Sunday, December 28, 2008

Planning a holiday the way you like it


December and January are my favourite months to ramble around Gujarat and Rajasthan. There are so many places to see, but how do you choose between what you like and what you dont? In the past, we were left to others' recommendations - be it the destination, sightseeing, accomodation and meals. A lot depended upon your preferences matching with those of your advisors. Visiting your destination, only to find out it wasn't what you expected, is disappointing. When breaks are few and far between, you want to maximise your enjoyment. That is where the Internet can help you get the most out of your winter break.

My favourite tools when it comes to planning a winter break are Flickr, Google Earth, Wikimapia and HostelWorld.

Begin with Flickr.com for choosing your destination. Flickr hosts the best collection of photographs taken by amateur photographers. Flickr's power lies within its search. Keyword searches such as "Kutch village" or "Gujarat fort" will quickly present photos that will help you narrow down destinations based on your liking. I like Flickr's date range search feature to see how my destination looks during the winter season. Even if you know your destination, Flickr can help find photos of your chosen hotel to see what you are paying for!

Next comes planning. Sadly in India, we do not have detailed printed maps of our states and towns. However, thanks to Google Maps, Google Earth and Wikimapia we have power that exceeds any printed map right at our fingertips. Google Maps and Google Earth are quickly indexing locations in India, but they still have a lot left to gather. If you are looking for a specific place or even a building or a landmark, Wikimapia is your best bet. Wikimapia.org is a community created layer on top of Google Maps where users can mark and identify places of their choice. Wikimapia, along with Google Maps is an invaluable aid in orienting yourself with your destination.

Lastly, for the shoestring wanderer, Hostelworld.com works better than any travel agent in finding affordable and unique accomodation. Here you can find budget hotels, campsites, guests houses, and accomodation with a rich local flavour such as old havelis and bungalows run by friendly hosts. Each property is ranked based on comments left behind by past guests. Have a good break and share your holiday tips with me at the Cyberwatch Blog.

Tuesday, December 16, 2008

A Date with Disaster


Last week I talked about being prepared for data disasters. Fate, it seems, is not without a twist of irony. Having returned from a short holiday, my camera's memory card was full of pictures and memories. They looked absolutely fine on the camera. Upon importing them into my computer, I was greeted by an error - "367 photos failed to import". Browsing the flash card directly showed a bunch of gibberish. Filenames were corrupted and directories were scrambled.

Digital storage media, be it a hard disk or a pen drive or a flash card, may suffer corruption. This is different than a physical failure, where the device stops responding entirely. Fortunately, it is easier to recover from corruption on digital media than in politics.

The first step would be to take your corrupted hard disk out of the computer and place it into an external USB casing, making it portable. Using a USB cable, connect your hard disk to a working computer. Do not attempt to read or write from the disk directly.

The second step is to use file recovery software. There are many available in the market for a high price, but none can beat PhotoRec in terms of success rate and price. PhotoRec uses what are called "file carving techniques" - to extract data block by block directly from the disk's sectors and piece it together. It can therefore look into disks which cannot be read by the system. The name is slightly misleading. PhotoRec was originally written for extracting image files, but works as well most types of files - documents, ZIP files, mailbox files and many more. PhotoRec is available at http://www.cgsecurity.org/wiki/PhotoRec.

Lastly, no PC troubleshooter should be without the Ultimate Boot CD (UBCD). As the name says, it is a collection of diagnostic and recovery tools, including PhotoRec. UBCD is available at http://www.ultimatebootcd.com/ and a Windows version at http://www.ubcd4win.com/

The price for all these fantastic tools? Free! And yes, I was able to recover 366 out of 367 lost photographs, thanks to PhotoRec. Read the Cyberwatch blog for my photo recovery adventure and a quick tutorial on using PhotoRec.

Thursday, December 11, 2008

Recovering files off corrupted disks

Not too long ago, I returned from a weekend trip with over 350 digital photos. I have no idea what went wrong, but after trying to import them, my photo application informed me that it failed to import 367 photos. Something went wrong with my card all of a sudden.

Looking at the directory indicated that the file system (directory structure and file information) was mangled. The camera failed to read the card either.


Now if your storage media, be it a hard disk or a flash card or a pen drive - anything that holds files, has not failed physically, you still have a chance of recovering your data. Physical failure would be when the media fails to be read or recognized entirely, sometimes accompanied by weird sounds in the case of hard disks. This wasn't the case for me. The problem was simply data corruption.

Data corruption may be localized to a few regions of the disk. When it scrambles certain important areas like the directory structure, you media may be apparently rendered useless because the system cannot find the file names and contents properly. This doesn't mean that the files themselves have been wiped out. The data from the files is most likely sitting there. All we need is a program to pick out data block by block and piece it together.

The best software I've seen for this job is PhotoRec from Christophe Grenier. PhotoRec works on all platforms - Windows, Linux, Mac OS X and a few more. PhotoRec isn't limited to recovering just photograps. It can recognize and recover dozens of different types of files, including ZIP archives, office documents and much more.

PhotoRec uses file carving techniques to reconstruct data by looking at blocks directly, bypassing the media's directory structure entirely. And PhotoRec has a very high rate of success! The only drawback of PhotoRec is that it is a text based program, without a fancy graphical user interface. However, the fact that PhotoRec is free more than makes up for this drawback.

The following screenshots show you how I recovered 366 out of 367 photographs from my date with disaster. Click on each screenshot to get a detailed view.

Step 1: Choose your disk. Here, I have selected my 2GB Compact Flash card:


Step 2: Tell PhotoRec how the media was partitioned. In most cases, it will be either an Intel/PC partition, or None.


