Tuesday 21 December 2010

MD5 Hash & How to Use it ?


In this post I will explain you about one of my favorite and interesting cryptographic algorithm called MD5 (Message-Digest algorithm 5). This algorithm is mainly used to perform file integrity checks under most circumstances. Here I will not jump into the technical aspects of this algorithm, rather will tell you about how to make use of this algorithm in your daily life. Before I tell you about how to use MD5, I would like to share one of my recent experience which made me start using MD5 algorithm.
Recently I made some significant changes and updates to my website and as obvious I generated a complete backup of the site on my server. I downloaded this backup onto my PC and deleted the original one on the server. But after a few days something went wrong and I wanted to restore the backup that I downloaded. When I tried to restore the backup I was shocked! The backup file that I used to restore was corrupted. That means, the backup file that I downloaded onto my PC wasn’t exactly the one that was on my server. The reason is that there occured some data loss during the download process. Yes, this data loss can happen often when a file is downloaded from the Internet. The file can be corrupted due to any of the following reasons.
  • Data loss during the download process, due to instability in the Internet connection/server
  • The file can be tampered due to virus infections or
  • Due to Hacker attacks
So whenever you download any valuable data from the Internet it is completely necessary that you check the integrity of the downloaded file. That is you need to ensure that the downloaded file is exactly the same as that of the original one. In this scenario the MD5 hash can become handy. All you have to do is generate MD5 hash (or MD5 check-sum) for the intended file on your server. After you download the file onto your PC, again generate MD5 hash for the downloaded file. Compare these two hashes and if it matches then it means that the file is downloaded perfectly without any data loss.
A MD5 hash is nothing but a 32 digit hexadicimal number which can be something as follows
A Sample MD5 Hash
e4d909c290d0fb1ca068ffaddf22cbd0
This hash is unique for every file irrespective of it’s size and type. That means two .exe files with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file.

How to use MD5 Hash to check the Integrity of Files?

Suppose you have a file called backup.tar on your server. Before you download, you need to generate MD5 hash for this file on your server. To do so use the following command.
For UNIX:
md5sum backup.tar
When you hit ENTER you’ll see something as follows
e4d909c290d0fb1ca068ffaddf22cbd0
This is the MD5 hash for the file backup.tar. After you download this file onto your PC, you can cross check it’s integrity by again re-generating MD5 hash for the downloaded file. If both the hash matches then it means that the file is perfect. Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded file on your Windows PC use the following freeware tool
MD5 Summer (Click on the link to download)
I hope you like this post. For further doubts and clarifications please pass your comments. Cheers!

Caller ID Spoofing

Caller ID spoofing is the act of making the telephone network to display any desired (Fake) number on the recipient’s Caller ID display unit instead of the original number. The Caller ID spoofing can make a call appear to have come from any phone number that the caller wishes.
Have you ever wondered how to perform Caller ID spoofing? Read on to know more information on Caller ID spoofing and find out how it is performed.
Unlike what most people think, an incoming call may not be from the number that is displayed on the Caller ID display unit. Because of the high trust that the people have in the Caller ID system, it is possible for the caller to easily fool them and make them believe that the number displayed on the Caller ID display is real. This is all possible through Caller ID spoofing.

How to Spoof Caller ID?

You can easily spoof any Caller ID using services like SpoofCard. In order to use the spoofcard service, you need to pay in advance and obtain a PIN (Personal Identification Number) which grants access to make a call using the Caller ID spoofing service. Once you have purchased the service, you will be given access to login to your SpoofCard account. To begin with, you need to call the number given by SpoofCard and enter the PIN. Now you will be given access to enter the number you wish to call and the number you wish to appear as the Caller ID. Once you select the options and initiate the calling process, the call is bridged and the person on the other end receives your call. The receiver would normally assume that the call was coming from a different phone number ie: the spoofed number chosen by you - thus tricking the receiver into thinking that the call was coming from a different individual or organization than the caller’s. In this way it is just a cakewalk to spoof Caller ID and trick the receiver on the other end. Thus you neither need to be a computer expert nor have any technical knowledge to perform Caller ID spoofing. For more information on SpoofCard service visit the following link.

 

How Caller ID Spoofing works?

Caller ID spoofing is done through various methods and using different technologies. The most commonly used technologies to spoof Caller ID is VOIP (Voice Over IP) and PRI (Primary Rate Interface) lines.
Today most VOIP systems provide an option for it’s users to enter whatever number they want in the calling party field and this number is sent out when they make a call. Hence it is easily possible for any user to spoof Caller ID provided they have a VOIP system and know how to properly configure it to spoof the Caller ID. However sites like SpoofCard provide an easy and cheap spoofing services for those who aren’t using VOIP systems that they can configure themselves.
Caller ID spoofing is possible and being performed right from the days Called ID system was introduced. However most people are unaware of the fact that it is possible to spoof  Caller ID and make any number to be displayed on the receiver’s end. In the past, Caller ID spoofing service was mostly used by telemarketers, collection agencies, law-enforcement officials, and private investigators but today it is available to any Internet user who wish to perform Caller ID spoofing.

