Of course, you need his e-mail direction, which is made of two parts, a username and a server, separate by the @ symbol. So if the username is john and the server is test.com the e-mail dir will be john@test.com. Reversing it, if your e-mail dir is joe@mailtest.com then the username is joe and the server is mailtest.com.

An e-mail is made of two different parts: a header and a body. The header is where data abou the e-mail itself is stored, as the sender, the destination, the date it was sent, the subject,… The body is where the text of the e-mail is stored and it can only contain plain text. If you are asking, then, how can you send files by e-mail, the answer is they are converted to text format first and appended to the body of the e-mail.

Continue reading ‘E-mail security: how does e-mail work (I).’

How to get a Hotmail password: 10 different methods

Published by
madelman
March 10, 2006 in Beginner, Passwords and Security. Comments

In the last days we have seen some different methods to get someone else’s password, whether it’s from Hotmail or from other e-mail providers. Although many people say it’s not really possible to get this passwords I can say that this methods work a great percentage of times.

Usually, the best method to get it is social engineering, and the other ones are used when this doesn’t work. I think it’s essential to know how this methods work, not for using them, as it’s illegal and unethical, but to protect ourselves from someone trying to use these on us.

So, let’s get a look at the list again and then we’ll talk about some methods which don’t really work:

It’s really easy to find documents in Internet which explain how to get a Hotmail password by sending an email to an automated password recovery service, with a combination of our username, the username we want to get the password AND they usually also say we must enter our password. This is only a trick used by some people to get YOUR password, not to recover the one you want. If you send one of these emails then someone will receive it and as it contains your username and your password he will be able to get into your account.

There are also some programs which promise to be able to recover someone’s password. These are also useless and probably dangerous, as they try to do the same as the “automated password recovery” and usually ask for your own password. Don’t fall on this trick.

So, to finish these series of posts, never trust any easy method to get someone’s password and remember to protect yourself and your password with a good security policy. In each post, I have explained some of the techniques to protect us, so apply them wisely.

Many of these techniques com from NNLNews, a security newsletter in spanish. Not that they invented them, but they did a good job of recopilation. I’d like to thank them for their work.

« Previous Entries
Next Entries »
Text Link Ads

About

Becoming paranoid is a weblog about computer security, privacy and staying safe online, specially dedicated to novices
If you want to know something more about us, visit our contact page.

If you enjoyed Becoming paranoid, you can have a look at the rest of our blogs:


Latest

RSS

Sponsored links


Search

Search in the Becoming paranoid Archive


Subscribe

Enter your email address:

Delivered by FeedBurner

Archives

Categories