Step 3: PhotoRec will now try and show you various volumes contained in the partition. I usually select the whole disk. You may get a few extra files left over from previous usage, but no harm in recovering them and deleting them later if not needed.


Step 4: Tell PhotoRec how the media was formatted. Again, in most cases, it will be "Other", for FAT and NTFS file systems.


Step 5: Select the directory you want for storing the recovered files. PhotoRec will create a "recup" folder within that directory for storing all the files it can recover.


Now sit back and keep an eye on the number of files recovered! Hopefully you'll get all your data back.


At the end of the process, here's how my recup folder looked like, with almost all my photos recovered.


The one lost photo is a reminder of how I almost suffered a huge data disaster, but was luckily able to recover from it!

Another tutorial on using PhotoRec is available here.

Wednesday, December 3, 2008

Painless backups - your insurance against disaster


If you have used a computer for more than 5 years, you would have surely encountered the dreaded "Hard Disk Failure". Years of data is suddenly rendered inaccessible. The hard disk has nothing but strange noises to offer you. That is when panic turns into despair.

Unfortunately, most of users I know still sleep in a loaded cannon. The problem isn't laziness - it is the fact that backups are cumbersome. In 2005, I would agreed with you. One had to choose the data to be backed up, burn it meticulously on a set of CDs, label it and store it well. A 20GB backup would involve around 30 CDs. Restoration after a lost hard disk involved re-installing the operating system, applications, and finally copying the data from CDs one by one.

This article is the result of my quest for a painless backup. The first thing to do is buy an external USB hard disk, with the same capacity as the one in your computer. A 160GB portable USB hard disk costs approximately Rs. 4000 and is worth the investment. Next, you need to figure out what to backup. Rather than worry about selecting what to backup, I prefer to backup my entire system at one go, on a daily basis. And I like to have it done automatically. All I have to do is leave the portable hard disk plugged in when I am at my desk. In the event of a disaster, I would lose not more than a day's worth of work. Most portable hard disks come with backup software, which I find cumbersome and ugly.

My choice is a free and easy to use product called Macrium Reflect. There are three reasons for this - (a) one shot backup of the entire system, (b) backups run in the background, governed by a schedule and (c) it creates a rescue CD to be used when disaster strikes. A detailed review and a tutorial can be found on http://blog.cyberwatch.in/. If you are a Macintosh user, there's nothing better than Mac OS X's built-in "Time Machine".

So, if you haven't had a date with disaster yet, consider yourself lucky and take a backup at the first opportunity. And continue doing so regularly! The investment is worth the peace of mind when disaster strikes.

Sunday, November 30, 2008

Easy to use Backup software


I have been on the quest for the perfect backup software since many months. It was only last month that I chanced upon the ideal solution for Windows. Here is what I was looking for:

Backup my entire hard disk at one shot. I do not want to spend time selecting what to backup and what not. Portable USB hard drives are cheap enough that I can afford having an external hard drive of the same capacity as my laptop's hard drive. I would rather keep a complete backup of everything.

One step restore. In the event of a hard disk failure, I want the software to restore everything to the exact state at the time of backing up. I do not want to be bothered to reload the operating system, install the programs again, and then copy the data over. That's so 2005.

Automatically scheduled backups. I do not want to invoke the backup program manually. The backup should start automatically, in the background. All I need to do is leave my external hard disk plugged in when I am sitting on my desk, and I can assure that a backup shall be taken at some point.

Free. I do not want to pay for such software!

A few more thoughts on the how's and why's of backups can be found on www.howtohaven.com

Is it too much to ask for? Apparently not. After much research, I found four excellent backup utilities - namely IdleBackup, Cobian Backup, DriveImage XML and Macrium Reflect. My vote as the best software goes to Macrium Reflect. For quick and simple backups of data only, the winner is IdleBackup.

Macrium Reflect is one such tool that does exactly this! Reflect is a free download for home users running Windows XP or Vista, and uses Microsoft's Volume Shadow Copy service to ensure smooth, accurate and background backups.

Reflect can perform full and incremental backups of entire partitions at a single go. Backups can be browsed through using Windows Explorer, and individual files can be located within backups quite easily, without using extra software. If you have lost just one file, you can easily fish it out of a backup set rather than having to restore the whole volume back again. Scheduling backups is also quite easy with Reflect. Power users have the ability to use Windows' VBScript to invoke Reflect in a completely automated manner.

In my opinion, the biggest advantage of Reflect was its ability to create a bootable Rescue CD, which is a Linux CD with Reflect's restore software put on it. You need to create the rescue CD once, and store it away safely. In the event of a hard disk failure, the steps for restoration are very easy - (a) install a new hard disk in your computer, (b) connect the external hard disk containing the backup and (c) boot with the rescue CD. Reflect does the rest, through easy to understand prompts.

An excellent tutorial for Macrium Reflect can be found on www.tipsfor.us heavily illustrated with screenshots.

Lastly, I must confess that I am using a Mac since many years. Mac OS X 10.5 (Leopard) comes built in with the most amazing backup software I have seen - Time Machine. I wish every operating system came with an easy backup and restore solution such as Time Machine!

Saturday, November 29, 2008

Two specialized backup tools


As an extension to my article on easy to use backup software, I wanted to write about two backup utilities which deserve an honourable mention.

The first utility is KLS Mail Backup, which does exactly that. A simple easy to use backup mechanism for your emails saved on your computer. It can backup and restore emails and profiles for Microsoft Outlook Express, Windows Mail, and my favourite - Mozilla Thunderbird.

KLS Mail Backup is not to be confused with KLS's main product - KLS Backup. KLS Backup is a complicated backup software which allows you to do "everything", sadly at the cost of simplicity.

