Follow your Heart or your Head?

I don’t know how others think. But for me decision making was always simple and fast. “Just follow the heart“. I never cared to think if it was right or wrong. And I forbid myself from regretting my past decision or choices. This thumb rule made me take decisions which at times others thought crazy and outrageous, but always kept me happy.

I have done things like, Starting a company while in college with practically no idea what I was doing, completely neglecting studies (not part of the main plan but just was not there among priorities), Not trying to get a job like “others”, Spending a couple of years after college penniless on the craziest of ideas, Quitting a regular and somewhat satisfying job just to get back to the dream project and millionaire dreams. So as you see life had always been like a roller-coaster ride and I enjoyed it. To be frank this was never easy. But I was following my dreams and passion. And that was my fuel, my cushion on the bumpy ride.

As my responsibilities got bigger, I started getting scared of the risks and decided to have a balance of both, to “Follow the Heart and the Head”. But 3 months from the decision, I hate to say it, I regret Following the Head. My work was my passion and now it has become just my ration.

So… “Here I go again on my own
goin’ down the only road I’ve ever known.
Like a drifter I was born to walk alone.
An’ I’ve made up my mind, I ain’t wasting no more time….“

Stealing Passwords had never been easier

I have already written once on how web security has taken a back seat thanks to the ever growing popularity of social networking websites. Recently I saw a trend in Orkut where people are setting their homepage to some http://meu.powerscrap.com/…. I tried one of those links and saw a replica of the person’s orkut profile over there. I even saw my pic in the friends’ list. But if I try to click on any of the links, a pop-up window comes and asks for my Orkut username and password to continue. To my surprise, all the images were directly from orkut.com and the exact ones used in Orkut.

I did a little bit of googling looking for any connection between orkut and powerscrap. But it seemed like people are using the latter as an alternative to Orkut in places where it is blocked and were all praise for powerscrap. I believe this must be a trusted site. But someone can use this technique just to snatch you off your username and password too. The sad part is that people are so desperate to network and don’t think twice when asked for username or password.

I think this now leads to the simplest form of social engineering. If you have a website and some web programming knowledge you can just walk away with thousands (at least hundreds) of usernames and passwords. You dont need content or users or even a database . You can thrive on a popular website’s user-base and just enjoy the free passwords. As my title goes password hacking had never been easier.

1. Go buy a domain. Even a free sub-domain will do .
2. Write code to pull data from Orkut or a similar website.
3. Send messages to a few giving your url and telling them the ADVANTAGE of using your website.

You are done. In a few days you might be honored for stealing passwords!!

Social Networking and Web Security

Working on a professional networking website Skillda, I was always confronted with a question from my friends about a missing feature. In Skillda there is no option to import contacts from any of other networking sites or email account.

Almost all of us are familiar with the large number of automated invitations from the networking sites these days. Some of them even send mail repeatedly till you join the network. For doing this, these sites ask you to enter your username and password of a different website or email, then crawl through the website and get the contacts. This is exactly what concerns me. I just cannot believe how someone would entrust a third person with the username and password of their email account giving access to important documents like bank statements and other personal stuff. And that too just in exchange of the ease of importing your friends or contacts to a social networking site!!

I am wondering if the concept of web security has gone skewed over the years or is it that social networking boom is making people blind?