Blogger I.Q.

Blogger and WordPress Tips

Blog entries

Informative blog articles from Blogger IQ

How to clear your clipboard using Command Prompt

by Leave a Comment

Admit it – sometimes you wish Windows offered an easy way to do this – clearing the clipboard after copying a piece of text!

Well, here is a way to do that using a tiny piece of code. Just copy the code given below and follow the steps given to create your own small software to clear your clipboard.

C:WindowsSystem32cmd.exe /c “echo off | clip”

Steps:

  1. Right click on the desktop.
  2. Select New > Shortcut
  3. Paste the code copied above. Save and exit.

You now have a shortcut which when double clicked clears your clipboard in a whoosh!!

How to charge your iPod or iPad or iPhone with USB using your computer

by Leave a Comment

Life without technology is only for few and for the rest of us, a little disruption in it causes havoc!

Being in the technology driven world, most of us have atleast one iPod (old or new doesn’t matter), or an iPhone or iPad. One of these iProducts might be lying at our home – at least for most of us who are Apple fans. That being said, there will be times when we do not want to always plug it in to the wall socket to charge the iDevice. But when we sync or transfer content to and from an iDevice to our Windows computer how better the world would be if that time is also used to charge our iDevice!

That’s where our protagonist of this story enters our world – ASUS Ai charger


What this tiny software does is simple:- 
  • Install the software available from their website here.
  • Just connect your iDevice.
  • It starts charging.


Yes! That was indeed silly to list them down – however that’s all it is to it to charge your iDevice using your Windows computer. 
Note: for Mac, it automatically charges – without any need of a third party software installation, as you might already know.
Know of any other software that does the job better than ASUS Ai Charger? Please let us know by writing in your comments below.

Written by Arun Sarathy

Matt Cutts Videos – a shortcut to all of Matt’s videos

by 3 Comments

Matt Cutts, (bio) the head of the web spam team at Google has provided a number of videos talking about SEO, blogging best practices and answering questions from bloggers worldwide. His videos are not only informative but are very short and precise.
 

That being said, what if you still want to lessen the time spent – instead of watching all his videos how would you feel if there is a Summarized Solution given for every question asked in the Google Webmaster videos series? Awesome, right? That’s how even I felt when I came across this website which is aptly named as:-

The Short Cutts. The Short Answers to every Matt Cutts Video

This website provides a simple, sweet, precise answer to all the questions asked to Matt Cutts by humans worldwide. The website is a simple one which you’ll definitely find useful, if you are a regular follower of the Google Webmaster Videos YouTube Channel.

The website also offers four guides as freely downloadable after we sign up on their contact form page. Though, I wouldn’t sign up unless I really want to read their guides – they are useful but I chose I would pass them for the time-being and revisit them later.

One funny feature about the website is that they provide different colored T-Shirt pictures which when clicked filters the webmaster videos that has Matt Cutts wearing that colored T-Shirt which was clicked!

Give it a try and please let me know your comments below if you found this useful.

How to map a Network Drive within My Computer in Windows 7

by Leave a Comment

A quick setting to map your local folder/network drive

Let’s say you have a frequently used folder in your Windows PC or Laptop which you open frequently.

 

There are 3 traditional options which I’ve used so far to get to my frequently used folders:

 

  • First I go to my folder – right click on it – and ‘Send To Desktop (Create Shortcut)’Or
  • I copy the full path of my folder, keep it in ‘Run’ utility command box and open it from there. Or
  • Add it to my favorite folders inside an Explorer window.

Though all of the above works equally well, here is a geeky way to get this job done, using the Command Prompt Window. Using this trick you can assign an unused drive letter to your frequently used folder, making it an entry within your ‘My Computer’. I guess this stays inside My Computer until you logoff or shut down your computer.

Example:
Let’s say you want to have a folder called ‘Source’ within your C drive, assigned to a drive letter called ‘Q’.
Open Command Prompt Window. (Type CMD in Run command window) (Win key + R to open your Run command) and type the following command:
SUBST Q: “C:SOURCE”
 
That’s it. Now you will have a folder added within My Computer window like this one:
How to remove the drive letter assignment:
If you want to remove that folder from the assigned drive letter then simply type in this command:
SUBST Q:   /D
 

Hit enter to free your drive letter assignment within My Computer.

How to map a network drive in Windows 7

  1. Open Computer by clicking the Start button – click on Computer.
  2. Click the Tools menu, and then click Map Network Drive.
  3. In the drive list, click a drive letter which is unused so far.
  4. In the Folder box, type the path of the folder or computer you want to map or click Browse to find the folder or computer.
  5. Click Finish.

Find this tip useful? Please let me know your comments below.

13 Questions To Understand The Bug “Heartbleed” Better – A Definitive Guide To Know What Exactly Is The Heartbleed Bug In OpenSSL

by Leave a Comment


What is Heartbleed?

It is one of the most wide spread vulnerabilities in internet.

This is one of the biggest flaws today’s internet has faced. The core of heartbleed is encryption and encryption standards used in the design of HTTPS. SSL and TSL – Security Sockets Layers and Transport Security Layer. These toolkits are commonly known as OpenSSL – toolkits to frame cryptography. A flaw in this toolkit is called Heartbleed – something which the human user nor the server side platforms have any clue that a security flaw exists – which can be taken advantage of by anyone.

heartbleed thekeyponderer


When was this discovered?

