Wednesday, September 29, 2004
Apache 2.0.52 released
*internet facing means that your webserver is open to the public and can be accessed through the internet.
Thursday, September 23, 2004
Default login and password for network devices
I have always wondered, why do device manufacturers put in the same default password for all the units of a particular product. Eg, all Netgear MR814 routers would have the same password - "password". Isnt it possible for manufacturers to generate a different password on every router and then they could add a password sticker either in the casing or on the manual. Is it really that difficult? With consumers lapping up wifi routers, we need to atleast have the basic password security taken care of. No amount of encryption strength can save you, if you have a weak or default password.
Needless to say, you should change the password (and if possible also the username) of any network device as soon as you install it. At the bare minimum, the password should be alphanumeric and atleast 8 characters long. For corporates, enterprises and businesses the network devices need to have stricter password rules.
Sunday, September 19, 2004
Nigerian emails bounty share emails
I am sure, you might have guessed by now that this is one of the classic Nigerian/Zimbabwean/South African/Sierra Lone/Ivory Coast spam mails that are sent out to unsuspecting people. Yes, this is indeed the world famous Nigerian scam also known as the '4-1-9' or the 'Advance fee fraud'. To know more about this fraud check out this link: http://www.secretservice.gov/alert419.shtml
Rememeber mom's advice? If something is too good to be true, it probably is. Never ever respond back to such emails. Firstly, no one in their right mind is ever going to divide a few million dollars with you just for the fact that you happened to respond back with your bank details. Secondly, if they even had a few million dollars to share, do you you think they would be sending out anonymous emails?
Here are a few details worth nothing on these kind of emails:
1. The entire email is written in CAPITAL LETTERS.
2. It is from some guy in Sierra Lone, South Africa, Ivory Coast, Nigeria or some other war infested location in Africa.
3. The email is sent from a public (free!) email provider account like netscape, yahoo, msn etc. Eg. I got an email from "Mr Okeleke Dunbi", while the email address said "firstname.lastname@example.org". You get it? exactly!
4. No phone number to call mentioned in the email.
These scams have been well publicized and there are websites that inform visitors how to identify these kind of scam emails and warn them about the perils of responding. But do people still fall into these traps? You bet. The Nigerian scam is an 'industry' and employs thousands of people around the globe who manage to extract money from their unsuspecting victims.
Always use a good spam filter that basically weeds these out even before they reach your inbox. (Ofcourse, I use a spam filter but dont automatically delete these kind of mails. They are just tagged as spam and delivered to my inbox. I use my spare time to perform an autopsy on these). One good spam filter is spamassassin (now adopted by the apache group). Spamassassin is opensource, free to use and that is what powers my ypjain.com inbox.
Friday, September 17, 2004
Copyright Anand Jain 2004, 2005. All rights