Archive for the 'security' Category

02
Mar
09

some anti-phishing tips


I’m receiving dozens of phishing mails each day, like :

  • the bank’s database has been compromised, please register again
  • I had tried to login too many times, my account has been disabled, please register again
  • the bank decided to provide users with an application through which they will login, please run this file
  • the bank’s database has been lost, please register again
  • … and countless more

I’m sure many of you receive the same type of mails each day. Here are some tips that will help you decide whether such an email is true or not :

  • each mail in this category will have at least one link in it. Place your mouse over it, and check to see if the address it points to is really the bank’s address. If for example, your bank is Bank ABCDEF ( a fictional bank ), and your bank’s website is http://www.bankabcdef.com, then, when you hover the mouse over the link, you should see a link that belongs to that domain. If for example, you see something completely different, such as some-random-site-not-related-to-abcdef.com/whatever/bankabcdef/, DO NOT VISIT THAT SITE, because it surely will be a phishing attempt
  • if your mail service provider accepts javascript in the e-mails ( which is, in my oppinion, a terrible security flaw ), disable javascript. Javascript has a function named onMouseOver which can be used to spoof a link’s address
  • NEVER download & run any files you did not request
  • if, for example, the e-mail seems legitimate and has a phone number, I would suggest you don’t call that number. Instead use google to find the bank’s website, and get the phone number from there. Then, call the bank to check and see about possible account problems.
  • your browser will sometimes identify sites that are not what they claim to be, be cautious when that happens.

I hope these tips will help you !

24
Feb
09

how to detect spiders/web crawlers

In the previous posts, I’ve written about the techniques one could use to perform web scraping. I feel it’s important that developers know how to detect spiders and how to restrict them.

I think that the StackOverflowquestion “How do you stop scripters from slamming your website hundreds of times a second?” compiles the best information related to this topic. You can read the whole thing here.

17
Feb
09

firefox security advice


I know most people use firefox. I use it too. If you plan on having firefox remember any passwords for you, make sure you also setup a master password. If you don’t do that , someone with physical access to your computer can find them. All an attacker would have to do is :

  • click options
  • click security
  • click saved passwords
  • click show passwords

Voila! Plaintext passwords!

So, you either use a master password, or you don’t let firefox remember your passwords! Simple, right?




Blog Stats

  • 223,713 hits