my_world

Help! My accounts have been hacked!

Csaba — Wed, 05 Oct 2011 18:22:34 +0000

A family friend’s Gmail account was recently hijacked. We noticed because we got strange e-mails from her asking for money so we called and told her what had happened. By the time she got around to check what was going on, she was locked out of her Gmail and her Facebook accounts. In the panic that followed her question was “what do I do”? My response was “Google it”. But then I realized that although there is plenty of forums where people ask for help because they are locked out of their accounts, there doesn’t seem to be many sites covering the fact that one account is seldom hacked in solitude and some basic help in what to do when your account(s) has(have) been compromised.

So, voila! I’ve set up a couple of pages in this blog that are primarily dedicated to help people who can no longer access their accounts for one of the general on-line service providers (Gmail, Facebook, Hotmail, Twitter, etc). If you can still access your account but someone is using it to send spam or such then you may still get some benefits from these pages, but I’d suggest you go to the help section of the service provider and find their instructions on what to do. Or simply change your password and the emergency verification questions that most service providers have.

On the other hand, if you can no longer access your account, then some serious trouble may be coming your way, so please read on.

Table of Contens

First Things First

Immediate Responses
- Financial or Work Related Implications?
- Checking for Viruses

Assess the Damage

Contain the Damage
- Setting up a New Email Account (IF NEEDED)
- Changing the Passwords

Fix the Damage
- Google Accounts
- Facbook
- Yahoo! Mail
- Windows Live Hotmail
- Twitter
- PayPal

The Golden Archetypes

Csaba — Sun, 18 Sep 2011 18:04:57 +0000

Since the past “recession” of 2007, every now and then the mainstream financial news outlets mention that the price of gold is on a rise. There will, of course be an expert interviewed who will offer an opinion. Being novice to the “gold business” it is not easy to decide whether the person you listen to is trustworthy or not. And if you start researching the subject you will come across these very convincing sounding people with these “unorthodox” ideas about the current financial and political system and they will have their own, very strong opinions. In this kind of environment it is not easy to decide the angle of the different people you hear and their motives. So I have prepared this post, presenting what I believe to be the four archetypes of those who talk about gold in various media. These four archetypes are those who fall under the stigmatization of “conspiracy theorist”, the mainstream economic advisers, those who actually trade in precious metals and commodities on a daily basis and those who have a vested interest in you buying gold from them. Read more for a more detailed presentation of each archetype.

In all fairness I call the first group “conspiracy theorist” not because they are all convinced that the Bilderberg Group is running the world. Some of them are well established economists/journalists but because they very frequently don’t abide by the classical and mainstream points of views they are often stigmatized as “loony”. None the less, a common feature amongst most of these people is that they have been promoting and suggesting the buying of physical gold for years. The reason why they advocate this is because they have an inherent distrust in the current global economic system. Many of them, if not all, are convinced that the current systems, both political and economic, are on the brink of collapse and, if anything, physical gold, that you actually possess yourself, is the best way of preserving the value of your savings.

The second archetype consists of the mainstream economic advisers. The general consensus amongst these is that gold has no real industrial value (in contrast to silver) and besides being a shiny metal with affectionate value it has very little to offer. They see gold as an old form of trading currency that has been replaced with a modern flexible form of papers and computer systems. As such, they are quick to point out that other investments have historically been a lot more fruitful. Most of these advisers know little about gold and commodities in general. Some, however, follow the trends in gold and are open minded enough to recommend gold as a hedge against fluctuations in the other markets. But the general advice from them will be, don’t buy gold, there are other options which will generate much more profit.

Since the past “recession” of 2007, every now and then the mainstream financial news outlets mention that the price of gold is on a rise. When asked about this, the mainstream economic advisers are quick to say, “yes, gold has been going up, but if you look back, historically, stocks have done a lot better”. They are also the first to point out that gold is in a bubble. The conspiracy theorist, on the other hand are (quite frequently) screaming “The end of the world is near! The global economic system is about to collapse! Buy physical gold!”. The commodity traders provide the third option. They say “if the price of gold is in an upward trend – buy; if it is in a downward trend go short”.

