About Message Digest 5 Hash and its Usage

 

In this post, I will discuss about one of the interesting cryptographic algorithm called MD5 in a very simple and easy to follow manner. In addition to understanding what is MD5 hash, you will also learn how to make use of this algorithm in your daily life.

What is MD5 algorithm?

MD5 which stands for Message Digest algorithm 5 is a widely used cryptographic hash function that was invented by Ronald Rivest in 1991. The idea behind this algorithm is to take up a random data (text or binary) as an input and generate a fixed size “hash value” as the output. The input data can be of any size or length, but the output “hash value” size is always fixed. Here is an example of MD5 Hash function at work:

As you can see from the above example, whatever the input size you give, the algorithm generates a fixed size (32 digit hex) MD5 hash. You can even try this on your own using the MD5 hash generator tool here.

Applications of MD5 Hash:

Before I tell you about how to use MD5, I would like to share one of my recent experience which made me start using MD5 algorithm.

Recently I made some significant changes and updates to my website and as obvious, I generated a complete backup of the site on my server. I downloaded this backup onto my PC and deleted the original one on the server. But after a few days something went wrong and I wanted to restore the backup that I downloaded. When I tried to restore the backup, I was shocked! The backup file that I used to restore was corrupted.

That means, the backup file that I downloaded onto my PC wasn’t exactly the one that was on my server. The reason is that there occurred some data loss during the download process. Yes, this data loss can happen often when a file is downloaded from the Internet. The file can be corrupted due to any of the following reasons:

• Data loss during the download process, due to instability in the Internet connection/server.
• The file can be tampered due to virus infections or
• Due to Hacker attacks.

So, whenever you download any valuable data from the Internet, it is completely necessary that you check the integrity of the downloaded file. That is, you need to ensure that the downloaded file is exactly the same as that of the original one. In this scenario, the MD5 hash can become handy. All you have to do is generate MD5 hash (or MD5 check-sum) for the intended file on your server.

After you download the file onto your PC, again generate MD5 hash for the downloaded file. Compare these two hashes and if they match, that means the file is downloaded perfectly without any data loss.

A MD5 hash is nothing but a 32 digit hexadecimal number which can be something as follows:

A Sample MD5 Hash

e4d909c290d0fb1ca068ffaddf22cbd0

This hash is unique for every file irrespective of its size and type. For example, two different executable files (.exe files) with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file. The same thing applies even for messages where each message that was sent and received can be verified using the MD5 hash.

How to use MD5 Hash to check the Integrity of Files?

Suppose you have a file called backup.tar on your server. Before you download, you need to generate MD5 hash for this file on your server. To do so use the following command:
For UNIX:

md5sum backup.tar

When you hit ENTER you’ll see something as follows:

e4d909c290d0fb1ca068ffaddf22cbd0

This is the MD5 hash for the file backup.tar. After you download this file onto your PC, you can cross check its integrity by again re-generating MD5 hash for the downloaded file. If both the hash matches then it means that the file is perfect. Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded file on your Windows PC use the following freeware tool:

MD5 Summer

I hope you like this post. For further doubts and clarifications, please pass your comments. Cheers!

Working of Windows Product Activation

 

Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of its Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well.

WPA enforces each end user to activate his/her copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.

In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.

Why activation?

Microsoft’s intention behind the activation is to limit the usage of its Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Hence, WPA demands for activation of the product within 30 days of its installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus, if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows, you are transmitting an Installation ID code to Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done through a telephone, the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.

1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.

2. Hardware ID – This value is derived based on the hardware configuration of your computer.

The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:

• Display Adapter
• SCSI Adapter
• IDE Adapter (effectively the motherboard)
• Network Adapter (NIC) and its MAC Address
• RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
• Processor Type
• Processor Serial Number
• Hard Drive Device
• Hard Drive Volume Serial Number (VSN)
• CD-ROM / CD-RW / DVD-ROM

Thus, the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So, after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.

The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If so, the Installation ID is instantly validated and the corresponding Activation ID is issued which completes the activation process.

However, Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a counterfeit copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:

During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If so, then it looks to see the Hardware ID associated with it. The computer running a counterfeit copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.

Therefore, for a successful activation, either of the following two cases must be satisfied:

1. The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
2. If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and the Windows is re-installed, it needs to be re-activated. However, the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case, both the product key and the Hardware ID will match and hence the activation becomes successful.