The second utility is DriverBackup2 - a lovely thoughtful free utility to backup all your Windows drivers installed on your computer. The biggest pain in re-installing a Windows system is to apply all the drivers again. There are display drivers, network drivers, sound card drivers, and what not. Finding the drivers from various CDs or downloading them from the Internet can be a royal hassle. DriverBackup2 takes a backup of all your installed drivers in one shot, and can restore them just as easily.

Here's an article with more information on DriverBackup2.

And remember, disasters do strike. To be forewarned is to be forearmed. You know the tools already now.

Friday, November 21, 2008

Protecting your kids online


The Internet has brought its fair share of malaises in today's society. It is hard for us to imagine what kind of information will the next generation be stumbling upon the Internet. In this article, I shall discuss a simple and effective method to help you restrict Internet usage to more enriching and productive sites and prevent your children from accessing unsuitable content or waste time on social networking sites. However, in today's age of unrestricted and excessive information it is impossible to just rely on restrictions.

There are two points that parents need to think about regarding Internet use for children. The first is to outline what is not appropriate - unrestricted access to dating sites, emails from strangers, chatting for hours at end, adult oriented content and more. There are many products in the market for restricting Internet access. The best solution, however, is a free service provided by OpenDNS.

DNS, or Domain Name System, is one of the fundamental services on the Internet. DNS is used to translate symbolic names such as www.google.com to numeric IP addresses such as 209.85.153.104. OpenDNS goes a step beyond simple name to number translation. It categorizes websites based on their contents such as adult oriented sites, chat sites, dating sites, hate crimes, weapons, gambling and more. OpenDNS can be used by one and all to restrict which categories of sites are allowed or restricted. Over 10,000 schools in the U.S. use OpenDNS on their computers.

OpenDNS is easy to set up and use. All you need is a free OpenDNS account and a few changes to your network settings. A detailed tutorial on how to set up OpenDNS can be found on the Cyberwatch blog at http://blog.cyberwatch.in. I urge both parents and schools to invest some time and set up OpenDNS.

The second point is to chart out fruitful and productive use of the Internet for children. Let the Internet be a resource in nurturing good, sound hobbies - something more than voting dancers and singers off TV shows. Nurture enduring hobbies like collecting stamps and coins, model trains and aircraft, origami. Give children something productive to occupy their minds with and you won't have to worry about them falling into the dark side of the Internet.

Sunday, October 5, 2008

A cleaner Internet experience with OpenDNS


OpenDNS is a wonderful (and free) service which can be used to regulate Internet access and restrict viewing of certain types of sites.

One of the fundamental services on the Internet is the Domain Name Service, or DNS. DNS is used to translate symbolic names such as www.google.com to numeric IP addresses such as 209.85.153.104.

OpenDNS provides a free DNS service, with the ability to restrict resolution of certain types of sites, such as adult oriented content, gambling, alcohol, hate crimes, etc.

A good introduction to OpenDNS can be found from the link below:

http://www.top-windows-tutorials.com/OpenDNS.html


Next, you need to set up OpenDNS. It involves few simple steps.

The following excellent video based tutorials will show you exactly what you need to do:

Part 1 - Setting up OpenDNS for Windows XP
Part 2 - Install the OpenDNS Updater
Part 3 - Using OpenDNS to filter sites

Another good tutorial can be found on HowToGeek.

Tuesday, September 23, 2008

Growing up in an Online World


I feel old when I say "Back in my day, we didn't have Internet until University." Twelve years ago I never wondered about problems faced going to school in an online world. It is an understatement to say that as a society, we are ill-equipped to shield future generations from online perils.

The Internet has become a part of today's schooling. And it is a thing of status when I hear "My child is learning (sic) the Internet" or "Our school provides better education because we use the Internet". But do parents and schools have any idea how to protect children on the Internet?

I have been asked by many parents about this issue. Most believe that some magic software exists which can be installed and used to protect their kids online. If only it were that easy. Technology can help, but not without proper handling from the parents' part. This week, I present some safe Internet usage guidelines for parents.

Internet time is "together time". Parents, please spend time with children when surfing the Internet. The Internet should not be viewed as a means for children to keep themselves entertained on their own. A guided Internet session together is both safe and rewarding. There are plenty of good learning resources out there, my favourites being Wikipedia and Google Earth.

Place the computer in a common area such as your living room. It is easy for family members to keep an eye on Internet usage.

Set up kids' e-mail accounts yourself. Login first, screen e-mails for undesirable content and then let your kids read and reply to e-mails.

Discourage Social networking, Instant Messaging and chat. It only wastes time. I recommend e-mail instead of IM. Social networking sites like Orkut, Facebook, etc. rarely contribute to any learning or productivity.

Justify and limit Internet time. Internet use should be viewed as a privilege, not as a right. Before getting online, plan what information needs to be sought. Finish up swiftly and log off.

More thoughts and tips can be found here. Next week, I shall discuss some simple technology solutions to help both parents and schools bring a safer and more productive Internet experience to children.

Lastly, the Internet isn't always the best source. Is there a better resource for teaching history than Amar Chitra Katha comics?

Note: This article is mainly intended for audiences in India.

Parenting on the Internet


Society has failed to keep up with the advances in technology. Any new technology, when introduced, has both a positive and a negative impact on society. The state of the Internet today is both productive and poisonous when it comes to growing up in an online world.

Most parents look for a technological panacea for shielding their kids from the perils of the Internet. I hate to say this, but technology alone can't help us here.

Parents seriously need to re-evaluate ways of bringing up their children in the presence of the Internet. The Internet definitely helps when it comes to learning. I, for one, haven't seen a better geography teacher than Google Earth! But not everything is roses on the Internet. Here are a set of articles which I feel are a must for all parents concerned about their kids on the Internet.

