Saturday, August 29, 2009

Caller Location Info v 0.3 for WinMo

Licensed under

Here is the next version of my Caller Location Info app for Windows Mobile (for India).

Release-notes:
1. Includes a bunch of new additions to the mobile numbering. At least 250-300 new numbers added.
2. Includes 2 new service providers - Tata Docomo and Loop Mobile.
3. No changes to the STD list.
4. No bug fixes (no known bugs actually :D)

The installation instructions and other properties remain the same. See the earlier post for that.

Download the CAB installer.

Enjoy!

Thursday, August 27, 2009

Car tyre pressure for long drives

I recently went for a long drive (450kms) at a single stretch. I had the usual question of 'how much air pressure do I inflate in my car's tyres?'. This is the first time I was going all alone for such a long distance, so I decided to understand a bit more about air pressure and do the right thing.

In the Internet, there was no good summary of what is the right thing. I read a number of forums and articles, before I believed I understood. Let me explain a few basics of air pressure so you understand better. It is a well known fact these two external factors affect the tyre pressure:

1. Car's running time: If the car is on the move, the air pressure increases (possibly due to the collision between the air molecules, as they spin at a good speed). So it is generally advised not to fill up air after driving for quite some distance (>2km?) -- because by the time one reaches the petrol bunk the air pressure would have gone up by few psi's (a unit of measurement of tyre's air pressure). If there is no other means, then it is advised to leave the car at rest for appropriate amount of time before filling up air (this is mostly impractical). OR fill up few psi's (2?) more than what you intend, to account for the expansion.

2. Ambient temperature: This is straight forward. Air expands on heating -- thus the pressure inside the tyre is proportional to the temperature. So it is advised to fill up air in the morning or in the evening when the temperature has cooled down a bit. This is the right thing because, the recommended air pressure is always the "minimum" air pressure that is recommended for the tyres for that load. This is why the values change from car to car even if the tyre properties are the same. The maximum pressure a tyre can withstand is usually embossed on the tyre itself (usually in the range of 44 psi, in India).

Based on all these facts, during a long drive, it makes sense to expect the tyre pressure to increase heavily. As a result a common misconception is to fill up few psi's less than the recommended. Unfortunately, there is a logical explanation that supports the common misconception -- I had a similar opinion earlier. However it turns out that this is "wrong". At reduced air pressure, the area of the tread that is in contact with the road increases -- this gives better comfort, but poorer handling of the vehicle. Due to the increase in the area of contact, the heat generated at the tread increases -- at a long run, this leads to a faster wear and tear of the tyre tread and poor control. An already worn out tyre might even burst at high speeds -- not to mention what happens to the driver.

To add to it, when I reached home (after 450kms) and measured my tyre pressure again (if you don't have a tool, get one for long drives), 2 psi had vanished from all my tyres!!! Now, this also means that on a long drive, due to the pressure on tyre (bumps and jumps), the air had also leaked gradually (all 4 tyres of mine are brand new and also have nozzle caps, nothing to suspect on the tyres). Watch out, so you don't go below the recommended pressure mid way of your drive.

Usually the recommended air pressure is much lesser than the max pressure the tyre can withstand (for eg., for my car, the max tyre pressure is 44 psi, and the recommended is around 30 psi) -- so on a long drive it is advised to inflate the tyre to a few psi's more than the recommended, for the reasons mentioned above. I had inflated to 34 psi for this drive.

Understand, inflate and have a safe drive!!

Disclaimer: That said, I am not responsible if there is any unexpected event due to the increased pressure. Use your own conscience to validate the info above.

Wednesday, August 12, 2009

Dangerous Windows Explorer options

If you are a Windows user and in Windows Explorer if you do not have the file extensions visible (option: Hide file extensions for known types) and also have the habit of viewing the files in any mode other than 'details' mode (Thumbnails, Tiles, Icons, List), then you need to be definitely be aware of this vulnerability awaiting you.

Last week, I plugged in one of my pen drives into my friends comp and noticed that there was an extra folder (in the name 'New Folder'). I was sure I didn't create that, but was just curios as to how it got created. The apparent reaction was to click on the folder to see what files it has. I click on it, but nothing happens, the folder doesn't open. This is when I realized the possible trap.

After analysing, it turned out that my friend's comp was already infected with a virus; and I guess the virus automatically copies itself to any removable media attached to the comp. It spreads itself onto removable drives and creates autorun.inf to get control on the next comp where the pen drive is inserted (as explained by my earlier post). When that explains why the 'new folder' was created, it was still unclear as to what was inside it. Later, I figured out that, that Windows Explorer was configured (by default) to not show file extensions, and that the view mode was also tiles mode -- so some otherwise-apparent things have gone missing and before we could realize, the damage is done. It turned out that, the 'New Folder' was not a folder/directory, but an application with the application icon set exactly the same as a normal Windows Folder icon. See it for yourself.