What if I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do:

• WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
• If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
• WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
• WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.

I have tried my best to uncover the secret behind the WPA. For further details and more technical information you can read the actual paper by Fully Licensed GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt. I hope you like this post. Pass your comments.

Creating a CON Folder in Windows

 

Have you ever tried to create a CON folder or any folder with names such as “con”, “prn”, “nul” “com1″ “com2″ “lpt1″ etc. but failed? Is it impossible to create folders with such names in windows?

Well, the answer is NO and YES!

NO because, when create a new folder and try to rename it to any one of the above specified names, you know what happens! In Windows XP the folder name automatically changes back to “New Folder” no matter you try to renaming it any number of times. Where as in case of Windows Vista and Windows 7, when you try to rename the file you get an error message saying “The specified device name is invalid”.

What is the reason behind this? Simple, these names represent the internal devices of the operating system and hence we cannot create folders with the above names.

YES because it is still possible to create these folders using some simple methods as explained below:

1. Using the Command Prompt:

Here is a step-by-step procedure to create the “con” folder using the command prompt:

1. Go to the command prompt:
2. Type in the command prompt (For ex. To create a folder in the E: drive by name: “CON”)
   C:\>md \\.\e:\con
   
   NOTE: “con” can be replaced by any other names such as “prn”, “nul” “com1″ “com2″ “lpt1″ etc.
3. In case if you wish to delete the folder, use the following command:
   C:\>rd \\.\e:\con
   

NOTE: This folder can only be deleted from the command prompt. You cannot remove it by right-click delete.

2. Using ALT Key and Numeric Keypad:

You can also use the Alt key and the Numeric keypad to accomplish the same job in a much easier way. Here is how you can do it:

1. Create a New folder (Right-click -> New -> Folder)
2. Once the new folder is created, right-click on it and select the option “Rename”.
3. Hold down the ALT key and type 0160 from the numeric keypad (ALT+0160) and release the ALT key.
4. Now, the folder name should go blank so that you can type any name of your choice such as “con”, “prn” “nul” etc. and press Enter. That’s it, you’re done!

C

C Program Without a Main Function

 

Have you ever wondered how to write a C program without a main function? Can a C program execute with a main function? Is it possible to do that?

Well, the answer is YES! There can be a C program without a main function. Here is the source code of the program without a main function:

#include<stdio.h> #define decode(s,t,u,m,p,e,d) m##s##u##t #define begin decode(a,n,i,m,a,t,e) int begin() { printf(” hello “); }

The above program runs perfectly fine even without a main function. But how? What’s the logic behind it? How can we have a C program working without a main function. Read on to find out the answer…

Here, we are using a preprocessor directive called #define with arguments to give an impression that the program runs without the main function. However, in reality it runs with a hidden main function in it.

NOTE: A Preprocessor is program which processes the source code before compilation.

The ‘##‘ operator is called the token pasting or token merging operator. That is, we can merge two or more characters with it. Now, look at the 2nd line of program:

#define decode(s,t,u,m,p,e,d) m##s##u##t

What is the preprocessor doing here? The macro decode(s,t,u,m,p,e,d) is being expanded as “msut” (The ## operator merges m, s, u and t into msut). The logic is, when you pass (s,t,u,m,p,e,d) as argument it merges the 4th, 1st, 3rd and the 2nd characters (tokens).

Now, look at the third line of the program:

#define begin decode(a,n,i,m,a,t,e)

Here the preprocessor replaces the macro “begin” with the expansion decode(a,n,i,m,a,t,e). According to the macro definition in the previous line, the argument must be expanded so that the 4th, 1st, 3rd and the 2nd characters must be merged. In the argument (a,n,i,m,a,t,e) 4th, 1st, 3rd and the 2nd characters are ‘m’, ‘a’, ‘i’ and ‘n’.

So the third line “int begin” is replaced by “int main” by the preprocessor before the program is passed on to the compiler. That’s it.

The bottom line is that, there can never exist a C program without a main function. Here, we are just playing a gimmick that makes us believe that the program runs without the main, but there actually exists a hidden main function in the program. Here, we are using the proprocessor directive to intelligently replace the word “begin” by “main”. In simple words: int begin = int main.

Working of Antivirus Software

 

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer.

Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well, if you are one among those few who would really bother to understand how antivirus works, then this article is for you.