Keeping Kids Safe Online - going beyond filter software to keep kids safe online.

Recommended Ages for Computer and Online time - some basic guidelines on appropriate interaction online for various ages.

Is your child ready to go online? An excellent article from www.protectkids.com

And from the same website, two more must-reads:

Instant messaging and Chat tips

Important tips for Parents only

Hope this helps!

Wednesday, September 17, 2008

The Annoyance of Internet Advertising


The Internet is cluttered with advertisements. Banner ads are on your web mail, news sites, blogs, fun sites, everywhere. Advertising helps Internet companies subsidise its services. Every "free" service on the Internet - email, blogs, news, e-magazines, discussion groups, and many others - stays free thanks to online advertisements. And companies like Google's revenue comes almost entirely from advertisements. Google is not a search engine, but the most advanced advertising machine in the world.

However, the interactive nature of the Internet, combined with a deeper knowledge of the web has made online advertisements intrusive, aggressive and annoying.

If you watched the 2007 Cricket World Cup on TV, you have an idea of annoyance by advertising. Today's Internet advertisements are far worse. Banner ads take up more than half the readable space on some websites. Then there are pop-ups and ads that expand automatically and cover your whole screen. There are ads that start playing music, or distracting animation. The list goes on.

As if annoyance was not enough, Internet advertisements also infringe upon your privacy. Advertisers are able to track your behaviour and learn more about your preferences. It is like a billboard on the street that can keep a track of all its viewers, the make and model of car they were driving, where they came from and what places they have been to. Marketers track your browsing habits, searches, attention span and interest through banner ads.

Advertising may keep the Internet free, and may make Google its billions, but for end users it has become a bit of a nuisance. You may not be able to tear down all billboards or zap all advertisements from your TV channels, but you can eliminate a vast majority of advertisements from the Internet.

A few weeks ago, I wrote about switching from Internet Explorer to Firefox 3.0. One of the reasons of Firefox's popularity is its add-ons, or extensions, that enhance your browsing - something that Internet Explorer doesn't have. My favourite extension is AdBlock. AdBlock scrubs a vast majority of annoying advertisements from the web, while leaving some simple, less intrusive ads in place. AdBlock gets updated regularly and is quite successful in eliminating over 90% of website clutter.

A detailed comparison of websites viewed with and without AdBlock can be found here. There you can also find links to download AdBlock and try it yourself. I recommend you should!

Monday, September 15, 2008

AdBlock for Firefox

One of my most loved Firefox extensions is AdBlock. It helps keep the web free of ad-clutter and delivers content without being overcrowded by advertising.

Here are two before-and-after examples:

Example 1: moneycontrol.com

[click to enlarge]

One can hardly see any content without scrolling down and hunting for it. moneycontrol.com's news page contains a banner ad, a sidebar ad and a flash banner in the middle.

And here's how moneycontrol.com looks with AdBlock.

[click to enlarge]

Much better, don't you think?

Example 2: rediff.com

[click to enlarge]

rediff.com has really annoying pop-ups which you have to click off first, and then get to the content, which is heavily garnished with banner ads.

[click to enlarge]

AdBlock cleans up rediff.com's article page, making it actually readable, and Firefox blocks the annoying pop-up. Convinced?

Installing AdBlock

AdBlock is available at https://addons.mozilla.org/en-US/firefox/addon/10

I recommend you also install its companion AdBlock Filterset.G Updater, which automatically updates its ad blocking list. The updater is available at https://addons.mozilla.org/en-US/firefox/addon/1136

Here's a nice guide on how (and why) to install Firefox extensions.

Still don't have Firefox? Get it at once from http://getfirefox.com/

Thursday, September 11, 2008

Keep your inbox junk free


Junk e-mail has become an important part of the digital economy. Once any profit making operation starts, it never stops. We shall never be completely rid of spam e-mail, but that doesn't mean we have to be buried under it. Fighting junk e-mail is an ongoing battle. This week I bring you some tips and thoughts for dealing with junk e-mail.

Choice of e-mail account. I have observed that large e-mail providers like GMail and Yahoo fare better at filtering spam than others. There's no magic technology there. A junk filter's success depends on it being able to analyse large volumes of e-mail, detecting common content being sent to multiple users. Being popular, GMail and Yahoo see many copies of the same junk mail delivered to its recipients. Selecting the most common e-mails by volume straightaway filters the junk. Smaller providers don't see as much volume coming in. GMail offers free mail download services (POP3 and IMAP) for those like me who prefer downloading their e-mail instead of reading it online.

Website hosting providers. If you have your own website or hosted e-mail account, make sure your service offers good spam filtering. I recommend Google Apps for personal websites and small businesses.

Weekly review of your Junk folder. Spammers keep finding methods to beat the filters, and in turn filters try and get smarter. For any junk filtering mechanism to work well, it needs to be corrected from time to time. Even with the best of junk filtering, I lose around 5 e-mails every week. I have to regularly fish them out of my junk folder and tell the mail service that those were not spam.

Do not give your e-mail address out frivolously. Maintain a second e-mail account for all non-work related services that require mandatory e-mail sign-ups.

Please do not forward chain e-mails. Chain e-mails are hoaxes. Letters such as Microsoft and AOL donating one cent per e-mail header for children dying of cancer, stories of someone's kidneys removed after being lured away from a party, or Ganesha and Saturn bringing good luck for seven forwards, are all untrue. Apart from wasting bandwidth and your friends' productivity, chain e-mails provide an excellent source of e-mail address lists for junk mail and telemarketing.

Further insights into battling spam, background on spammers and more can be found on the Cyberwatch blog at http://blog.cyberwatch.in.