In this scenario, MyFolder is an application, while MyFolder2 is a real folder -- Can you spot any difference?? Absolutely not. An immediate reaction for anyone would be to open the new folder, but end up executing the application!! This is a real danger.

Then I disabled the 'Hide extensions for known filetypes' and changed the view to details mode; Now you should spot the difference:



The application in the picture was created by me on my dev setup for testing; it is totally harmless. Apparently when any application has its icon set the same as 'Windows Folder', McAfee jumps in and tags it as a 'W32/Generic.worm.b' virus. Even my test application was caught promptly -- not bad.

So please be aware of this and think twice before clicking on anything from a removable drive (even if it is a folder). If the computer was not infected earlier, all it requires is a click to get infected (and as I had mentioned in my previous post, do not let autorun kick in anytime you insert a removable drive). It is a good practice to show the extensions all the time (unfortunately, Windows Explorer hides it by default :( ). The other good practice is to create 'system restore points' regularly, so you can get back to a clean state if required (this shall not be 100% effective for all cases).

Wednesday, August 05, 2009

Spam or not?

Whenever I receive any "interesting" spam, I have the habit of investigating and tracking down the sender and trying to analyze the motivation of the sender. This email caught my attention in the same way.

See the email for yourself.



Yes, that is all it had. My initial reaction was that, the hacker sender was a amateur so he didn't know how to make the mail look legitimate -- but not for so long, when I discover that this email was totally legitimate and was indeed sent by Standard Chartered Bank - SCB (Unless!! : read the epilogue of this post).

Ok, let's go through the email. The email is poorly formatted (maybe spam?). The only useful content is the 'Click here' link and it points to something like http://pop4.mailserv.in/sc/lt.php?id= eh8IBgAGA19XRAwETAA6XweWkKK (more and more like spam). I clicked on this link, and I was taken to a page that looked exactly like SCB's site; it didn't take me long, before I figured out that the page was actually the real SCB inet banking login page, and not a fake one!! I verified the SSL certificates and they are valid, trusted and belong to SCB (Thanks to the further confirmation from Firefox that it said I had visited this site more than 100 times earlier -- 100 is just an illustration, don't try to guess anything). At this point, I had no answer. If that was a spam, why would I be redirected to the bank's page; and if it was not a spam, why would a bank send such a suspicious email and redirect to a login page through a third-part link??!!! Instead of speculating, I thought I would analyze the technical aspects of this email first.

Given that the link didn't point directly to the bank's site (but to mailserv.in), I first verified if sc.com (see the from address of the email) belongs to SCB. It turned out that sc.com is legitimate and registered against SCB's head office in Hong Kong. Now that sc.com is valid, I verified the email headers to check if the email was indeed sent from 'sc.com' domain. The email had come from an MX from cleanmail.in and the return path is to sc.mailserv.in. Now, it makes sense why the link was pointing back to mailserv.in. At this moment, I thought it was a spam originating from mailserv.in. But when I digged out more details, I was shocked. mailserv.in belongs to a legitimate email service provider registered in Mumbai. When I went through their customer lists, I started to believe that this email is legitimate -- all of its customers are well known institutions in India including a handful of banks (Interestingly, SCB is not listed as one of them). But a list of customers of this grade, made me believe that an email from mailserv.in would not be a spam.

One last thing I still wanted was, to take a look at how the redirection from pop4.mailserv.in to SCB's inetbanking site happens -- just to ensure if there is any injection of any XSS stuff. I did a wget on the given URL, pop4.mailserv.in just returns an HTTP error code 302 (meaning Moved Temporarily) and redirects to the SCB's legitimate page. This was a clean redirection and this solves the last question, and the sender has no "hacking" benefit out of this.

After all this, I finally believed that this mail was legitimate and not a spam. I am really depressed with the kind of security implications that such an email would cause. If a legitimate institution can send a spam-like email, why wouldn't it be easy for a spammer to send a legitimate-like email and deceive the user??!!

I still "wish" this to be a spam (I just can't believe a bank would do this!!); If it was a spam, the only benefit for the sender that I can "speculate" is: Maybe the sender is tracking the number of users who actually click on this link and navigate. Maybe the sender would send a number of such legitimate messages, and then suddenly a phishing email, so the user doesn't realize the difference and gets trapped. I can't think of anything else.

Any other thoughts?

If you enjoyed reading this analysis, you might also be interested in my analysis of another interesting spam I received.

Disclaimer: I've no confirmation from SCB that it is legitimate email. So it could still be a spam. Use your own conscience and decide it for yourself.