Author: ttcsadmin

  • Continuing the Windows 8 vision with Windows 8.1

    Microsoft outlines in a blog post some of the changes users will see with Windows 8.1

    Continuing the Windows 8 vision with Windows 8.1.

  • how easy is it to hack someone’s email or create fake emails? What are the warning signs to alert the user if their email was hacked

    Received this question:

    • “How easy is it to either hack someone’s email or to create fake electronic correspondence?
    • And if there was a hacking attempt, what are the warning signs that should alert the authentic owner of the email address?

    https://www.ttcs.tt/blog/whether-email-accounts-can-be-hacked-and-how/ talks of the possible methods how your password to your email account can be leaked to unauthorised persons who can then access your email account. The common method is by a phishing email pretending to be from a person you know or organisation you know to click on a malicious link or run an attachment. See http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/ which has a screenshot of the phishing emails that were sent to the Onion’s staff members (one of whom fell for the phishing email and entered their username and password)

    The method of phishing emails pretending to be from a friend or organisation you know underscores the ease of faking emails. The from field in an email can have any text (e.g “lldjlkdladajdlk@sdkaldjal”) that looks like an email address and not be from the “real” sender.

    Sites like http://deadfake.com/Send.aspx allows you to create a fake email which you can send to yourself to further demonstrate the ease of faking the from field of an email message.

    To detect hacking attempts, one should set up two factor authentication which improves the security of your email account. One common implementation of two factor authentication uses your cell phone. Whenever a new device or software is used to access your email account, the email provider prompts you to enter a second password that is sent to your cellphone via SMS. If you receive an SMS and you are not trying to access your email from a new device, then you are aware that someone else has your password and is attempting to access your account.

    See a PC World article which illustrates how to set up two-factor authentication with Google, Facebook and Microsoft: http://www.pcworld.com/article/2036252/how-to-set-up-two-factor-authentication-for-facebook-google-microsoft-and-more.html

    Detection of whether your email account is compromised without two factor authentication requires a regular review of your email account profile and/or settings.

    You may also get a call from a friend or organisation asking you about the strange phishing email or “”the stranded traveler” scam email they supposedly received from your email address. Now these emails can be faked as mentioned earlier and your email and password is secure. However, undoubtedly hearing of these emails will raise concerns that your account was compromised or “hacked”.

    First step : change your password to your account immediately. Then review your email account profile and/or settings to look for

    • changes to your email filters to forward emails to strange email addresses,

    • changes to the settings for a backup contact account (email and/or phone number) for the provider to contact you if you have problems with your account,

    • access logs showing irregular IP addresses where the email account was accessed.

    Changes to these settings not done by you are a strong indicator that your email account was compromised.

    You should also change the security questions used to recover your password and if you use the same password on other sites (which you should NOT do – you should have unique, strong passwords for each of your services you use), also change the passwords for those sites.

    The complete, strange emails that your friend alerted you to, should be kept for study by you or pertinent authorities to study for clues as to the IP address where the email was sent from.

    This requires the preservation of the email headers which are typically not shown by email clients nor included in the email when emails are forwarded.  However, all email messages have e-mail headers. See http://www.emailaddressmanager.com/tips/headers.html which shows the typical email headers of a regular and a spam email for comparison.

    Comments and suggestions to this post are welcomed.

  • How does E-mail get from one place to another?

    Received a question “how does e-mail get from one place to another”.

    E-mail starts off as text in a computer or other networked electronic device (phone, tablet, etc.) It is then sent through a mail server through the network to the recipient’s network and mail server. There it is put into the user’s e-mail box, ready to be read.

    Like regular postal mail, the mail server (think – “post office”) can be the same for sender and recipient. If so, then no network needed. This is the most secure way to send email without using secret codes (what computer people call “encryption”.)

    Sometimes, the computer, tablet, phone, etc. is its own mail server. It will connect directly to the recipient’s mail server and send the message that way. This method is usually rejected by the recipient’s mail server, since it can’t prove that the non-server is who it says it is.

    At every hop along the trip, e-mails collect information about where it has passed – what we call “header information”. With headers and mail server logs, you can prove if an email is legitimate or not, since it will have details about every server and / or stop it made along the way. The headers are usually not shown to the average user, but are available on every email sent.

    Note that the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers, spreading viruses or spyware or phishing attempt for you to click on a malicious link) .

    For an example of email headers, see http://www.emailaddressmanager.com/tips/headers.html

    The above is  a simplified explanation.  Other articles which describes how emails work in a little more detail

     

    Again, comments, suggestions for updating this post are welcomed.

     

  • Can email addresses be just a few characters?

    Received a question asking “can email addresses be just a few characters?”

    Yes.

    Reference links

    • http://www.faqs.org/rfcs/rfc2822.html
    • http://tools.ietf.org/html/rfc5322#section-3.4.1
    • http://tools.ietf.org/html/rfc6531#section-3.3

     

    Many email providers limit how short or how long the email address can be.