Monday, September 8, 2008

The Junk in your Inbox


E-mail has the distinction of being the most used service on the Internet. More than a 100 billion e-mails are sent every day. Unfortunately, only 3 out of a 100 e-mails are legitimate. Unsolicited Bulk E-mail, Spam or Junk Mail has risen sharply since 2003, thanks to home broadband connectivity becoming affordable worldwide. In 2003, junk e-mails accounted for 50% of all e-mails sent. The end of this year shall see this figure at 98%.

It may astonish you that 80% of all junk e-mail sent comes from less than 200 individuals on this planet. "Spam lords", operating vast networks of compromised computers, are the new cyber mafia. There's money to be made in this digital eco-system. The spammers get paid for every 1000 e-mails sent. Human nature ensures at least 1 victim for every 100 recipients. What do the victims fall for? Dubious pharmaceuticals, imitation watches, stock scams, fake university degrees, immigration and job offers, military officials and widows in Africa who have a few million dollars to share with you, and many more. Junk e-mail is also the weapon of choice for fraud - in delivering "phishing" attacks. And things don't stop at scams and phishing. The spam lords need to grow their "botnets" - our computers, infected with viruses, that they control to pump out e-mails. From time to time, junk e-mail may offer you free software to clean viruses, e-greetings, and games.

It is an amazing eco-system. Virus writers, scammers, spam lords and fraudsters form a sordid symbiosis. And they thrive because of our greed and gullibility. Spamhaus.org maintains the ROKSO (Registry of Known Spam Operations) database which tracks spam lords. August 2008 lists 117 spam lords, 4 of which are in India with "Herbal King" at the #1 spot in the top 10 worst spammers list. VSNL International and Reliance Globalcom, along with Verizon, Sprint, France Telecom and China's Hi-Net feature as top 10 negligent ISPs when it comes to spam control.

We need to be educated about the dark side of the digital economy. I urge you to read the post "Spam - Motives, Origins and Statistics" which has details about spam lords, shady domain registrars, errant ISPs, spam contents, and more.

How do we deal with the menace of junk e-mails? Stay tuned for the next Cyberwatch. In the meantime, if you receive an e-mail that sounds too good to be true, it most probably isn't.

Monday, September 1, 2008

Spam - Motives, Origins and Statistics

97% of all e-mails sent are junk e-mails. This astonishing figure is an indicator of the sheer waste of productivity inflicted on all Internet users. Here are some interesting statistics about Junk e-mail, also known as Unsolicited Bulk Email (UBE), commonly referred to as "spam".

SpamUnit has two excellent articles on the history of spam and present trends. From an end user's perspective, an average email address attracts 400 spam e-mails a day.

Sophos states that "Only one in 28 emails legitimate".

Spam contents, delivery and statistics are tracked and updated in near real-time by Marshal and Barracuda. See Barracuda's report on Worldwide email threat activity and Marshal's Spam Statistics.

Here's Marshal's chart on various types of Spam, as of August 2008.

And dont miss Spamhaus's reports on the worst networks, spammers and countries are below, updated monthly.
The 10 worst spam service ISPs.
The 10 worst spammers.
The 10 worst spam origin countries.

Terry Zink's Anti Spam Blog features excellent information and research and is up to date with the latest trends. His article on "How much do spammers actually make" breaks down the expenses and income for an average spam week:

Spam Sent 40 million
Click through ratio 0.12%
Total Click-throughs 48,000
Click-through-to-sales ratio 1/200
Total sales 240
Total sales revenue $37,440.00
Spammer Commission rate 50% (Gah!)
Total spammer income $18,720.00
Weekly costs
Bulletproof hosting $230
4 days of botnet access $6800
Email addresses $4000
Total Costs $11,030
Net Profit $7690

A net profit of $7690 per week sounds very lucrative!

Saturday, August 30, 2008

The Internet Never Forgets

"Three may keep a secret if two of them are dead". And the Internet is the last place you want to use to keep a secret.

The Beijing Olympics 2008 came to a close last week. Sports are being laced with an increasing amount of controversies every year, and the Beijing Olympics 2008 was no exception. Many officials doubted the age of the Chinese women's gymnastics team. And a sleuth by the nickname of "Stryde Hax" went to work digging up the Internet for clues.

On August 19, Mike Walker published a blog post under the name of Stryde Hax showing evidence unearthed from the Internet that China had attempted to falsify the ages of two female gymnasts. There were others before Mike who had also followed the same route. The first of such Internet evidence was referenced in the New York Times on July 27th, almost two weeks before the opening ceremony. The Huffington Post carried an article on August 14th detailing thoroughly how evidence from the Internet was uncovered.

Mike Walker, the New York Times, The Huffington Post, all followed a simple approach - let us search the Internet for Chinese sports records documents. Surely these gymnasts would have certainly participated in local and national competitions. Press coverage and sports records would indicate their age. All it took was knowing some advanced search options, proper keywords and some online translation from Chinese to English. Search engines like Google and Baidu (the most popular Chinese search engine) yielded links to documents belonging to the Sports Authority of China and some other press coverage on local and national sporting events. Not surprisingly, many of these documents were removed from their original web sites and news stories had been modified where the age was changed from 14 to 16, but the Internet never forgets. Cached copies of these documents existed in many search engines. Projects such as The Internet Archive keep a copy of almost all web pages since 1996! And sure enough, these documents turned up in caches and archives all over.

On August 21st, the IOC announced that a formal investigation has been initiated into this matter.

Links to detailed analysis of how it was done, along with the original documents, can be found on the CyberWatch blog - see article Beijing Olympics Controversy.

Lastly, I would like to sensitize every Internet user about their privacy. Be careful of what you upload to sites on the Internet. You will never be able to get rid of it again, it is "remembered" forever.