How Antivirus Works:

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in its database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within its database and compares the same with the current file. If the piece of code within the file matches with the one in its dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on its potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence, the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware.

Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.

Issues of Concern:

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However, most of the threats are identified after a day or two of its release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released every day, it is most essential to update the antivirus software so that the virus definitions are kept up-to-date. Most software will have an auto-update feature so that, the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user awareness is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article has helped you understand the working of an antivirus software.

Working of Domain Name System (DNS)

In the world of Internet and the area of computer networks, you will often come across the term Domain Name System or Domain Name Service which is simply referred to as DNS. The working of DNS forms one of the basic concepts of computer networks whose understanding is very much essential especially if you are planning to get into the field of ethical hacking or network security.

In this post, I will try to explain how Domain Name System works in a very simple and easy to follow manner so that even the readers who do not have any prior knowledge of computer networks should be able to understand the concept.

What is a Domain Name System?

A “Domain Name System” or “Domain Name Service” is a computer network protocol whose job is to map a user friendly domain name such as “Gohacking.com” to its corresponding IP address like “173.245.61.120″.

Every computer on the Internet, be it a web server, home computer or any other network device has a unique IP address allotted to it. This IP address is used to establish connections between the server and the client in order to initiate the transfer of data. Whether you are trying to access a website or sending an email, the DNS plays a very important role here.

For example, when you type “www.google.com” on your browser’s address bar, your computer will make use of the DNS server to fetch the IP address of Google’s server that is “74.125.236.37″. After obtaining the IP address, your computer will then establish a connection with the server only after which you see the Google’s home page loading on your browser. The whole process is called DNS Resolution.

With millions of websites on the Internet, it is impossible for people to remember the IP address of every website in order to access it. Therefore, the concept of domain name was introduced so that every website can be identified by its unique name which makes it easy for people to remember. However, the IP address is still used as the base for internal communication by network devices. This is where the DNS comes in to action that works by resolving the user friendly domain name to its corresponding machine friendly IP address.

In simple words, domain names are for humans while IP addresses are for network devices. The “Domain Name System” is a protocol to establish a link between the two. Hence, it is not a surprise that you can even load a website by directly typing its IP address instead of the domain name in the browser’s address bar (give it a try)!

Types of DNS Servers and their Role:

The Domain Name System (DNS) is a distributed database that resides on multiple computers on the Internet in a hierarchical manner. They include the following types:

Root Name Servers:

The root servers represent the top level of the DNS hierarchy. These are the DNS servers that contain the complete database of domain names and their corresponding IP addresses. Currently, there are 13 root servers distributed globally which are named using the letters A,B,C and so on up to M.

Local Name Servers:

Local servers represent the most lower level DNS servers that are owned and maintained by many business organizations and Internet Service providers (ISPs). These local servers are able to resolve frequently used domain names into their corresponding IP addresses by caching the recent information. This cache is updated and refreshed on a regular basis.

How DNS Server Works?

Whenever you type a URL such as “http://www.gohacking.com” on your browser’s address bar, your computer will send a request to the local name server to resolve the domain name into its corresponding IP address. This request is often referred to as a DNS query. The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

In rare cases where none of the lower level DNS servers contain the record for a given domain name, the DNS query eventually reaches one of the root name server to obtain the response.

FAQs about Domain Name System:

Here is a list of some of the FAQs about DNS:

How does a “root name server” obtain the information about new domains?

Whenever a new domain name is created or an existing one is updated, it is the responsibility of the domain registrar to publish the details and register it with the root name server. Only after this, the information can move down the DNS hierarchy and get updated on the lower level DNS servers.

What is DNS propagation?

Whenever a new domain name is registered or an existing one is updated, the information about the domain must get updated on all the major DNS servers so that the domain can be reached from all parts of the globe. This is called DNS propagation and the whole process can take anywhere from 24 to 72 hours to get completed.

How often the DNS servers are updated to refresh the cache?

There is no specific rule that defines the rate at which DNS servers should be updated. It usually depends on the organization such as the ISP that maintains the server. Most DNS servers are updated on an hourly basis while some may update their databases on a daily basis.

I hope you have now understood the working of DNS in a very convincing manner. Pass your comments and share your opinion.

Tips to Find Unauthorized Activity on Your Email Account

 

Do you suspect that your email account is under attack? Do you want to maintain the security of your email account and make it 100 percent hack proof? Well, Some times our email account might have got hacked and we may not be aware of that. We may believe that our email account is safe, but in reality our private and confidential information may be falling into the hands of a third person.