Around Monday, the 8th of April, 2014. Severe implications for the entire web community were foreseen. This bug can leak sensitive user information and personally identifiable information like usernames, passwords, SSNs, credit card numbers, bank account details and transactions. This bug has been in place since 2011. And all this bug does is compromise 64K of information from a piece of the storage. That’s well enough to steal sufficient user personal information – more importantly that’s also enough to get a private key and decrypt that to find the rest of the information.

Who found the bug first?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team (source:heartbleed.com). While this is not essentially a bug but a simple programming error that led to Heartbleed, Neel Mehta from the Google research community needs a big thanks for another reason – he also donated a $15,000 bounty he received as an award for discovering this bug to the Freedom of the Press Foundation’s campaign for development of better encryption tools. According to LATimes, “Both teams found that OpenSSL, an open-sourced security encryption program used by 66% of Internet servers, had a flaw that would allow any hacker using a simple script to gain access to a treasure trove of personal information”.

Who is responsible for this Heartbleed bug?

According to the Guardian, the programmer behind this code glitch was Robin Seggelmann who worked on the OpenSSL project for the Heartbeat extension. This extension is just an additional feature and is not the core part of the OpenSSL project. And since this was an open source in itself, one person cannot be blamed.

Nomenclature. Why is it called as Heartbleed, what’s the reason behind this nickname?

An engineer in Codenomicon coined it. The technical name, CVE-2014-0160 was named for the particular line of code that contained the vulnerable code. According to the systems administrator at Codenomicon who coined the term, he just played on the words ‘heartbeat’ which is an extension in the OpenSSL Toolkit. Ossi Herrala – the Codenomicon employee “thought it was fitting to call it Heartbleed because it was bleeding out the important information from the memory”. They even went ahead and bought the domain heartbleed.com from a group who owned it as a music lyrics site, so as to spread this security flaw among the IT community and they are quite happy with the outcome and the way the IT community has responded quickly to correct the flaw. Basically they just had to upgrade the OpenSSL toolkit version to the latest one to overcome this security flaw.


Why only few sites are affected?

Since the core problem was in the extension of OpenSSL toolkit called ‘Heartbeat’, which is the central point of vulnerability – any website which used this feature got affected. Although OpenSSL is popular, some websites used other SSL/TLS features and options. Some websites used an upgraded version or an earlier version of this toolkit, that’s why they escaped this vulnerability. While this doesn’t completely solve the problem at hand, not all companies use PFS or Perfect Forward Secrecy, a key agreement protocol in Cryptography. PFS keys are the most secured ones as on today as it ensures that the compromise of a single key permits access only to data protected by that single key. These have short shelf life, hence one key leak will not allow the leak of all data.

Am I really affected? Why should I care?

This is simply not another virus or bug wherein an antivirus can help you on your computer or smartphone. This is a more complicated bug (actually a programming error) on the services you use like hosting providers, bank servers and email service providers. Technically speaking this is not a client-end problem but a server-end issue.

Every user who uses email, browse internet, conduct business and ecommerce and every normal prudent surfer who cares for a secured browsing experience and have signed up for services, free or paid, online should care about this flaw and take corrective measures. More importantly if you have visited a website with HTTPS, trusting that it was a secured one all these days in the last few years, then you sure will be interested in knowing and learning about this further. And as an example, if you are a Gmail, Facebook or Yahoo email user, you better change your password now – for it is a suggested solution even by Google.

According to EFF (Electronic Frontier Foundation), this flaw allows an attacker who connects to an HTTPS server running a vulnerable version of OpenSSL to access up to 64KB of private memory space. Doing the attack once can easily cause the server to leak cookies, emails, and passwords. Doing the attack repeatedly can potentially leak entire encryption keys, such as the private SSL keys used to protect HTTPS traffic. If an attacker has access to a website’s private SSL key, they can run a fake version of the website and/or steal any information that users send, including passwords, private messages, and credit card numbers. Neither users nor website owners can detect this attack as it happens.

How do I know if my bank account was also compromised using this flaw?

Most banks use proprietary encryption software instead of the open source OpenSSL. Still, it’s wise to confirm with your bank information security personnel or their website for any press release related to this.

How do I know or check if a website has taken corrective measures or fixed this problem?

Password management companies have come up with ways in testing websites to check if the flaw has been corrected and if the website is safe or not. You can check LastPass – to see if the bug has been corrected by websites. Also, there would be press releases and news from the website themselves stating that the issues are fixed.
For example, The Canada Revenue Agency has extended the filing deadline for tax returns and promised to resume e-services by the end of the weekend for all federal departments using software vulnerable to the Heartbleed bug (Source: www.cbc.ca)

How to protect myself against this security flaw?

Keep an eye on your financial statements and bank accounts physically, not online.
Once you confirm that the bank websites are safeguarded, change your passwords.
Do not login to any sensitive accounts like bank websites and email accounts until you are sure that the flaw has been corrected.

Which websites need a password change right now?

You can first check what websites were affected and if they have taken corrective measures to release a patch. Mashable has collated a quite massive list of websites that need a password change. You can check them out here. These are some of the websites which were affected and corrected. So a password change is suggested, though not a must. As Google puts it, better be safe than sorry. Of course, keep in mind that the specific website must issue a patch to correct the flawed version of OpenSSL. Only then your password change makes sense.

What versions of OpenSSL are affected?



OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
(Source:heartbleed.com)

How widespread is this flaw in the internet sphere?

Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates. (Source: heartbleed.com)





Thanks to……..?

Thanks to Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for preparing the fix. (Source:https://www.openssl.org/news/secadv_20140407.txt)
Information collected and posted by Arun Sarathy
Resources: (Information sources)
http://heartbleed.com/