Then you have the people who trade in commodities day in and day out. They have a business oriented approach to gold, if it’s on its way up, and then buy. If it is on its way down then sell or go short. They also have trend traders who make decisions on buying or selling based on the historical and statistical trends of the commodities. Depending on the time-window of the analysis used, patterns of upward and downward trends emerge. For example if you look at the hourly movement of gold on any given business day, there may be quite a lot of fluctuations. Looking at the movements over a year, however, the trends have generally been upward moving for gold since the bursting of the dot-com bubble in 2000. The general suggestion from these advisers CURRENTLY is that gold is still in an upward movement, so wait until it dips a little (still within the frame of the upward trend) and buy some more. It is important to note that these traders deal only with gold certificates, as the purchasing/selling cost ratio between these are minimal.

The fourth archetype consists of those who have a vested interest in selling you gold. Probably because they are gold-retailers who want you to buy gold from them. Obviously, they will always say: buy, buy, buy, regardless of the current market. Of course, that doesn’t mean that they are wrong, but they will advise to buy even when it would be better to wait. They often deal with physical gold.

So, next time you read about gold and whether it is a good investment or not, try to place the person talking in one of the categories I mentioned and that will help you determine their angle.

Terrorist Threats

Csaba — Sun, 22 May 2011 21:53:30 +0000

France 24 and Reuters recently ran two terrorism related articles. France 24′s article is called: “Seven suspected Islamists arrested in Paris” and Reuters “Bomb attacks double in Northern Ireland“.

Let’s compare the two:

1. France 24, uses the word “Islamist” as synonym for terrorist and militant. Reuter refers to the “Real IRA” as a “Dissident group” yet arrests are made under the Terrorism Act.

2. What do the articles mention as consequences of terrorism? France 24: ”Al-Qaeda in the Islamic Maghreb, has kidnapped several French citizens in recent years, some of whom have been ransomed and some killed. Four nuclear workers are still being held. … On April 28 bombers attacked a popular tourist cafe in the Moroccan city of Marrakesh, killing 17 people including eight French tourists”. Reuters: “99 viable bombs either exploded or were defused by army experts in the year to the end of March, compared with 50 a year ago. … At the beginning of April, a car bomb killed a 25 year-old Catholic constable. … [he] was the second Catholic officer to be murdered in two years, several more have been severely wounded or had narrow escapes. … As well as bombings there were 72 shooting incidents, 33 casualties resulting from paramilitary style shootings and 81 paramilitary style assaults.”

3. What about the arrests? France: “Six suspects were detained on Monday but the main target of the operation, an Indian national who recently arrived from Algeria, was taken on Tuesday”. Ireland: “Thursday’s police figures show that 188 people were arrested under the Terrorism Act, compared with 169 the year before. Those charged rose to 40 from 36. ”

So, which group of terrorists is more of a threat?

Down The Rabbit Hole And Into The Cloud

Csaba — Wed, 18 May 2011 05:38:02 +0000

With Chrome OS on the horizon, there has been a lot of blogging about whether client computers will become more secure. I would just like to take this opportunity to look at this question from an other, less discussed, angle – the angle that follows the data and not the computer that access the data.

Since Chrome OS is basically nothing more than a web-browser, it has been claimed that the client computers running it will become a lot more secure. I don’t necessarily dispute this claim but I want to highlight the real reason why this will be the case. Certainly, the less points of attack there are (i.e. the smaller the system), the less vulnerabilities there will be to exploit. But more importantly, the reason why Chrome OS based clients will be safer, will be that the data that is usually stored locally on PC’s will be stored somewhere in the Cloud. As such, it will become less appealing for criminals to find exploits to access data on the client computers.

And if the hackers will no longer care about client computers, where will they then be focusing their attention? That is right, to the Cloud. We are entering a whole new era of storing, processing and accessing of data. As such I would not be surprised if we see a whole new genre of exploits emerge – you know like buffer overflows for C or SQL injections for databases or XSS for websites. I’m quite certain that we will see a new generation of exploits emerge that are specific to Cloud solutions. I don’t know enough about Cloud architectures to know what these exploits will look like but I’m sure that the principle will be as basic and simple as the principles are for any of the exploit categories I just mentioned.

After all, if Google is sitting on all this data why on Earth would hackers keep writing exploits for client computers when most of them will contain limited amounts of useful information. Sure, the temptation of viruses that collect passwords and credit card details is still luring, but I think that the more hard-core hackers will follow the data, and if the data goes to Google, that is where the hackers will go. It just seems silly to spend time and energy to come up with remote exploits to gain access to local clients, when you can gain access to ALL the data stored by Google of ALL their users. Sure, it’s not going to be easy but after all, Chrome OS will be a (somewhat) trusted client connecting to the Google infrastructure – what else do you need as a starting point?

Furthermore, any exploits that do more then collect keystrokes or credit card numbers entered into a browser on a local computer will need to use the Google infrastructure to collect the user’s data from the Cloud. For example if a virus wants to get the address book of the victim to spread itself, it needs to get into the Gmail interface. So, it will need to communicate with the Cloud. And once it is communicating with the Cloud, why would it not take the next step and check out what else is stored in the Cloud under the user’s account. And if it is already there, why not try to escalate privileges and try to gain access to other people’s data? And while there, might as well see if there are any corporations storing data somewhere near… do you see?

So, sure, the Chrome OS clients will definitely be more secure then your average PC’s (even the ones with updated operating systems and virus scanners), but that does not necessarily mean that your data will be more safe. It just means that another attack vector has been added – that of the Cloud. More and more hackers will be drawn to try to exploit the Cloud infrastructure to gain access to several users’ data from within the cloud, circumventing any interaction from the user.

Nothing to hide vs. nothing to fear

Csaba — Fri, 13 May 2011 16:41:26 +0000

One of the arguments used to install more and more public surveillance equipment (besides the obvious “it’s for YOUR OWN safety”) is that if you have nothing to hide, you have nothing to fear. And after all, it’s not like the surveillance companies post all their recorded videos online for everyone to behold. No, only a few professional security guards have access to these feeds so that they can intervene if a “situation” arises.

NOT! That is a gross assumption. We think that it is a security guard monitoring the monitors, but do we actually know that for sure? Do we even know if there are any regulations regarding who gets to have access to all these video files and under what conditions? I don’t. We assume that there are licensed professional security personnel watching the screens, but it may very well be that in certain places nobody watches the screens – the images are simply recorded onto a computer (or videotape) and accessed by the police after you’ve been shot to find the guy/gal who shot you. But it may just as well be convicted pedophiles sitting there watching the screens. Think about it, if there are no regulations about who gets to supervise the surveillance footage and the surveillance companies need to save money, why not employ any hobo who is prepared to look at a couple of monitors all day for minimum wage?

But it may just as well be hackers or rapists looking at the video footage. Or… hang on… did he say “hackers”? Yes he did! Several years ago there was a Google hack whereby anyone could search for a specific term and Google would spit out a list of private security cameras installed all over the world accessible to everyone over the internet because the persons installing them did not activate the password features. So you could just click on a link and see the security footage of a parking lot outside a bar in Arkansas or something.

More recently, Kevin Finisterre, a security researcher was tasked to test the security of a city’s infrastructure and managed to hack a police vehicle’s on-board camera and microphone. Well, he didn’t even need to do much hacking, he just followed the instruction manuals of the systems (found on Google) and used the default passwords. He could see and hear the live feeds from cop cars and upload and download videos from the on-board computer (which, btw are admissible as evidence in a court of law).

So if the security of surveillance equipment used by the police are so easily circumvented what makes us think that the surveillance equipment used in taxis, public transportation vehicles, train stations, markets, malls, etc are any more secure?

But let’s leave security out of the equation for a moment. The point is that besides the licensed professionals and perverts I mentioned above, we also have hackers who can watch me do whatever I do in public areas such as: walk, talk, eat, shop, sneeze, yawn, scratch my privates, pick my nose, stare at a woman, stare at a man, kiss my wife, kiss my cousin. I’m quite certain there are others who do lot more embarrassing (maybe even illegal) things in public. With other words, we have a group of peeping-toms who, broadly speaking, are fascinated with “boobies”, who are convinced that all information should be made public, who have no quarrels about publishing a clip of their school-mate going to second base on the school-bus or publishing pictures of people scratching various parts of their bodies. And this group of people, with enough patience and conviction can access surveillance data from just about any public surveillance system in the world (and I haven’t even gotten into organized crime or terrorism)

And you tell me that I have nothing to fear if I have nothing to hide? Please! I will have nothing to fear when the surveillance providers go public with their recruitment and security procedures and their security audits. Then I will feel confident that me scratching my privates will not end up on dunces-scratching-their-asses.com or that my wife’s low-cut top won’t end up on boobwatch.xxx

Who’s liable for the Playstation Network hack?

Csaba — Thu, 28 Apr 2011 06:05:35 +0000

That the Playstation Network was hacked is yesterday’s news. The extent of the hack, has to this date not been formally verified. Sony says my login details may have been compromised (makes me wonder if they kept the passwords in plain-text format) but say there is no proof my credit card details were stolen. Uhm… That just means they just haven’t found the proof yet!

This puts me in an awkward position. About two/three weeks ago I decided to un-hack my PSP, because I couldn’t access the Playstation store with the hacked OS to download additional music for my favorite game, Rock Band Unplugged. So, I installed the latest OFW, set up an account, and accessed the store through the game. I entered my credit card details and off I went paying and downloading.

But now, a legal ambiguity has arisen. (Speaking about Swedish legislation only – I know the burden of proof is different in other countries) I am supposed to report to my credit card company if anyone who is not supposed to have access to my card has had access to it. So, I should report to my card company that I was one of the people who had an account with Sony. But Sony hasn’t verified that hackers have had access to my credit card details, and no unauthorized purchases have been made. So there is only a possibility that it may happen in the future. So in theory I should report this. If I do, I have fulfilled my obligations, and if money gets taken of the card without my authorization, the card company has to prove that it was I who made the purchase which I claim I didn’t do. In Sweden, at least, that is the way it works.

So great, I report it. But now I need to check my credit card balance every day for unauthorized transactions… Yay! So, I probably want a new card. But the card company won’t give me a new card since there’s nothing wrong with my existing one (at least not yet)! DOH! I can always pay for a new one – uhm… really?

So to sum it up, Sony have made a big kerfuffle and if I don’t want to be stressing out about reporting unauthorized use of my card, I need to pay for a new card. Will Sony compensate me for that? Doubt it!

Thank you Sony! I’m your biggest fan!

— UPDATE

Turns out I’m not the only one with the same concern:

The legal action by a PSN user claims Sony did not do enough to protect the private data of its customers.

It also asks for compensation and for Sony to pay for credit card monitoring to spot if stolen details are being used fraudulently.

http://www.bbc.co.uk/news/technology-13192359

Do As One

Csaba — Wed, 09 Mar 2011 20:40:09 +0000

Came across an incredible site. Take a quick color shower with your breaths, take a moment to relax during your busy work-day, focus on your breathing to become conscious, breath together with people from all over the world. All this in a most beautifully done website. Here is what they say about themselves:

About Do As One
The Goal: To serve and connect humanity by establishing a legacy of healthy, conscious breathing.

The Vision: One billion people will breathe together synchronously by November 11, 2012.

The Method: To share techniques for daily, optimal breathing and enable global, synchronous breathing through DoAsOne.com.

So, if you want to experience something wonderful, please visit DoAsOne.com

Logo not displayed correctly – Tikiwiki 6.1 and XAMPP Lite 1.7.3

Csaba — Wed, 19 Jan 2011 18:51:25 +0000

Following yesterdays post, here is another issue I found with XAMPP and Tikiwiki.

Synopsis: After installation of Tikiwiki 6.1 on a Vista machine using XAMPP Lite 1.7.3, The Tikiwiki groupware logo on top and bottom of the page were not displayed. When I tried to access the image through the browser (localhost/xampp/tiki-[version]/img/tiki/Tiki_WCG.png) I got a Server Error 500.

Workaround: This is definitely not a solution, but once again it is the .htaccess file that is screwing things up. Once it is removed from the localhost/xampp/tiki-[version]/img folder then the logos are displayed properly.

Server Error 500, Tikiwiki 6.1 and XAMPP Lite 1.7.3

Csaba — Tue, 18 Jan 2011 21:51:17 +0000

Synopsis: Getting Server Error 500′s trying to install Tikiwiki 6.1 on a Vista machine using XAMPP Lite 1.7.3

Specifics: The Tiki installer launch and I could enter all details about the database but when i clicked on the blue Install button I ended up with a Server Error 500.

Solution: Remove the .htaccess file from the folder containing the Tikiwiki code (e.i: c:/xamplite/htdocs/tiki-[version]/.htaccess)

Issues: You may need to put the .htaccess file back after the installation for security and functionality reasons – haven’t tried this though.

Guld och gröna skogar (del 3) – var kan jag köpa fysisk guld i Sverige

Csaba — Wed, 22 Dec 2010 18:48:21 +0000

OK så var kan du köpa guldmynt eller tackor?

Jag kan rekommendera två ställen där jag har själv köpt investeringsmynt.

Tavex AB - www.tavex.se

Mitt absoluta favoritställe! Förmodligen för att de har en butik i centrala Stockholm (men även i andra länder) så blir det så mycket lättare att köpa objekt. Men framför allt så blir det mycket lättare att sälja saker. Jag har köpt Kruger Rands från dem vid olika tillfällen och är väldigt nöjd. Jag har även sålt några Rands hos dem (snabba cash) och man kan få pengarna direkt i handen (inte ofta man stöter på 1000 lappar nu för tiden) eller direkt insatt på kontot. Hade pengarna på personkontot innan jag han hem! När jag sålde ett mynt för kontanter behövde jag inte legitimera mig men när jag hade pengarna instoppade på kontot så behövde jag det.
Jag besöker deras hemsida dagligen för att kolla guldpriset. Hemsidan är något rörigt men är en ren ”guldgruva” av information – priser, diagram, artiklar. Anledningen till varför jag besöker deras hemsida dagligen är dock för att kolla upp prisvärdet på mina inköp. Det spelar ingen roll hur mycket guldet kostar i dollar – jag behöver ju veta hur mycket jag kan sälja mina objekt för i svenska kronor. Där är Tavex sida helt underbar. Snabb överblick över guldets värde i USD, USD-SEK, och köp/säljpriset på vanliga mynt och tackor.
Tavex har en webb-shop men jag har ingen koll på hur den funkar eftersom jag alltid gått till deras butik.
En sak att tänka på om du ska köpa prylar från Tavex är att de sätter på 4 eller 5% på priset om du använder kreditkort för att betala. Detta gör de inte för vanliga betalkort eller insättning via bankkonto men när jag köpte prylar med min Visa Gold så kostade det extra (det innebär att guldet måste gå upp med 15% innan du kan börja tjäna pengar på köpet!!!!). Återigen BARA om du handlar med kreditkort.

Liberty Silver AB – www.libertysilver.se

Om jag förstått det rätt så har Liberty Silver inga butiker utan kör bara med beställning via webben. Jag har inte köpt guld från dem men har köpt silvermynt genom deras webbtjänst och det har funkat hur bra som helst. Priserna är aningen lägre på Liberty Silver än Tavex men tänk på att frakt tillkommer. Dessutom kräver Liberty Silver förskottsbetalning via banköverföring för beställningar över 10000 kr. Under 10000 kan du beställa med postförskott för en kostnad på 149 kr. Detta kan vara ett alternativ om du vill köpa guldet med kreditkort eftersom posten inte kräver extra avgift när du betalar med kreditkort.
Till skillnad från Tavex kan man även köpa silver, platina och palladium objekt hos Liberty Silver. Dessutom säljer de olika kemikalier som kan användas för att kontrollera äktheten hos metaller.
Deras artikelserie ”Guld & Silverskolan” är riktigt bra!
Liberty Silvers hemsida är dessutom helt underbar när det kommer till information om ädelmetaller. De har en suverän interaktiv diagram om man vill se marknadspriserna på alla möjliga metaller.

Ja, det var det! Lycka till med alla inköp!