• Technology

    Being secure is common sense

    Today the news is about Customers who paid by credit card at 51 UPS Store locations across 24 states in the USA are at risk of their credit card being syphoned by cybercriminals.  Last year end it was the turn of Target’s (large retailer) 98 million customers to have their card data stolen. These are not happening only in the faraway USA. In Chennai (India) too, city police gets hundreds of complaints every month on money being siphoned from their bank accounts. As the world becomes more and more connected, payment transactions moving from cash to digital, as individual consumers we too get inadvertently exposed to online security risks.  Common…

  • Microsoft

    Outlook phishing attack

    Today I got the above email in my Hotmail email ID with title reading “Unusual sign-in activity”. I haven’t been to South Africa but I thought some hacker might have been trying from there and I need to change my password immediately. I was about to click on the link, when this struck me. The big blue button on bottom which read “Re-Active Account” is grammatically wrong (spelling mistake for Re-Activate?), but rest of the email looked exactly like the email that comes from Microsoft. On mouse-over to the click-here text which showed a tiny.cc URL as seen above, it became obvious this email is not from Microsoft and is…

  • Economy

    Heartbleed–Internet Software should be polygamous

    The last few days the news has been all about the Heartbleed internet security vulnerability that may have helped hackers to access thousands of users passwords and security certificates from websites around the world. This is a serious issue that has affected Internet due to the fact that over two-thirds webservers (Apache and nginx) run the vulnerable version of OpenSSL. WSWS explains at the software level on how 5 lines of erroneous code by not including a memory bounds check has resulted in this bug. If you look into the list of websites, services and devices affected by this bug in OpenSSL, you will spot many popular Linux & FreeBSD…

  • Coding,  Flashback,  Microsoft

    How SQL Injection saved a day

    The incident happened more than a decade back, should be in 1998 or 99. At that time I was a consultant to a popular online news portal, I got a call from their CTO. Their Systems’ Engineer was sick and being hospitalized, they need to urgently update some code and no one in the office has their production SQL Server credentials (username and password). They had a password management system but that master password (or the paper notebook which had the password) was also with the Engineer who was bed-ridden and unreachable. He asked can I help?. I don’t do magic or I was good at guessing passwords, but I…

  • Coding,  Economy

    Beware of Indian Income Tax Spoof emails

    In the past I have seen many bogus emails claiming to be from US Income Tax (IRS) Department, most of those emails are poorly crafted and are immediate give-away for trained IT eyes like mine. These SPAM emails are sent by modern day crooks through Zombies to fish (phishing) your personal information like credit card or bank account passwords. Today I got an email claiming to be from Indian Income Tax department it looked so genuine at first site but for two sure easy give-aways. See the original email I got below. Two items in the above email raised my suspicion are: 1.Income Tax Department when they are able to…