Published: Times of India, Ahmedabad, 27-Aug-08

Tuesday, August 26, 2008

Beijing Olympics Controversy

The role of the Internet is vital in any global event. Live coverage, news, videos, blogs, buzz, marketing, advertising - the Internet brought the Beijing Olympics 2008 to a fast paced world, on the move. Interestingly, the Internet also played a role in uncovering evidence to what may be one of the greatest scandals in Olympic history.

It had been rumoured that the Chinese women's gymnastics team members were below the mandatory age limit for competition. Digging around the Internet yielded some incredible results. Read on!

27 July 2008: Records Say Chinese Gymnasts May Be Under Age, NYTimes

14 August 2008: Scandal of the Ages: Documents Reveal Underage Chinese Gymnast, Huffington Post

14 August 2008: CHINA BUSTED Scrubbing Internet of Articles That Show Gymnasts Are Too Young

19 August 2008: Hack the Olympics - blog post by Stryde Hax

21 August 2008: IOC orders probe over China’s He Kexin’s age, Yahoo Sports

Documents archive:

www.sport.gov.cn on The Internet Archive
Translated version in English
Original Excel spreadsheet (in Chinese) mirror
PDF version of the spreadsheet (in Chinese)

Chinese scrubbing at work:

People's Daily Online, China declaring He Kexin as a 14 year old on May 23 2008
The same article altered on China Daily showing Kexin's age as 16
Google cache of China Daily originally showing Kexin's age as 14
China.org showing the altered version of Kexin's age being 16

Uncovering clues from the Internet:

J0hnny Long's site - The Google Hacking Database

What happens next? Who knows!

Friday, August 1, 2008

The Firefox bus

Kalyan Varma found an interesting bus on the Indian roads. Shows how popular the best browser in the world has become!




More pictures on http://kalyan.livejournal.com/204212.html

Monday, July 28, 2008

Firefox 3.0 - A better browser for the Internet

The browser is your window to the World Wide Web. Back in 1995, an Internet user needed different programs to use services like e-mail, file transfer, directory search, etc. Now, almost everything happens through the browser. The early days of the Web saw Netscape Navigator as the reigning browser. By the late 90's Microsoft Internet Explorer (IE), captured over 90% of the users simply because it was bundled with Windows.

Today another browser is winning the hearts of users worldwide - Firefox. Firefox started in 2004 with a simple objective; provide users with a speedier and secure Internet experience while adhering to standards. It was lean and easy to use. It did not suffer from Internet Explorer's security vulnerabilities. And it was free. Its goal was to recapture the Web from the clutches of IE.

Firefox 3.0 was released on June 17, 2008. It set a Guinness World Record for the most downloaded software in 24 hours - 8 million downloads! Today, IE's user share has slipped to around 60%.

What makes Firefox 3.0 so popular?

a) Performance. Firefox clocks 9.3 times faster than IE 7 and consumes one-third as much memory.

b) Security. Internet Explorer is deeply integrated inside Windows. Any security hole greatly compromises the system. Malicious software has taken advantage of this for years, forcing toolbars and spyware down your throat through IE. Firefox offers excellent protection against phishing and malware, in a manner easily understood by users.

c) Standards. The browser wars between Netscape and Microsoft caused a large deviation from WWW standards. Each wanted to capture the Web for itself. Firefox brought the standards back. Websites that only worked with IE are now adopting better coding standards and play nicely with other browsers.

d) Add-ons. Firefox has hundreds of "add-ons" that enhance user experience. There are add-ons for blogs, search, email, news, social networks and many more. My favourite is one that blocks those annoying advertisements on websites! More on ad-blocking in the next CyberWatch.

e) Better search, history and bookmarks. This is where Firefox has simply out-innovated IE. Smart bookmarks automatically remember your favourite websites. Google search and RSS feeds are also built-in.

The top 10 list of Firefox features covers these in more detail.

The "Field Guide to Firefox 3" covers all its features. Need I say more to encourage all readers to make the move to Firefox 3.0? Head over to http://getfirefox.com and enjoy a better Internet experience!

Published: Times of India, Ahmedabad, 5-Aug-08

Is anyone using your wireless network?


2008 witnessed a huge growth in the number of "Wi-fi" wireless networks and laptops in India. Wi-fi and laptops enjoy a symbiotic relationship. Wi-fi has made the laptop truly portable, bringing it the network without any wires. And thanks to a growing number of laptop toters, many businesses like hotels, coffee shops, bookstores and others offer Wi-fi Internet access to attract them.

Broadband Internet service has catalysed the growth of Wi-fi. BSNL and Airtel offer Wi-fi enabled DSL routers. Wi-fi technology is mature, standardized under what are called "IEEE 802.11" standards, and as a result cheap. Wi-fi routers are available for as low as Rs. 4000. All laptops have Wi-fi networking built in. Getting connected to a wireless network takes less than two minutes.

But wait, aren't we forgetting something? Your neighbour can also connect to your wireless network in less than two minutes! Is your wireless network secure? Last week's TOI article on war driving (http://tinyurl.com/toi16july) drew your attention to the dangers of insecure wireless networks. In 2005, U.S. garment retailer T.J.Maxx suffered the largest transaction theft in history thanks to an insecure wireless network in one of its stores. The damage exceeded USD 500 million and affected 100 million customer accounts. More details on http://tinyurl.com/tjxbreach.

During my interview with TOI on "war driving", I was asked: "Is Wi-fi always insecure?". Certainly not. Wireless networks can be secured with a few easy steps. However, it is the owners' responsibility to lock their "wireless doors". If you own a Wi-fi router or modem, follow these two steps to protect against cyber trespassers.

1. Enable Wi-fi encryption. Every wireless router supports encrypted communication. It is called Wi-fi Protected Access (WPA). WPA encrypts all communication on the wireless network. Only those with a valid WPA key can access your network.

