Secure Login plugin – multiple logins

7 01 2008

I’m a fan of the Secure Login plugin for Firefox. Occasionally when logging into a site I would get a prompt asking me to select which login to use. Both logins were the same with the exception of a number shown to the right of each login. I was able to select either and login just fine.

securelogin_multiples

Eventually I got curious and went hunting for the reason why. It turns out the Secure Login plugin will display a login ID for each login form on the page. There is only one form on the page you say? Chances are very good there is a hidden form veiled by some ajaxy goodness.

To see the hidden form (and prove you aren’t losing it) select View | Page Style | No Style. This will strip all the styling from the page and show everything in it’s HTML glory.

keywords: login selection select user form index firefox plugin secure login





Sandboxie should be your next Windows app

14 07 2007

Sandboxie logo

Sandboxie is an incredible little, lightweight program that allows you to run an application sandboxed which means anything the sandboxed app would normally write to disk is instead written to transient storage which can be easily removed.

From the Sandboxie site

If you run Freecell inside the Sandboxie environment, Sandboxie reads the statistics data from the hard disk into the sandbox, to satisfy the read requested by Freecell. When the game later writes the statistics, Sandboxie intercepts this operation and directs the data to the sandbox.

If you then run Freecell without the aid of Sandboxie, the read operation would bypass the sandbox altogether, and the statistics would be retrieved from the hard disk.

The transient nature of the sandbox makes it is easy to get rid of everything in it. If you were to throw away the sandbox, by deleting everything in it, the sandboxed statistics would be gone for good, as if they had never been there in the first place.

This works great when installing new applications that you aren’t sure you are going to keep. I needed to do some testing with several video ripping apps and installed each of them sandboxed. I tested four separate apps and decided to keep one. When I was done testing I simply deleted the sandboxes and reinstalled the app I liked using the normal process. This meant I didn’t have to worry about malware or dirty uninstalls leaving files on the disk or registry entries. Awesome.

As the excerpt above indicates you can also run apps you have already installed in a sandbox. This is particularly helpful when browsing the internet as any files typically written to your cache will be written to the sandbox instead. Want to try a new browser toolbar but don’t want to commit to it? Install the toolbar while the browser is sandboxed.

While reading through the Sandboxie forum one individual commented that they had installed Sandboxie in a Terminal Server environment sandboxing the browser. Prior to installing sandbox their AV/malware scanners were picking up 200-400 malicious attempts a week. Sandboxie reportedly reduced the number of malicious attempts to 6 and those were done outside the sandbox. Incredibly impressive.

There really isn’t any reason you shouldn’t install Sandboxie. Go get it now.

Tags:





Negotiating with Pirates?

1 07 2007

There was a nice post a few weeks ago around a story of a guy that wrote to a release group and asked nicely to have his software pulled from there distribution of cracked software. He was able to make the request because the email to the release group was in the cracked titles NFO. The story ends nicely with the RG agreeing to stop distributing the software. The whole conversation was very civilized.

It’s no surprise that this grassroots side of the pirating world exists where they seem to listen to and may actually care about the small time developer.

Where the conversation gets interesting, if not predictable, is in the comments to the post. The story had over a thousand diggs and has seen active commenting with the latest on June 26th.  The bickering back and forth about what should be pirated and when, under what circumstances and with what motivation is relentless, although entertaining.

At the end of the day it seems the software is still available in the torrent channels as someone posted in the comments. This doesn’t mean that the RG didn’t pull the software. It just means that once it is in the wild, well… it’s in the wild. Good luck stopping it.

How to stop warez pirates? Ask nicely.

Pirates aren’t evil? (this link points to the software developers posting of the NFO and conversation)





Interview with a phisher

9 05 2007

RSnake at ha.ckers.org has posted a bit of an interview he did with a phisher that goes by “lithium”.

The questions asked are very good and the answers are as well. A nice peek into the world of phishing based on one phishers experience.

I can’t say I found anything particularly surprising as most of my assumptions about the people that engage in this activity fit pretty well with the profile painted in the interview. Nonetheless it always sets me a bit sideways to hear how young some of them are when they start. It was also bothersome to hear how many people are using the same password for their email as they do for their social identities and how this can turn into a nice bit-o-cash for the phisher.

One last thing. “Lithium” refers to himself as 18 years young. I always associated the ‘years young’ reference with older people. Odd.

Phishing Social Networking Sites








Follow

Get every new post delivered to your Inbox.