In this post, I will you will find information on how to find unauthorized activity on your email account if any and how to stop them.

Signs of Unauthorized Activity on an Email Account:

1. Your new emails are marked as Read even if you’ve not read them.
2. Your emails are moved to Trash or even permanently deleted without your notice.
3. Your emails are being forwarded to a third party email address (check your settings-> forwarding).
4. Your secondary email address or mobile number is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

Additional Security Features in Gmail:

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you log in to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then there are chances of unauthorized activity.

Steps to Stop the Unauthorized Activity:

If you feel/suspect that your account is hacked, then you must immediately take the actions mentioned below:

1. Change your Password
2. Change your security question.
3. Remove any third party email address (if any) to which your account is set to forward emails.
4. Make sure that you can access the email account of your secondary email address.
5. Also change your secondary email password and security question.

This ensures that your account is safe from future attacks. But I strongly recommend that you read my other post on How to protect your email account? I hope you liked this post. Please pass your comments.

Working of Email Spam Filters

 

If you are the one who works with emails on a daily basis, you are most likely to be using a SPAM FILTER to ease the job of sifting through a large number of spam emails every day.

Needless to say that spam filters do make our job a lot simpler by automatically filtering out the spam without which, it is almost impossible to manually filter the junk emails that arrive in millions each day. However, it is often necessary to have a basic knowledge of how spam filters actually work and on what basis they flag an email as spam.

How do Spam Filters Work?

There are different kinds of spam filters:

Header Spam Filters:

Header spam filters work by examining the header information of a particular email message to check if it appears to have been forged. The header of every email contains information which tells the origin of the email. ie: The incoming email ID and usually the IP address (server address) of the sender. So, spammers often forge the header to input a false sender ID and IP address so as to make it difficult to trace them.

Thus, if an email is supposed to have a forged header or if the same message is found to have been sent to multiple recipients, it is most likely considered as a spam by many filters. This method of spam filtering is often quite effective, however, occasionally it may result in some of the requested newsletters from being misdirected into the spam folders.

Content Spam Filters:

Content spam filter is one of the most effective and widely used filter to combat spam emails. They use a sophisticated algorithm with a set of pre-defined rules to determine whether a given email is a spam. They work by scanning the entire text/body of the email to search for specific words and patterns that make them resemble a typical spam message. Most content spam filters work based on the following criteria and check to see:

1. If the message speaks a lot about money matter. Commonly suspected words include: lottery, discount, offer, bank account, money back guarantee etc.
2. If the message contains adult terms like: viagra, pills, bed, drugs, hot and so on.
3. If there is any sort of urgency. Most spam emails call for an urgency by using terms such as hurry, offer valid till etc.
4. If the message contains a single large image with little or no text, it is often considered as spam by many filters.

Each content spam filter may have its own set of additional rules using which it evaluates each incoming email. In most cases, content and header spam filters are combined together to achieve higher level of accuracy.

Language Spam Filters:

Language spam filter is designed to simply filter out any email that is not in the user’s native language. Since spammers come from all parts of the world with different languages, a language spam filter can help get rid of those annoying emails that come in the languages that you cannot read!

User Defined Spam Filters:

User defined spam filters can be very handy, however they need a considerable amount of time investment in configuring and setting up a set the rules using which the filter works.

For example, the user can configure to have all the emails from friends and company to reach the inbox, newsletters to reach a secondary inbox and all those remaining to the spam folder. Here the user must carefully examine the patterns of spam emails that he receives from time to time and needs to set up the rules accordingly. This filter when improperly configured can sometime lead to false positives or false negatives.

Other Types of Spam Filters:

Popular webmail services like Gmail, Yahoo and Hotmail combine both header and content spam filtering techniques. In addition to this they also use their own algorithms to combat spam.

For example, services like Gmail uses “optical text recognition” to identify spammy text inside an image. Also, the users are provided with an option to “Report Spam” whenever a spam email accidentally reaches the inbox. With the user feedback, the filter learns and becomes more powerful in carrying out the filtering process.

Advantages of Using BCC While Sending an Email

 

Almost every user on the Internet sends and receives hundreds of emails on a regular basis. However, only a handful of them know what is BCC and what are the advantages of using BCC while sending an email.

