geek learn

SciShow: HeartBleed and Tamiflu show us how vulnerable are we

HeartBleed is a code programming bug. That means that the way Heartbeat was coded resulted in the server sending too much data in those packets back to the user. That data was not encrypted and a hacker could save it.

Heartbeat a way to optimize SSL connections by sending little packets of data to show that the connection is still alive, not by reinitiating the whole connection process. That code bug has been already saved, but you should change your password in your social networks as soon as possible. So, Heartbleed is NOT a virus, it is a code error.

The flu is generated by a virus and it is hard to find a complete cure to it. This is why you need a new vaccine each year for the common cold that becomes flu. Since having such vaccines is expensive the governments use some other type of medication like Tamiflu, that has the purpose to slow down the virus growth in your body.

It seems that Tamiflu does not work as expected. Check the video from above for more info.

geek learn tech

Security alert: Skype is saving your details in plain text in the database.

Skype is saving account details in plain text in their database. You don’t need to be a hacker to see this and it is surely a worrying thing to know that anyone who has access to your computer and knows how to use some random databse reading programs like SQ Lite, can read your messages in Skype.

The guys at explain how you do it:
– navigate to C:\Users\Username\AppData\Roaming\Skype\your-skype-id
– extract SQ Lite in that folder (RAR is here)/ website
– then follow the steps from Hackyard to read your data (basically open main.db and then use SELECT [field] FROM [db table] )

It is THAT simple.

You can see email details of your contacts, private messages that were sent, time and date of those messages. Basically, a skilled hacker can read out all your Skype messages and history.

Guys, make sure no one has access to your computer, buy or use an antivirus program and watch out for ani viruses that may lurk in your computer.

Stay safe!

geek on the web tech

Hacking websites: cross site request forgery

There are three major ways to hack a website: sql injection, cross site scripting and cross site request forgery. I published a post about sql injection and cross site scripting recently and now let’s see what this third attack is all about.

Tom Scott explains that for this third attack to work a malitious hacker needs to copy the form from your bank account, for example, into a fake website, hide that form and then trigger it every time you access that site or interact with it.

The way the webdevelopers are fighting against this is by creating a token in the same page as the form and then send that token with the form data once you click the submit/go button.

If someone copies that token and then tries to use it later on, his form won’t be accepted. The token updates each time the page the form is on is refreshed and it is unique to the user, ip, and current time.

A very neat trick to keep bad guys away from our bank accounts, that is for sure!


[Free Ebook] HackerProof: Your Guide to PC Security, from MakeUseOf

HackerProof: Your Guide to PC Security, from MakeUseOf, is an easy to read ebook with 53 of condensed pages about everything you need to know about PC security. This free ebook comes in a form of pdf and you can get it only by submitting minimum info in the link above.

In those 53 pages you will learn about:

  • a short history of computer viruses
  • what are worms, trojans, rootkits, phising, farming or malware, as general term
  • inbox dangers
  • how to check if links lead you to where they should
  • how to protect against the perils of digital era
  • how to use an antivirus, a rootkit killer, a network monitoring solution or a firewall
  • why backups are important
  • how to recover an infected PC

For a while I worked as a freelance PC troubleshooter and I had even a newspaper ad. Things were’n as smooth as I likes, but during that time I earned some cash and learned a lot of things about PC issues and about the psychology of the “common” computer user.

From darn weak passwords to the easy traps for the gullible ones under the form of a big green “Download Bow” button, I got the chance to see that most of the computer users do not take security seriously. Worst part was that they had an internet connection and no antivirus installed. Now, what do you say about that?

You would guess that all have the basics covered, but that isn’t the case. I believe that most of my readers are geeks and tech savy guys and galls, but this small ebook might very well help others. Having a clean and secure computer is a not a God given right. You must earn it, or, as I always reminded them, “you must simply NOT do the things we, PC guys, tell you to NOT do”.

Click on the image from below (partner link) to get this awesome short pc security ebook and enjoy a more secure computer. Why “more”? Leave a comment and I’ll write a longer answer. For now I can say that we cannot ever have 100% protection (see Stuxnet, Staatstrojan, and others). Enjoy HackerProof: Your Guide to PC Security, from MakeUseOf!


Think Like a Hacker for Better Security Awareness

Today I introduce a weekly series of free ebooks and publications from TradePub that help mostly the B2B companies, but are also useful for everyone who wants to learn more about a wide variety of domains.

Although you can select from dozens of fields in my dedicated page (yes, I am partner), I will publish a few words weekly about the papers that I like.

In the short white paper named “Takes One to Know One: Think Like a Hacker for Better Security Awareness” you can read about the importance of a security culture in your company and that accessing social media websites at work can be potentially dangerous.

I work in a tech company too, and we offer tech support and webdesign for ecommerce platforms, and security if one of the top priorities. If you leave your desk for any reason you have to start the protection screen and only if someone inserts the pass can see what you have on your desktop. Yes, even if we go to toilet for a minute, the log-off screen will be used.

What I saw interesting in this paper (very short one, be warned) is that almost half of the enterprises have seen an increase in malware infections due to social media sites accessed at work. One of the main reason: click on links that send them to bad places.

I found it also hilarious that the most used password is “password1”. Really?! Come on man, people can do better than that. Also, more than a quarter of the IT companies have high level professionals that have fallen victims to malware in one way or the other.

As a side note, please check this password tool to create the best password EVER. Read this white paper created by Trust Wave, the leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances.

Simply click on the image from below, fill in your details, download the free white paper and be awesome!