Thursday, November 12, 2009

Concerned about your data privacy? Enable Bitlocker on Windows Vista/Windows 7

With the ever increasing demand for privacy, it is no wonder that Microsoft has packaged some encryption tools with its latest release of operating system. BitLocker and BitLocker ToGo, are available only in Windows Vista Ultimate, Windows Vista Enterprise, Windows 7 Ultimate and Windows 7 Enterprise.

I remember reading an article online during the first few days when Windows 7 RC had come out. One of the bloggers had commented that while installing Windows 7, he noticed a hidden partition being created, and couldnt figure out why it was there, and he recommended deleting it and absorbing the free space into the system drive using some partitioning tools. I now realise that the reason why there is a hidden unused partition, is so that your computer can boot up if you use BitLocker to encrypt your system drive.

BitLocker allows you to encrypt the whole volume, not a specific file, like you could with Encrypted File System (EFS). If your computer has a Trusted Platform Module (TPM) chip, you could use it to store the encryption keys, else you can use a flash disk. This however, would be requested everytime you reboot your computer. The encryption/decryption happens seemlessly by the Operating System, so the user doesnt need to do much in regards to that.

BitLocker To Go, is a new feature, added to Windows 7 by default, that allows you to encrypt your external drives.

Please do note that if you do not own the high end version of Windows Vista or Windows 7, you can still enjoy the privacy of BitLocker and BitLocker To Go. You can use the free tool Truecrypt.

You can get more details about BitLocker and BitLocker To Go from this Microsoft published Walkthrough .

Till the next time ..

Monday, November 9, 2009

Combating Spam - My personal approach to it

Gone are the days when you could surf to a website, click on a download link, and have the download start instantly. Nowadays more and more sites are resorting to asking you for your email address, to which they send a link to the file that you are wanting to download. Even though the site states that your email address will not be used for spamming by them or by any of their partners, you start receiving more junk email after a few days. Sounds familiar? Well believe it or not, email harvesting is a very promising business in the underwground community.

One of the ways you could circumvent the above is by creating some disposable email addresses, those that you only use to download software. This could be as easy as signing up for a free gmail,yahoo or msn account. The only downside to this is that you will have to login to those addresses to retrieve the links that are sent to you.

Another approach is using the following technique. Most of the web based email accounts give you disposable addresses by default. Yahoo gives you disposable addresses on their premium accounts. I personally use gmail and if you were to read the help section on it, you will find out that it also gives you disposable email addresses.

Lets say your email address is john.doe@gmail.com. Now if someone sends you an email at john.doe@gmail.com, you will receive it in your inbox (trivial). Now the funky part that you dont get told off hand is that any email sent to the address john.doe+{blurb}@gmail.com (you have to have + in the address) will also get directed to your inbox. So for instance, if someone sends an email to john.doe+tuesday@gmail.com, this will get delivered to john.doe@gmail.com inbox. So now when you go to download something off a website, and they require you to enter your email address so that they can send you the link to the file, just enter the email address in the above format (i generally append the site name, so that I can track where the spam is coming from). Some sites are smarter and do not allow you to have a + in the email address, but almost 80% of the ones that I have tried, take it as a genuine email address.

The next step will be to create a filter in gmail, that uses the To: address as the filter condition. In this, add the disposable email address that you had given to the website, and in the actions, select delete. Activate this filter after you have received the download url (or you could suspend the rule for a few days and monitor the amount of spam you receive from the website).

You can use this technique to create disposable email addresses out of your personal gmail address. Also, you can use it evaluate how "trustworthy" the website you gave your email address to is.

Have fun.