    As examples, Gmail (which provides addresses @gmail.com) rejects requested email addresses less than 6 characters to prevent spam.  See https://support.google.com/mail/answer/7993

    Microsoft (Outlook.com and “Hotmail.com”) addresses can contain only letters, numbers, periods (.), hyphens (-), and underscores (_).

    No special characters, accented letters, or letters outside the Latin alphabet.

    If you are setting up your own email server, or using Google Apps, you can pick what you want to be a valid email address. For example, at the TTCS, we can have [email protected], or even [email protected] if we choose.

    As long as it complies with Internet rules, any email provider can make their email usernames however they want.

     

     

  • Whether email accounts can be hacked and how

    Received a question asking “whether email accounts can be hacked and how”

    Yes, email accounts can be hacked to allow unauthorized persons to access your email account .  Typically, this can be done by several approaches (or a combination of them):

    (Update : 6:50 pm May 21 – switched article to headings instead of ordered list)

     

    Phishing

    This is when you are deceived into entering your username and password at a bogus website masquerading as the legitimate site. See “How the Syrian Electronic Army Hacked The Onion” http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/ as an example of a phishing emails used to get user credentials.

     

    Installing malicious software or spyware

    Spyware on a computer can monitor keystrokes and eventually obtain your email username and password as you use the computer to access the account.

    Spyware is typically installed on your computer by

    • software exploits – surreptitiously by taking advantage of software flaws or vulnerabilities (often the web browser and the addons installed in your web browser) on your computer. Such security flaws allows for software to be installed without your knowledge by visiting a malicious website.
    • bundling such spyware with third party software obtained from unreliable sources
    • deceiving the user to install software via banner ads or by forged emails from one of your friends or organisation you work with, asking you to view/run an attachment.

     

    Social Engineering

    Persons use email addresses to sign up for various online services/websites. Most (if not all) services allow for the password to user’s accounts to be reset, in case you have forgotten your password. Because such services use different details about you to verify your identify, information about you gleaned from one service (e.g your birthday posted on Facebook, WHOIS information from your domain name you registered) can be used by an attacker to obtain your password at another service. A Wired editor wrote a detailed article when this happened to him: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/.  Another interesting article : https://medium.com/tech-talk/280c753b1145

     

    Not logging out of your account from a shared or public computer

    Not logging out of your account from a shared or public computer means that another person with access to the machine can access your account.

     

    Poor password security practices

    Email accounts has been hacked from people “guessing” the answers to the recovery/security question to reset the password. Easy questions like your spouse’s name or favourite pet can be gleaned from information published on social networks.

    Other poor security practices include using simple passwords that are easy to guess (eg “password” for the password) and using the same username and password for multiple services. When one service is compromised resulting in their user accounts and password information being stolen or leaked on the Internet, all other services that use the same username and password are at risk.

     

    Password sniffing

    Typically many public wifi networks are not encrypted, which means that other devices on the wireless network can eavesdrop and monitor network traffic. This means that if you use your username and password on such a network, your login information can be copied for later use by such other devices.

     

     

     

    Any suggestions for this post on how else can email accounts be hacked?

     

     

  • TTCS Pizza lime on Joe’s Pizza, St. Augustine on Wednesday May 22 2013 from 7-9pm

     The Trinidad and Tobago Computer Society (TTCS) will be having its next lime on Wednesday, 22nd May 2013 at Joe’s Pizza, St. Augustine from 7:00 pm to 9:30 pm.

    Come join us as we discuss various ICT related topics, including:

     

    Anyone interested in computing and ICT is welcome to attend. A contribution of $50 is expected towards the food bill.

     

     

     

  • Google I/O 2013 begins May 15 2013 – watch the keynote and read the announcements

    Google I/O, the annual conference held by Google which typically focuses on developers but the keynote on the first day is used by Google to announce and present services and/or products it is launching to the public.

    The Google I/O 2013 Keynote can be viewed live at https://developers.google.com/events/io/

    Google I/O 2013 announcements are being live posted at https://plus.google.com/+GoogleDevelopers/posts

    Other liveblogs:

     

     

     

     

  • Columbus Networks, Cable & Wireless enter strategic alliance, will form joint venture company to sell bandwidth to companies in Caribbean and Americas region

    Cable and Wireless and Columbus Networks have entered into a strategic alliance and will form  a joint venture company called CNL-CWC Networks Ltd. to provide international wholesale bandwidth to communication companies in the Caribbean and America’s Region.

    Via the press release on Cable and Wireless Communications (CWC’) website dated May 13 2013 :

    13 May, 2013
    CABLE & WIRELESS COMMUNICATIONS

    CWC agrees strategic alliance with Columbus Networks

    Cable & Wireless Communications Plc (“CWC”) today announces it has entered into a strategic alliance with Columbus Networks Ltd (“Columbus”) to develop its international wholesale capacity business.

    Under the alliance, CWC and Columbus will form a joint venture in the pan-America region which will provide international wholesale capacity to both companies, as well as to third party carriers. CWC and Columbus operate substantial and largely complementary sub-sea cable networks in the Caribbean and Central American region – the joint venture will have a network platform of  approximately 42,000 kilometres with connectivity to 42 countries.

    The alliance positions CWC strongly to meet the data capacity demands of its retail operations in the future, as well as optimising its capital expenditure commitment to its undersea cable networks. Demand for data capacity is growing rapidly in this region, driven by the increasing availability of, and consumer demand for, mobile data and fixed broadband services.

    The joint venture, which launched today, will initially operate on an agency basis by providing joint sales and marketing services for each of CWC’s and Columbus’ international wholesale capacity services. Columbus has a 72.5% majority share in, and management control of, the joint venture and CWC has a 27.5% share with appropriate minority protections.

    The alliance will be broadened within the next two years with Columbus and CWC contributing their sub-sea and related assets into the joint venture company, subject to obtaining regulatory approvals and certain other conditions being met.

    Until then, Columbus and CWC will retain complete ownership and control of their respective existing networks in the region.

    Once the applicable approval requirements and conditions have been met, the joint venture will
    then assume ownership and management control of the international wholesale capacity
    operations of CWC and Columbus and all new investments in infrastructure will be made, and
    owned by it.

     

    There is another press release on Cable and Wireless website on the Joint Venture :

    BRIDGETOWN, BARBADOS, AND LONDON – (May 13, 2013) – Columbus Networks and CWC Wholesale Solutions today announced the formation of a joint venture to provide
    expanded wholesale bandwidth capacity to global, regional and local communications companies in the Caribbean and Americas Region. The joint venture company will be called CNL-CWC Networks Ltd.
    In addition to the joint venture, CWC Wholesale Solutions, a subsidiary of Cable & Wireless Communications, has entered into a separate services agreement with Columbus Networks under which Columbus Networks will provide CWC Wholesale Solutions certain operation and monitoring services.

    Columbus Networks and CWC Wholesale Solutions operate complementary networks in the rapidly growing region. After completing multiple network interconnections, the joint venture will offer wholesale customers an expanded network platform that spans more than 42,000 kilometers and reaches more than 42 countries in the region.

    The joint venture company will serve as the sales agent of both Columbus Networks and CWC Wholesale Solutions for international wholesale capacity. Columbus Networks will be the managing partner in the joint venture. CWC Wholesale Solutions will provide support and management resources. Columbus Networks and CWC Wholesale Solutions will retain ownership and control of their respective existing networks in the region.

    “Wholesale customers will be able to take advantage of expanded network reach and service benefits by doing business with a company that can provide more bandwidth and broader reach, faster and better,” said Paul Scott, president of Columbus Networks. “With this joint venture, one plus one equals three.”

    In the coming months, customers will begin to enjoy much greater route choice, improved reliability and higher performance as the joint venture rolls out innovative, new service offerings spanning clear channel services, IP transit, carrier Ethernet and carrier MPLS.
    “We have been investing heavily in recent years to upgrade existing networks and build entirely new subsea links such as CBUS and East West Cable,” said Simeon Irvine, chief  executive of CWC Wholesale Solutions. “By creating this joint venture, CWC Wholesale Solutions can expand its network reach and increase the diversity and security of supply for our customers and those of Columbus.”

    The interconnected networks will enable more self-healing fiber optic rings with a future planned migration to a fully meshed network environment that will significantly
    improve the region’s access to international capacity and better meet the increasing demands for reliability and performance.

     

     

    Local mirrors of press releases:

    CWC agrees strategic alliance with Columbus 140513

    Press release – Columbus-CWC JV 140513

  • Microsoft: Windows 8.1 will be a free update to Windows 8 users ; public preview of Windows 8.1 on June 26 2013

    Via the Microsoft Blog Post : Windows Keeps Getting Better.

    Today at the JP Morgan Technology, Media & Telecom Conference in Boston, Tami Reller shared with the audience that the update previously referred to as “Windows Blue” will be called Windows 8.1  and will be a free update to Windows 8 for consumers through the Windows Store….

    ……

    We will also be making a public preview of Windows 8.1 available starting on June 26, timed with the Build developer conference in San Francisco. The preview will be available for Windows 8 and Windows RT.

     

  • Blackberry announces plans to make its BBM Messenger service available to iOS and Android users

    From http://press.blackberry.com/press/2013/bbm-for-ios-and-android-to-launch-this-summer-.html :

    BlackBerry® (NASDAQ: BBRY; TSX: BB) today announced plans to make  its ground-breaking mobile social network, BlackBerry® Messenger (BBM™), available to iOS® and Android™ users this summer, with support planned for iOS6, and Android 4.0 (Ice Cream Sandwich) or higher, all subject to approval by the Apple App Store and Google Play…….In the planned initial release, iOS and Android users would be able to experience the immediacy of BBM chats, including multi-person chats, as well as the ability to share photos and voice notes, and engage in BBM Groups, which allows BBM customers to create groups of up to 30 people.