2. Set up your WPA keys. A WPA key is like a password. Share it with those whom you want to allow on your network, just as you share house keys among family members. All laptops need to supply this key when connecting to your wireless network for the first time. The key is saved in the laptop's settings and used automatically when needed. And remember my advice for choosing good passwords!

Two excellent tutorials can be found at: http://tinyurl.com/wifisecurity1 and http://tinyurl.com/wifisecurity2. Owners of a BSNL Wi-fi modem can find help at http://tinyurl.com/bsnlwifi.

Published: Times of India, Ahmedabad, 26-Jul-08

Monday, July 14, 2008

The new iPhone is here!


11 July 2008 was a big day for Apple. It marked two milestones for what may become the most coveted gadget of 2008 - the iPhone 3G. iPhone 3G created such a bang that Apple's e-commerce servers worldwide were overwhelmed over the weekend. Apart from the new phone, Apple also released new "iPhone 2.0" software.

iPhone has not officially arrived in India, but many "early adopters" are toting the sleek device in their pockets. iPhone 1 had to be "jailbroken" - unlocked via some clever hacking - to be freed from AT&T's shackles.

What's new in iPhone 3G? Two notable improvements - 3G high speed mobile service and built-in GPS. Other than that, all improvements lie in the new - the "iPhone 2.0" platform.

The biggest software improvements are:

1. Push email with Microsoft Exchange. Blackberry, you have competition! Microsoft Exchange, the preferred corporate email server can now "push" corporate email to iPhone users.

2. MobileMe. Apple's new personal services for push email, contact synchronization, calendar sharing and more - "Everything up to date, anywhere you are".

3. The App Store. A few months ago, Apple opened up the iPhone to software developers worldwide, ushering in the next generation of mobile applications. iPhone users can download free and paid applications from the App Store. The top 10 free apps are at: http://tinyurl.com/free-iphone-apps

4. Location sensitive applications. Finding a restaurant nearby or looking up public transport schedules is now a snap. Coupled with services like Google Maps, location sensitive applications will become a big hit. And you cannot get lost!

The best part about "iPhone 2.0" is that it runs on all existing iPhones! Some clever people managed to unlock iPhone 2.0 within two hours of its release! Many still prefer to stick to their old iPhones with the new 2.0 software, as mentioned in http://tinyurl.com/iphone2-review

iPhone 3G shall arrive in India before the end of 2008 and may cost only half as much as its predecessor. However, beware of the hidden costs. Be prepared to surrender to multi-year contracts, exorbitant data rates and a myriad of hidden charges. Vodafone is charging Rs. 3 per SMS to pre-register for the iPhone 3G! Given today's EDGE data rates (10p for 10KB), it would cost Rs. 120 to browse today's TOI e-paper!

All said and done, I still prefer the simplicity of my "primitive" Nokia 3500c over anything else! Life is cluttered enough already.

More about iPhone 2.0 and 3G on:
http://tinyurl.com/iphone2-lifehacker
http://tinyurl.com/iphone3g-engadget
http://tinyurl.com/iphone3g-pcworld

Published: Times of India, Ahmedabad, 15-Jul-08

Monday, July 7, 2008

Passwords - the keys to your electronic kingdom


One fine day, my wife could not access her Yahoo email. It simply kept saying, "Invalid ID or password". She was working on a book and all her work was locked out. Panic set in. Even being married to a hacker didn't help. We were lucky to have recovered her account with great difficulty.

Someone had simply guessed her password, logged in and changed it. Through her email, they had access to most of her services: e-banking, frequent flyer account, social networks, and more. They could have opened an e-statement and requested for a password change to be emailed back.

The impact of a single password being compromised in today's digital age is tremendous. Until new identification technologies are standardised, the only thing that protects your electronic assets is your password.

How do you ensure your password's security? First, pick a complex password. Second, follow proper password handling practices. Password complexity involves the following:

1. Password length. Adding a single character increases password complexity exponentially. The minimum length is 8 characters.

2. Characters. Use a mix of upper and lower case alphabet, numbers and special symbols. A password of 8 alphabets can be guessed in 2 days. Adding numbers and symbols increases the duration to 2 centuries. Substitute numbers and symbols for certain letters, such as "1" for "i", "$" for "S", "@" for "a", etc.

3. Randomness. Your password should be cryptic. Names, dictionary words, birthdates, number plates, phone numbers, etc. make poor passwords. Choose a phrase and pick its first letters. Or choose two words and combine them with a symbol. Examples: "2B/not2B!" (To be or not to be), "Cy8er+W@tch" (Cyber Watch).

Measure your password's strength at http://www.passwordmeter.com.

Lastly, let me discuss four vital password handling procedures.

1. Two is better than one. I use a very strong password for my work email, e-banking, etc. and another one for all other services.

2. Change your password periodically. Passwords have an expiry date - the time taken by a fast computer to guess them. Businesses require employees to change passwords every month, but I would relax the limit to 6 months or a year for home users.

3. Never write down your password. Passwords should only stay in your head.

4. Do not let websites "save your password on your computer". It becomes easy for malicious software to grab them.

Guard your electronic keys well!

P.S. Speaking of passwords, check out this poster I found at one of Net-Square's client's offices.

Published: Times of India, Ahmedabad, 9-Jul-08

Sunday, July 6, 2008

How to handle your passwords

Here's a simple poster that explains it all!

Passwords are like gumballs...
  • Best when new
  • Shouldn't be shared with others
  • Problematic when not handled correctly
  • Shouldn't be found sticking around in public places


Monday, June 30, 2008

Don't be phooled by phishing

I got an email on Friday which went: "From HSBC. Dear Sir, We have detected fraudulent charges on your credit card. Please verify your account information by clicking the following link." Looks familiar? This was one of a thousand "phishing" scams going on as you read this article.