If you are one such Internet user who is unaware of what BCC is all about, then this is the post that you should definitely read!

What is BCC?

BCC stands Blind Carbon Copy. It refers to the practice of sending an email to multiple recipients without disclosing the individual emails addresses.

While sending the same email/message to multiple recipients, it is a common practice for most users to separate the email addresses by using comma or semi-colon and insert all those recipient addresses in the To: filed. When emails are sent in this way, each receiver is able to see the complete list of all the recipient email addresses to which the same message if being sent to.

Unlike the To: field, the BCC: option on the other hand allows you to hide the recipients in email messages. In other words, when emails are sent using BCC:,  the receiver will not be able to see the list of recipient email addresses. Thus, using BCC is a smart way to protect the privacy of the recipients.

Why should you use BCC?

Here are the reasons for using the BCC option:

Risk of Spammers: In order to avoid the risk of spammers, it is necessary that you encourage people/friends to use BCC: while forwarding any message to you. This prevents your email address from appearing in other person’s inbox thereby keeping yourself less exposed to spammers. 

While forwarding email messages, people often do not bother to remove the list of previous recipients.  As a result, messages that are repeatedly sent to many recipients may contain a long lists of email addresses. This makes it easy for the spammers to collect and target those email IDs for spamming.

Protect the Privacy: BCC provides an easy and simple option for protecting the privacy of your recipients. Under many circumstances it is necessary for us to send an email without letting the recipients know who else is receiving the same message. Also, it is highly recommended that you use the BCC: option while forwarding a joke or a funny email to a list of your friends. If you are sending email on behalf of a business or organization, it may be especially important to keep the list of clients, members, or associates confidential. So, don’t forget to use BCC: option in those instances wherever privacy matters.

How to BCC an email message?

Most email clients provide the BCC: option under a few lines below the To: field. All you have to do is just enter the list of recipients in the BCC: field instead of entering the same in the To: field. You may leave the To: field blank or enter your own email address. Once you do this, just hit the Send button.

The moral is that you should use BCC: while sending bulk messages so as to protect the privacy of your recipients.

How Firewalls Work

 

If you have been using Internet on a regular basis or working in a large company and surf the Internet while you are at work, you must have surely come across the term firewall.

You might have also heard of people saying “firewalls protect their computer from web attacks and hackers” or “a certain website has been blocked by firewall in their work place”. If you have ever wondered to know what exactly is this firewall and how it works, here we go. In this post I will try to explain “How firewalls work” in layman’s terms.

How Firewalls Work?

Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while denying others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules that are most suitable under normal circumstances so that, the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users for use on their personal computers.  However, large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs.

For example, a company may set up different firewall rules for FTP servers, Telnet servers and Web servers. In addition, the company can even control how the employees connect to the Internet by blocking access to certain websites or restricting the transfer of files to other networks. Thus, in addition to security, a firewall can give the company a tremendous control over how people use the network.

Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:

1. Packet Filtering: In this method, packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. If the packet manages to make it through these filters then it is allowed to reach the destination; otherwise it is discarded.
2. Stateful Inspection: This is a newer method that doesn’t analyze the contents of the packets. Instead, it compares certain key aspects of each packet to a database of trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a reasonable match, then the packets are allowed to travel further. Otherwise they are discarded.

Firewall Configuration:

Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:

1. IP addresses: In any case, if an IP address outside the network is said to be unfavorable, then it is possible to set  filter to block all the traffic to and from that IP address. For example, if a certain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall.
2. Domain names: Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.
3. Ports/Protocols: Every service running on a server is made available to the Internet using numbered ports, one for each service. In simple words, ports can be compared to virtual doors of the server through which services are made available.
   For example, if a server is running a Web (HTTP) service then it will be typically available on port 80. In order to avail this service, the client needs to connect to the server via port 80. Similarly, different services such as Telnet (Port 23), FTP (port 21) and SMTP (port 25) services may be running on the server.
   If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.
4. Specific words or phrases: A firewall can be configured to filter one or more specific words or phrases so that, both the incoming and outgoing packets are scanned for the words in the filter.
   For example, you may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs. Software Firewall:

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority. The software firewalls on the other hand are less expensive and hence preferred in home computers and laptops.

Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

Why Firewall?

Firewalls provide security over a number of online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules.

However, major threats such as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the damage to the server. Even though firewall is not a complete answer to online threats, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent.