Archive for the 'Tech News' Category

Captchas are images used by online service providers to prevent automated sign ups. Ideally characters in these images can only be identified by a human. Spammers have been working hard to created a program which can identify captcha characters. They can then randomly create email accounts and then use it for bulk spamming! Since the mail is a genuine email from a well known email provider(Gmail, Hotmail) anti-spam providers cannot block them.

Websense is reporting that spammers have finally managed to write captcha decoding programs for Hotmail which takes only few seconds to decode the characters! The success rate is over 10% and is good enough for spammers.  Here is how spammers make money from this,

1. Spammer releases the automatic signup bot as a virus.

2. An unprotected machine on the Internet gets infected by this bot virus.

3. Bot creates multiple hotmail accounts from victim’s machine using captcha decoding logic.

4. Bot sends advertising messages to multiple mail addresses using the newly created hotmail account.

5. When millions for spam messages are sent, fairly good percentage of them brings business and spammer makes money through affiliate cut.

Whoever wrote this must be pretty good since the Hotmail captcha is pretty difficult interpret even for a human. For example, consider the captach (displayed on the right side) I got when I tried to signup to Hotmail!

Weak captchas have caused havoc earlier. For example, PhpBB forum software captcha was so weak that was hacked in a few days. So if you have a popular forum which is running on PhpBB 2.0, you will soon find majority of new users are from automated signups! It was complicated by the fact that a signed up account can have a live link in the profile.

I think one way to handle the bots will be to have very big set of different captcha styles which will reduce the success rate to below 0.01%. Another way will be to introduce new type of captcha every day so that any decoding program will become obsolete in a day!

A new virus called Trojan.Mebroot has been infecting windows computers recently. What makes this virus unique is that it uses Master Boot Record (MBR) to hide itself. MBR contains operating system loading code which is executed first.

A machine gets infected when the user of the system accesses Websites intended to spread the virus (such as warez or illegal downloads). Mebroot uses Internet Explorer vulnerability to write directly to the Master Boot Record of the machine! The trojan itself is around 450kb in size and is stored in the last sectors of the harddisk. It then creates a backdoor on the machine.

Once the backdoor has been established, the program looks for any user access to internet banking sites. It then sends the captured banking userid/password etc. to a thirdparty site! Pretty impressive, eh?

It is estimated that over 5000 machines are affected by this virus.

The easiest way to remove this virus is to run “fixmbr” command from Windows recovery console. This overwrites the virus entry on MBR. Also some of the latest BIOS setting allows you to make MBR readonly. Any modification to MBR will throw a BIOS warning! So enable MBR protection today.

Lastly never visit any Website which offers warez, cracks, serials or free downloads. The real purpose of most of these sites are to spread keyloggers and other types of viruses. If you really want to check those sites, create a virtual pc using vmware or windows virtual pc exclusively for that purpose.

HECToR is a new supercomputer assembled at University of Edinburgh, UK. This is one of the fastest machines in Europe which can do 60 million million calculations per second! The total cost of this machine is over $200 million and equivalent to over 10,000 desktop computers.

HECToR contains over 5000 AMD 2.8GHZ dual core Opteron processors the peak performance is 63Tflops. The total memory of HECToR is 33TB (6GB per processor)!! The storage used is high performance RAID disks with a total capacity of 576TB. HECToR uses Unicos/lc as the operating system and has two components - compute node linux for compute nodes and linux distro(SUSE Linux) for service nodes. The communication network uses 6 sets of Seastar2 chip based system and each link offers bi-directional bandwidth of 7.6GB/sec!

HECToR (High-End Computing Terascale Resource) is a project funded by research councils in UK and this facility is available to researchers in UK Universities. The main use of this supercomputer will be in simulation of complex natural phenomena such as climate change prediction.

HECToR is composed of 66 individual units as shown below and each of the unit is as big as a large shelf!

You can see the current status of HECToR supercomputer here!

Now you can have your own personal language translator! All you have to do is to add him as a friend in Google talk!

Google has released 24 language translator bot in Google Talk. These are named in using language codes - for example a contact named en2fr will translate from English to French. You just need to add en2fr as a friend and then anything you type to en2fr will be translated to french instantly!

Since this service uses XMPP open protocol, you can write different applications to make use of the underlying engine. For example, you can enable this chat translation facility on your own site using the Google talk engine.

Machine translation comes with its own risks, so don’t try it on your date

Blogger OpenID support commenting for all blogs hosted. This means that if you have an OpenID setup, you can ensure that all comments by you on blogger blogs are genuine. No one can spoof you when commenting on a Blogger blog. This assumes two things - you use OpenID for commenting and others know that only OpenID based comments are written by you!