Phishing, a deliberate twist on "fishing", is a very simple scam. Scammers throw out a net, using email, luring as many fish as they can. Those who fall for it soon become victims of fraud.

How does phishing work? An email is sent stating account suspension, fraudulent charges, scheduled maintenance or even refunded charges - anything to warrant your attention. You are requested to "verify your account" by clicking a website link in the email. The website is fake, dressed up identically as an e-banking website. You naively submit your account number, password, birthdate, security code, etc. and the site says "Your account is verified". You have just been caught. In seconds, your account information will be traded for cash through underground Internet channels.

Last year, almost 30,000 phishing incidents were reported every month! Phishing websites last for a day or two, enough to ensnare millions. Most emails target financial organizations. A few target eBay, PayPal and Google AdSense. Others offer free software - screen savers, smiley icons, e-greetings, which installs viruses that monitor every keystroke.

Phishing is a psychological attack. It succeeds because we trust electronic media without verification. Here are some simple tips on how not to get phished:

1. Do not click on website links in emails. If unsure, call your bank or card company about what the email says.

2. Phishing is not limited to just email. Voice phishing, via phone calls, is on the rise. If you receive a call asking for account information, get the caller's name first and ask for a toll-free number to call back.

3. If you are adventurous, deliberately fill in bogus account information in such websites. If it is accepted, you know you have interacted with a phishing site!

4. Do not rely entirely on anti-phishing browser toolbars. They work for a majority of phishing sites, but newer sites slip through.

5. Certain email providers, such as Gmail, issue phishing warnings. Verify if your email provider offers such services.

Lastly, stay well informed. The Anti Phishing Working Group (APWG) at http://www.antiphishing.org has reports on the latest phishing activities, vigilance tips and self-help resources for phishing victims too. I hope this helps you avoid the dark alleys of the information super highway!

Published: Times of India, Ahmedabad, 2-Jul-08

Monday, June 23, 2008

Are you a victim of Credit Card fraud?

"I wasn't in Japan on August 23. In fact, I have never been to Japan in my life!" My friend finally managed to convince his credit card company that the USD 1200 cellular phone charges on his account weren't his. I have shared the same woes before, almost every two years. Fraud can befall any credit card user today.

Credit cards are the most convenient form of payment worldwide. Petrol points, air miles, cash back and many other rewards encourage us to swipe frequently. But rewards and convenience come with their own risks. I may be bold to state that after five years, the only credit card customers not affected by fraud will be those who never activate and use their card at all.

One question that I have been asked at every security conference that I address is: "How do I use my credit card securely on the 'net?" Well, let me ask you: "How do you drive accident free on today's streets?" The sheer volume of credit card transactions, coupled with multiple locations of data storage and exchange increases the probability of credit card "accidents" on the information superhighway.

Ever wondered how fraudsters obtain your credit card information? The first technique involves "harvesting" large transaction databases. Merchants are required to store transactions for a couple of months until they get paid by the card company. The largest transaction theft in history occurred with U.S. retailer T. J. Maxx (TJX). TJX's breach recovery costs exceeded USD 500 million, affecting 100 million accounts. Another method involves stealing card information directly from end users, using trojans and malware that recognize website forms and intercept keystrokes. A third method - "phishing" - fools users in interacting with fake websites disguised as real e-banking websites. Users get fake emails of account suspension. Clicking them lures users into divulging their account information to fake websites. Credit cards are also actively traded for cash on underground Internet Relay Chat (IRC) channels.

Here are some tips for "defensive driving" on the information superhighway.

1. Never use your Debit Card for online transactions. Your bank's marketing tells you that debit cards work "just like credit cards". They may look the same, even carry Visatm or Mastercardtm symbols, but the similarity ends there. With credit cards, merchants are not paid immediately. The onus lies on the merchant to prove a transaction's authenticity. Credit card companies have to investigate the fraud with the merchant before holding you entirely responsible. With debit cards, cash is immediately debited from your account without a grace period. Only use debit cards for ATM withdrawals, nothing else. Avoid getting Visa or Mastercard branded debit cards if your bank allows a non-branded option. For details, visit http://www.privacyrights.org/fs/fs32-paperplastic.htm

2. Don't get caught in the "phishing" net. If you get an email from your bank or someone claiming to be your bank for re-establishing your identity and account verification, simply delete the email. If in doubt, call your bank and ask.

3. Delete emails containing credit card statements. Card companies have gone paperless to save money, but from a security standpoint, print and destroy these emails immediately.

4. Ask your credit card company about online fraud protection options and policies. If it lacks them, take your business elsewhere.

5. Change your credit card number every year. This cumbersome method may be the most effective fraud protection technique for frequent online shoppers. I destroy my card every year, and ask for a new one. New cards have different numbers. So even if old transactions are stolen later, the chances of the card being valid are minimized.

6. Ask for notifications for large transactions. Many banks and card companies provide email and SMS notifications if transactions exceed a certain amount. However, when a tank of petrol costs Rs. 2000, I wonder what amount limits to set without being SMSed everytime I swipe my card!

Lastly, nothing works better than common sense. If you are shopping at a new website, try paying over the phone. Read reviews posted by other users. Verify transactions in your statement meticulously. And when surfing idly on the Internet, look up the Web Hacking Incidents Database (WHID) at http://www.webappsec.org/projects/whid/. WHID tracks all media reported security breaches.

Do you have any tips or experience to share regarding combating credit card fraud? Write me at cyberwatch at net-square dot com

Published: Times of India, Ahmedabad, 26-Jun-08