بایگانی برای دسته بندی » امنیت «

دوشنبه, October 29th, 2012 | نویسنده:

به نظر می رسد که, در عقل بی نهایت, گوگل یکی از ویژگی های امنیتی است که می تواند استفاده از دسترسی و یا با استفاده از حساب Google خود را متوقف. من می توانید ببینید که چگونه این ممکن است یک مشکل برای کاربران گوگل, به طور خاص خود را Gtalk یک یادآوری و جیمیل کاربران. در مورد من انگلیسی دست و پا شکسته و مخلوط با اصطلاحات چینی داشتن یک موضوع را با سخن تند و ناشمرده سرویس (است که از لحاظ فنی بخشی از Gtalk یک یادآوری). من راه حل پس از کمی نبش. من در چند ساله این موضوع شگفت زده شد و چه مدت این ویژگی وجود داشته است!

برای باز کردن حساب و گرفتن آنلاین درخواست خود را, استفاده از صفحه امنیتی گوگل اینجا.

اشتراک گذاری
Friday, August 21st, 2009 | نویسنده:

Have we here a Facebook Stalker?!

Of great consideration to online privacy are facebook stalkers. If a stalker randomly manages to add a few of your friends and you have your Profile Privacy Settings allowingFriends of Friendsto see everything then your stalker effectively has access to your profile even without having added you.

I’ve now adjusted my privacy settings more strictly and I’ve used theSee how a friend sees your profile:” tool to get an idea of how it changes things.

من “BasicInformation I had available toFriends of Friends”. This includesGender, Birthday, Hometown, Political and Religious Views and Relationship Statusaccording to Facebook’s description. You might think it fair that friends of your friends have an idea of how you roll.

But can you trust همه your friends anti-stalker spidey-senses?

I think NOT.

I previously had it that friends of friends can see my photos and videos but not much else. I’m thinking of changing that now too.

But wait, there’s More!

Further to this, we should be vigilant offakeFacebook profiles. Stalkers are usually apt enough to create more than one account with fake names. If you block one they create another and attempt to get a glance at your profile once more. I’ve created a friend group calledPrivacy Pls”. This group is limited from being able to see anything other than a very basic page. Thisbasicview is akin to when you first started using Facebook and didn’t know you could add lots of stuff in there (stuff you later realised you didn’t want anyway).

If someone adds me and I’m not absolutely sure who it is, I add them to myPrivacy Plsgroup. Also if someone adds me and I don’t want to offend them by ignoring their invite I’ll rather add them to this group. Perhaps you feel you have a pervy boss for example.

But Wait! There’s Moreand this time you can do it TOO!

To do this for yourself, go to your Friends page, clickCreate New List”, and name it something appropriate – “Privacy Plsin my case. Add the appropriate friends to this list now or add any futuresuspectfriends to the group.

بعد, go to the Profile Privacy Settings page. Underneath each section you will find aEdit Custom Settingsbutton. Click the first one and, at the bottom of the dialog that pops up, you will findExcept these people”. Add yourPrivacy Plsgroup here. Do the same for all the sections you don’t want them to see. When done, use thefriend’s viewtool to confirm what is made available to persons on that list.

And the Friend-of-Friend Stalker?

To prevent yourFriend-of-FriendStalker from being able to see your profile, do yourself a favour and think very critically about what you want potential stalkers to be able to see. Now go change those Privacy Settings toOnly Friends”.

For the Photo Crazy

Check up on your Photo Album Privacy settings. This is set up much the same as your profile settings. Consider carefully who you want to be able to see which photo albums and adjust the permissions appropriately!

Your Personal Contact Information

در نهایت, check up on your Contact Information: Click theProfilebutton towards the top left of the Facebook page to get to your profile. Then click on theInfotab within your profile. When you mouseover the Contact Information section you will see anEditlink pop up on the right. Click this button to start editing your details.

Next to each item you will find alockicon. Click this lock to define further permissions for which friends are able to see the items. You’ve never give your address and phone details to a dodgy stranger you meet on the street. Why do we then go and give it away to everyone on the Internet. I recommend the following:

  • AllowNo one” بر:
    • email address
  • AllowOnly Friends” بر:
    • IM Screen Names
  • Remove completely or allowNo one” بر:
    • mobile phone number
    • landline number
  • Limit the following:
    • address detailsgive your area or suburbbut NOT your full address

Hopefully we don’t all have to learn our lessons the hard way.

P.S. (especially to the guys and gals who have asked) I’ve been extremely busy these last couple of weeks. I have a lot of unedited content I’m hoping to make publishable very soon!

اشتراک گذاری
رده: خلوت, امنیت  | برچسب ها: , , ,  | One Comment
یکشنبه, April 19th, 2009 | نویسنده:

I think the Internet is a scary place. بله, me. Some days I find myself horrified to find the lowliest of criminal bastards trying to steal our livelihoods.

بله, people, there are criminals out there and they want your money or they want to use you to make money. What’s even more scary is the lengths to which they are willing to go, even risking YOU. Do not pass Go. Do not collect $200.

I received an email saying that I was being offered a job as aRegional Assistant” و, though the details weren’t given, the email suggested that it was a legitimate opportunity. I replied asking about where they’d received my details and also about what they would require of me.

Being the skeptic I am, I thought I could spot scammers a mile away. How fortunate that I can still laugh at the idea.

A few hours later, they replied indicating that I’d soon receive further instructions. They’dprobablybeen referred to me by a friend and they had a pile of referrals and so couldn’t specify which friend had recommended me. I waited patiently and left it to the back of my mind. “They’ve probably found a good candidate already and I’ve lost out”, I thought. “How nice that a friend might refer me. Obviously I’m Awesome.” (and daft :-/)

So later on, I receive my email with myfurther instructions”. This is where I finally realised that I was dealing with scammers:

سلام. We’d like to start a trial task. Our customer will make a bank transfer to you this week. Please go to our site <site omitted> to submit the banking details where the transfer will go to. Once we’ve established a good transaction history, you will receive between 2-3 transfers per week (amounts of about R10 000 each except the first trial transfers).
Please confirm that you can start. We don’t send any transfers to your account until we receive confirmation from you.
On Monday you will receive notification, detailed information and instructions regarding the transfers. Thank you and have a lovely weekend.

Say what??? I checked out the web site in question and, without a doubt, this is a money laundering scheme done by professionals. They know what they’re doing and they probably launder millions every month. What’s more is that, inevitably, they will screw you over and get the cops to arrest YOU. These criminals can leave evidence behind implicating you even if all you’ve done is diligently moved money from one place to anotherand kept a small percentage for yourself. 😛

Money laundering is where illegitimate money (stolen, probably) is transferred via third parties to appear more legitimate. You’re an accessory to the crime and, even worse, you’re even likely to be the victim of it. Recognise when an opportunity is too good to be true. I was fooled for a short while. Next up, given that a victim might give out a lot of personal details, the scammers might steal your identity and start to implicate you in fraudulent activities without you ever having done a thing.

If you happen to have already given any details such as the above where they wanted my banking details, contact your bank and inform them of the situation. They will give you the best possible advice on what to do next. If you’ve already responded to the mail but haven’t yet already given them the information they want, don’t reply any further. I’d also suggest calling your local police for further advice.

اشتراک گذاری
Wednesday, March 18th, 2009 | نویسنده:

[ویرایش کنید] So much for that. It turns out that openssl is able to determine that the key and certificate are already in a single file. Therefore, no csplitting required (خوب, I hope somebody reading this at least learned about how nice csplit is). In fact, the whole script might as well be obsoleteblaargh. Well, at least it gives a nice warning about not giving a blank passphrase. 😀

Here’s the new version:

pem2pfxconverts a .pem-formatted file containing a private key and signed certificate into a Windows-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.2
#مکار - brendan@swمنftspمنrit.Co.za
# Converts a .pem certificate file to .pfx format
# $1 is the source file
set -e
 
if [ $# = 1 ]; سپس
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  echo "Please specify a password below. Windows refuses to import a .pfx certificate with a blank password."
  openssl pkcs12 -export -out $outputfile -in $1
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi

بیشتر…

اشتراک گذاری
پنج شنبه, March 05th, 2009 | نویسنده:

Why is it that we’re so gullible?

I even considered for a whole second that my colleague had cross-checked the following SPAM before posting it on our IRL noticeboard. Please note that the following text originally had really bad-for-your-eyes fonts and colours. 😉

Urgent Warning from
Cell C, Vodacom & MTN!

[business card of aLegal Representativeof the Special Investigating Unit]

Dear All,
If you receive a phone call on your mobile from any person, saying that, he or she is
a company engineer, or saying that they’re checking your mobile line, and you have
to press # 90 یا #09 or any other number.
بلافاصله بدون تماس با هر شماره ، این تماس را پایان دهید.
یک شرکت کلاهبرداری با استفاده از دستگاهی که یک بار آن را فشار می دهید وجود دارد #90 یا #09 آنها می توانند
به سیم کارت your خود دسترسی پیدا کنید’ کارت را انجام داده و با هزینه خود تماس برقرار کنید.
این پیام را تا آنجا که می توانید به دوستانتان منتقل کنید, برای متوقف کردن.
در صورت دریافت تماس تلفنی و تلفن همراه خود به کلیه کاربران تلفن همراه توجه می شود
نمایش می دهد (XALAN) در صفحه پاسخ نمی دهید, تلفن را بی درنگ پایان دهید,
اگر به تماس پاسخ دهید, تلفن شما به یک ویروس آلوده می شود..
این ویروس تمام اطلاعات IMEI و IMSI را از طریق تلفن و سیم کارت شما پاک می کند
کارت, که باعث می شود تلفن شما نتواند با شبکه تلفن ارتباط برقرار کند. شما
باید یک تلفن جدید بخرم. این اطلاعات توسط هر دو موتورولا تأیید شده است
و نوکیا.
لطفا از این قسمت از اطلاعات پیشگویی کنید
ALL YOUR FRIENDS HAVING A MOBILE.

The first things that got me thinking was the text denoting authority at the top of the page. اکنون, bear in mind this is on a noticeboardnot my inbox where my anti-spam senses are at their peak.

Who could possibly have the authority to say they’re sending out a notification on behalf of each of South Africa’s tri-opoly of GSM providers? Okay, so its someSpecialLegal team that sounds government-type. They’re legitit turns outbut they probably don’t have enough time to take my call asking if this is all true. Absolutely everything on the Internet must be true, especially anything I say. 😛

So anyway, now that we’re over the silliness, let’s break this hoax down:

Official Documentation

Bar a business card, که به سختی استاندارد در هر صنعت است, هیچ اطلاعات تماس رسمی وجود ندارد. من حداقل یک نامه یا A را انتظار دارم گمراه شده سلب مسئولیت.

ارائه و زبان

در واقع وجود دارد 2 در اینجا در مورد تهدیدهای جداگانه توجه می شود اما بدون خواندن متن کاملاً آشکار نیست. دلیل این است که پاراگراف و دستور زبان بسیار ضعیف هستند. نهادهای دولتی معمولاً اسناد ضعیف یا پاراگراف ارائه نمی دهند. همچنین, چرا در مورد هر تهدید جداگانه یک اعلان جداگانه صادر نمی کنیم?

و اهک سبز??? خونریزی

هیچ پیوندی به منابع بیشتر وجود ندارد

هر گونه اخطار از این نوع بدون شک می تواند اطلاعات بیشتری را ارائه دهد یا حضور آنلاین آن را تبلیغ کند موسسه، نهاد. همچنین, شاید آنها دوست دارند شما راجع به اوضاع بازخورد دهید یا شاید دوست دارند ما در مورد فعالیت مشکوک بیشتر گزارش دهیم. اما نه. هیچ. فقط کارت ویزیت نماینده خاص. اگه مرد بمیره چی؟, شغل بهتری پیدا می کند, یا برگها کشور?

“یک شرکت کلاهبرداری وجود دارد … “

این بدان معناست که آنها هیچ سرنخی برای چه کسی ندارند. این جمله گسترده و منفعل است. هر وقت کسی می گوید سؤال کنید “آنها” یا “افرادی که”. این چه کسی است “شرکت کلاهبرداری”? کجاست “آنجا”? و چرا این تیم حقوقی دولت را خراب نمی کند (که برای پخش هشدارها باید از نامه های زنجیره ای استفاده کنند) از طریق شبکه نامه پستی زنجیره ای قدرتمند آنها مطلع شوید?

“این پیام را تا آنجا که می توانید به دوستانتان منتقل کنید”

من, ای وای. این خط احتمالاً در هر حرف زنجیره ای بوده است / ویروس مهندسی اجتماعی (تعریف خاص من) از نان خرد شده.

“این اطلاعات توسط موتورولا و نوکیا تأیید شده است.”

They’re trying to prevent you from thinking for yourself and try to verify their claims independently. They’re sayingYou’re stupid to check. We already checked for you. :-D”. البته, in reality, they’re just trying to take advantage of our gullible nature.

“#90 or #09” و “XALAN”

There isn’t any way for you to verify this. از نو, question everything. Google’s first page of results is riddled with the wordsCell phone warning hoax”. duh.

If you get a message like the above from your friends, reply and tell them to stop sending spamand maybe give them a link to this page so they know why. 🙂

اشتراک گذاری