Another advantage is that your URL can be automatically inserted in the comment. For this to happen, use your blog or site as your OpenID identity. This doesn’t mean that you have to have your own OpenID provider. You can use other providers such as Verisign or Technorati and then delegate to it from your blog! This means that you can change your provider without affecting your identity (your blog).

Now it is not necessary that you should use a third party OpenID provider. You can be your own OpenID provider! For details, check Setting up OpenID.

How does OpenID work?

When you use OpenID, there are 3 players. You (Y), OpenID service provider(P) and the site you are trying to login(T) using OpenID. When you indicate your OpenID identity at the T, it will handshake with P to get a secret key. Then you are re-directed to the P’s Web site to login. After login, the same secret key is prepared using your password by P and it returns it to T. Now T can compare this with the original secret key. If they are same, that means you did authenticate at the P!  Simple isn’t it?

In this blog post, Matt Cutts points out the speed with which google indexes new content. He notes that his post itself was indexed in less than 30 minutes! For a search engine which is supposed to crawl the entire internet it is unbelievable and clearly shows why Google is the leader!

This means that Google has such good infrastructure that they can do almost realtime crawling of Websites! But how do they do that? Obviously they can’t crawl all the sites every minute (which will take a lot of bandwidth from individual sites).

The secret probably is with blog pings and sitemaps. Already google blog search, technorati etc. use the pings to update the content. This means that only incremental data is crawled. Another feature that can be used is sitemaps which also will help google in doing incremental crawling. You can also add your blog/website sitemap in google by creating an account at Google webmaster tools.

Let us do some math here. According to Technorati there are over 100 million blogs. Now if we assume 1 post per day and an average size of 10KB per post we have,

Total content = 100 million x 10KB = 1 TeraByte of transfer!

This means that just to crawl blogs using incremental techniques, Google search engine will be using a minimum of 1 Terabyte per day of bandwidth! Here we assumed that only new posts are crawled. In reality, Google has to crawl old posts also to see whether they have changed! In Sitemaps, you can define that as daily/weekly/monthly/yearly crawl.

Check out my sitemap console screenshot below. As you can see, it is possible to reduce the crawl speed to save on the bandwidth. Now in that case you content will not be near “realtime”.

We are beginning to see the results of FeedBurner acquisition by Google. Recently they had released the “pro” features such as stats PRO and Mybrand to the free world. This was understandable since the main revenue generation mechanism has to be the FeedBurner Ad Network!

Now they are providing FeedBurner integration with BlogSpot blogs! This means that if you have a BlogSpot blog, you can redirect the default feed to FeedBurner. This allows for a single feed stream and tracking your feed visitors is easier!

To configure all feed traffic to go through FeedBurner, add the FeedBurner URL in Site Settings -> Site Feed -> Post Feed Redirect URL field. This ensures that any feed access is redirected to FeedBurner.

What happens when FeedBurner tries to access feed? Well, BlogSpot can detect this from user agent and disable redirection only for FeedBurner server access!

Now the next thing I expect is the integration of FeedBurner Ad Network with Adsense. What they can do is to roll out FAN to all the existing Adsense publishers. Currently FAN is open to only select few who has more than 1000 or so feed subscribers.

If you are using Pligg to run your own Digg like site, you would have already noticed that it is painfully slow. I have been running Pligg on a shared hosting and it was killing everything else even with a small user base! It seems that Pligg team is beginning to address the performance issues in the latest beta version released yesterday.

Here are some of the key new features in Pligg 9.5,

1. Un-vote - Now users can un-vote stories they have voted for

2. Fixes for IIS - Fixes for the IIS cookie redirect bug.

3. Image upload module - Upload images and use the thickbox javascript library to view them.

4. Reporting/Burying Stories - Users can bury stories that are spam, inaccurate etc etc. Burying a story grays it out to signify you have buried it.

5. Major database query enhancements - A quick estimation shows that the database calls in version 9.1 was 170+ and now it’s 50-60. This should substantially increase the speed of your Pligg site.

6. Story page tabs - Each story page now uses tabs. There are 3 tabs, comments, who voted, and a new feature, related stories.

7. Upgrade to Template Lite 2.1 - Upgraded Pligg to the current version of Template Lite.

8. Upgrade to ezSQL 2.03 - upgraded to the latest version of ezSQL for better mysql query handling.

Here is a happy news for Adsense publishers in India. Google Adsense recently started operations in Hyderabad, India. Hopefully this will mean better support for Indian Adsense publishers.