Best 7 Ways to Protect Your Gmail Account

Email is the most invaluable asset of anyone’s identity on the web. You use email everyday and have all the important information stored in your inbox. All your social networking accounts, website registrations, Paypal accounts etc are connected and controlled by your email and thus it makes sense to completely secure your Gmail account and prevent unauthorized access.
Choosing a strong password is not enough, you should be well aware how people try to gain access to other people’s email accounts by unfair means. Here are some useful tips on securing your Gmail account and avoid getting hacked:

1. Always Check The URL before Logging in to Gmail

Whenever you log in to your Gmail account, always check the URL from the browser address bar. This is because there are plenty of dirty minds who create an exact replica of the Gmail login page. The worst part – they install some scripts or malicious codes behind the fake login page and host the page in their web server. When you login to Gmail from a fake login page, your username as well as password is sent to another email address or to an FTP location.
Check for Fake Login Pages of Gmail
Hence, always check that you are logging in to Gmail by typing www.gmail.com and not from any other URL.

2. Avoid checking Emails at Public Places

A Keylogger is a computer program which can be used to record what you are typing in the keyboard. The Keylogger records your keystrokes, saves them in a simple text file and sends it to an email address or to an FTP server. And you are completely unaware of the whole process, running in the background.
Keylogger programs used to record keystrokes from keyboard
You never know which programs are installed in a public computer. Consider a simple scenario: You went to a local internet cafe to check emails from your Gmail account. The cafe staff has installed a Keylogger in every computer and when you type the username and password, the Keylogger script comes into action, records both your username and password and sends it to another email address. You leave the cafe after checking emails and the cafe staff  retrieves your username and password and hacks your account.
Hence, never check emails at a local cafe or at public places or in any computer where you don’t have control.

3. Forward Emails to A Secondary Email account

Should you need to check emails from a public computer or from a local internet cafe and you fear that the computer might have installed some keylogger programs? Here is a nice workaround.
  • Create another Gmail account and choose a different password for this account. This means that the password of your new Gmail account should not match with the password of your main Gmail account.
  • Log in to your main Gmail account, click “Settings” and go to the “Forwarding and POP/IMAP” tab.
  • Select the option to forward all incoming mails to your newly created Gmail account. Any email received in your primary email account will be forwarded to this secondary email address automatically.
gmail-forward-emails
Whenever you want to check emails from a public computer, use this secondary email account. Anybody trying to hack your email account using a keylogger or a malicious program can hack this secondary email account but not your primary one. Obviously, do not leave any important emails or password/username in this temporary email account – keep deleting emails at regular intervals. Yes, this may sound ridiculous but it’s better to be on the safe side.
VERY IMPORTANT: Do not use or associate this secondary email account as a password recovery option of your primary email account. Use this email account just for checking emails at a public computer, that’s it.

4. Regularly Monitor Gmail Account Activity

You can monitor the IP addresses of the computers used to log in to your Gmail account. To find the IP addresses, log in to Gmail, scroll down and click account activity details link as shown below:
Gmail account activity details
This will show you a list of the last IP addresses used to log in to your Gmail account. You will notice the country and state name alongside date and time of your last Gmail activity. Should you find another unknown IP address or the name of a place, there are high chances that somebody else is logging in to your Gmail account from elsewhere.
To solve this issue, click the “Sign out of all other sessions” button and Gmail will automatically delete all the active sessions of your account. Next, immediately change the password from your Google accounts settings page.

5. Check for Bad Filters

Gmail filters can be used to set rules in your Gmail account – you can automatically forward specific emails to another email account, delete it, archive it and do various other tasks. Sadly, filters can be a big threat to your Gmail account security.
Consider a situation – you checked emails from your college computer, forgot to log out and left the classroom. One of your friends found that you have forgotten to log out and he applied a filter in your Gmail account. This filter automatically forwards all of your emails at his email address.
Now he has access to all your emails and he may reset your account password, if he wants.
Hence you should always check for unknown filters from Gmail Settings -> Filters.  Delete any filter which you didn’t created or which appears suspicious.
Check for unknown Gmail filters

6. Do not Click on Suspicious Links

There are some websites which let’s anyone send fake emails to any email address. And the worst part is that the sender can customize the “From” address to anything – noreply@gmail.com or gmailteam@google.com.
Consider a scenario: Mr X uses some website and sends an email to you asking you to change your Gmail password due to security reasons. You see the from address field as something like “support@gmail.com” and think that it’s from Gmail. No, it’s not.
When you receive any emails which asks you to change your account password or enter login credentials, STOP. Do not ever click on any suspicious links from your inbox.
Suspicious links in Gmail account
Note: Gmail will never ask you to change your password or enter login credentials without any reason. Hence, if you receive any email which claims to be from Google and wants you to change your password, be rest assured someone is trying to fool you and hack your email account.

7. Choose a Strong Alphanumeric password

Most users choose very generic passwords which can be easily guessed. You should always choose a very strong password which is difficult to guess. Always remember the following tips regarding choosing passwords:
  • Choose both numbers and alphabets in your password. It would be even better if you include symbols and special characters.
  • Never use your phone number, parents name or credit card number as your email account password.
  • Choose a long password – probably more than 10 characters.
  • Never write your password on paper or save it as a text document in your computer.
Anyone trying to hack your email account will have a difficult time guessing the password and the more complicated your password, the more secure and better it is. You should also connect your mobile number with your Gmail account. This is required in case your forget the password and can’t login to Gmail.

Related Posts Plugin for WordPress, Blogger...
Twitter Delicious Facebook Digg Stumbleupon Favorites More