Now the only thing Google Adsense need to do in India is to enable direct bank payments. This will be a boon for Indian Adsense publishers since current courier fee of $25 is too much in Indian context. Especially when your Adsense income hovers around the $100 mark!

It was not long ago that major internet players Google, Microsoft and Yahoo! agreed on a common sitemap protocol. This allowed webmasters to provide an XML file indicating the structure of the Website.

One of the problems with sitemaps was that you needed to submit it to each search engine separately. For Google, this meant creating your own Webmaster tools account and then adding your sitemap XML there. With so many search engines out there it was a chore.

But not anymore! Google, Microsoft, Ask and Yahoo! again joined hands to enable something called auto discovery of sitemaps. You just need to add a reference to the sitemap in robots.txt and all the search engines will automatically pick that up! Now that is what I call a cool idea!

In your robots.txt file, just add
Sitemap: http://www.yousitedomainname.com/sitemap.xml

Is your Wireless network secure? If your answer is “Yes, I use WEP encryption”, then probably you need to think again. I have been using WEP encryption for sometime and hence was not amused when I saw this news!

Code breakers have discovered a technique for extracting a 104-bit Wired Equivalent Privacy (WEP) key in under a minute.

Under a minute? Basically RC4 stream cipher used by WEP(Wired Equivalent Privacy) has cryptographic weakness which is exploited by WiFi crackers. You can checkout more details of the WiFi exploit here.

We were able to extend Klein’s attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition.

It is time for me to switch to WPA which is supposed to be much more secure. I mean, till it is cracked by somebody else!

But in a world where there are so many insecure WiFi networks, WEP weakness is probably the last thing you worry about!

Today (April 05) is the official CSS naked day. Don’t be confused, you are not getting naked. Instead you need to remove all of your CSS files (design) in your blog/website and leave just the content in place.

The idea is to promote Web standards. If your site conforms to Web standards, things should look just fine. You can check out more details here. More than 1500 Websites are taking part in this “prank”.

No, I have no plans of getting naked. Frankly I don’t know how it will look (It will not be pretty for sure!). Do you have any plans for getting naked?

Domains are extremely cheap these days. So as a domain registrator, it is difficult to make some nice cash. But if you adopt the following technique, you might be able to make a good amount of money with minimum effort and time.

1. Find domains with non-working/incorrect email addresses that are registered with you.
2. Shortlist valuable domains from the above list. Look at the traffic, links and domain name value.
3. Ask your relative/friend to backorder the domain.
4. Send mails to the wrong/incorrect email asking the domain owner to correct his email address(!)
5. After 8 weeks, delete the original registration and transfer the domain to your friend/relative.
6. Profit!!!

Wired is supposed to be a cool tech reporting site. But unfortunately it is owned by the same company which owns reddit. I have nothing against reddit. It is a good source to find interesting links.

But paying someone to destroy your competitor’s reputation is hardly commendable.

Here is a summary of what Wired’s reporter Annalee Newitz has done,

1. Annalee creates a blog about “photographs of crowds“. It is supposed to be very badly written.
2. Then she submits the blog to Digg.
3. Then she contacts user/submitter and pays $450(!) to buy digg votes.
4. The story gets over 100 diggs. Eventually it is buried.

Consider this. Suppose Pepsi hires a lot of bloggers to write bad articles about Coca cola. Is it possible? Obviously yes, if you pay enough you can find bloggers who do that. But is it ethical? Obviously No. Does that make all bloggers irresponsible? Obviously No.

What is interesting is this. She paid for 430 diggs and got around 100 only! On top of it, the story is buried. Frankly it only shows that Digg works, probably a bit slow.

I guess some people gets irritated when someone else becomes successful

Finally it happened. Google has agreed to blur sensitive military and goverment buildings in India from Google earth. This follows discussions between Google executives and Indian beaurocrats. Surprisingly, simple blurring of images was acceptable to the Indian side.

BBC report says,

In a statement the search giant said: “Google has been talking and will continue to talk to the Indian government about any security concerns it may have regarding Google Earth.

“We are pleased to have initiated dialogue with the Indian government, the discussions have been substantive and constructive, but no agreements have been made.”

It added: “We have committed to continue the dialogue”.

In fact Google had no other option. They will have to continue with the censorship. Indians are too happy to ban Websites which are considered harmful to national integrity. Last year major blog sites such as blogspot and free hosting providers such as geocities were completely blocked by Indian ISPs on government order. It took sometime before the ban was revoked.

Indian president Abdul Kalam (who considers himself a geek) expressed his displeasure with Google earth many times before. He was of the opinion that Google earth may be used by terrorists to plan and execute attacks on Indian installations!