Playing it safe while on Gmail

Gmail: One of the best free online e-mail service, with so many good features including support fort POP, forwarding, filters, communication over secure channel - https.

Google has taken good care security of its users as well. But still there are several possible threats at various points. Varying from browser compromise to visiting malicious website.
Keeping all these concerns in mind, it is indeed very important to take every possible preventive measure to avoid any compromise of your Gmail account.

Let's have a quick look at some important security considerations to keep safe while online with your google account logged in. Note that most of these tips are recommended by Google itself and hence are extremely important.

1] Always use HTTPS while connecting to Gmail.
There are several ways to do it.

[a] make sure URL in browsers address bar starts with https://

[b] after you login to Gmail, go to "Settings" and under the "General" tab in "Browser Connection" click "Always use https". Then click save. You can start here.

[c] you may also be fond of Greasemonkey, so you may install it's script to force https for all Google apps.

Greasemonkey is a Mozilla Firefox extension that allows users to install scripts that make on-the-fly changes to most HTML-based web pages. As Greasemonkey scripts are persistent, the changes made to the web pages are executed every time the page is opened, making them effectively permanent for the user running the script.

2]Check Your Filters Regularly
Recent Gmail vulnerabilities involve the setting up of malicious filters and email auto-forwarding. Hence you should check them regularly by going to your Gmail settings and make sure that you don't see anything suspicious here.

3] Use mail client application.
If you are using gmail through any POP or IMAP client application, chances of getting victimized by scripts injected in browser are eliminated.
Good examples of such clients:
MOZILLA: thunderbird, seamonkey,
MICROSOFT: outlook,
GNOME: evolution
there are many..

4] Browser add-ons.
If you are using browsser that support addons/ plugins, be careful while installing any plugin - from untrusted sources. These plugins can prove to be nasty little cretures. They actually can read/ record/ interact with anything in the browser. Once you install a "bad" plugin, remote bad guys can steal anything, including your login credentials, browsing history, real scary stuff.

5] Avoid falling prey to phishers.
Be well aware of possibilities of online frauds, phishing and other misleading mails. Never give avay any sensitive information online, including personal info, username, passwords, bank account details...

6] Take regular backups of your mail.
This is a good way to avoid possible loss of useful mails in case if something goes wrong with your gmail account.

Fun: Gmail free space, More Gmail storage coming for all

For quite a long time, I was wondering that how Google will manage "infinity+1" free space plan. Especially after few announcements by Google about increased free space. It is always a fun to watch the free space counter on the Gmail login page.

Tried to play with my system clock to check the changes in magical numbers displayed as available free space [quota] for Gmail user. Noticed something little funny. The free space allotted to users seem to be governed by user's system time and not the universal time at the moment. Don't know what the truth is, but this is what first looks at it may make anyone think.

1]My system clock set to 18 Jun 2008, free space ~ 6838+ MB

1]My system clock set to 18 Jun 2007, free space ~ 2865+ MB

1]My system clock set to 18 Jun 2009, free space ~ 8060+ MB


Same way, if I change the system clock to some time in year 2020, Gmail says "Over 21513.310687 megabytes (and counting) of free storage" !!!

It's up to you to investigate whether it is possible to trick Google by changing your system time and use more space than mentioned.

GIMP: Selective Colouring

Gimp. GnuImageMnipulationProgram. An open source paint and image editing program for Unix, X Window and Mac OS X. Sometimes looked at as a free replacement of some good commercial photo editing programs like photoshop.
You must have seen a black and white photograph with some part in colour. For example in an advertisement of lipstick, all except lips can be seen in true colours.
There are two approaches possible to achieve this. This technique is also known as "hand colouring".
Method 1:Take original colour image, duplicate it, convert the duplicate to black and white, and paste it as a new layer on top of the color image. Add an opaque layer mask and then selectively paint transparency into the upper mask, exposing the colour area underneath.
Method 2:Convert background layer to grayscale, make the top layer active and set its mode to colour. Everywhere you brush, your color image will become uncolored. Keep brushing away those areas you want to "remove"

Let's see the 1st method above, with an example.

[Please click to enlarge the images below]

STEP1:
Load the colour image into GIMP.
File>Open>"the image"

STEP2:
a]Duplicate the image --> Ctrl+D
and
b]convert it to grayscale then RGB: -->
Image>Mode>Grayscale and then Image>Mode>RGB

STEP3
Go to original colour image window. Open Layers dialogue[Ctrl+L].
Right clicking on the background layer[containing our original image] add new layer. Name it as BnW. Change the layer fill type to "Transparent". Click OK.

STEP4:
Go to the BnW image and select all, then copy [Ctrl+A then Ctrl+C]. Then go to the colour image window and paste [Ctrl+V].
Open Layers dialogue again[Ctrl+L]. You can see pasted layer as a Floating Selection. Keep "Opacity" 100% and click on "Anchor" at the bottom.

STEP5:
Right click on the BnW and add new layer mask [white]with full opacity.

STEP6:
Make sure that Black is selected as the foreground color in the main toolbox. We' will now paint transparency into the layer mask to reveal the colour image below it. Select any suitable brush from brushes dialogue[Ctrl+Shift+B].

Done!
Begin painting interior parts of the image that you wish to see with colours. Rest of the parts will remain black and white. Zooming into the image or selecting different type of brush during hand paintaing can be given a try for better results.


The original and selectively coloured images:

Online Clipboard

If you come across some interesting/ useful website and wish to access it in future, adding it to "Bookmarks" [same as "Favorites" in IE] is an obvious step taken.

But these bookmarks remain with the same browser - on the same computer where the user has saved them. Lately, social bookmarking sites helped the users to save bookmarks online. So users could save links to their favorite "online content" - online.
Share and reuse whenever required - online.

But what if it's not the question of sharing "just" the bookmarks? What if I want to share some content online with somebody or I want to reuse it by accessing it from somewhere else? [away from home or office]

Using portable memory options like USB's or optical disks would not be feasible every time.
Same for emailing such text.

There are some websites that let you use some pages to temporarily [for a few days or weeks] store your data/ text online. This helps sometimes in scenarios similar to above.

Any examples?
http://CL1P.COM is one of such websites that may act as your "online clipboard" It's not a latest news, but not very popular in spite of being quite useful.

What is it?
Internet clipboard Created, owned and operated by Sense Maker Software.
A web application that can be accessed from any browser, used for sharing/ temporarily storing the text.

This may prove useful to:

• Copy and paste content between online computers in easy steps

• Create an online notebook, it's a fast way to jot down notes.

• Have a conversation. Share your cl1p with a friend. Each of you can update the cl1p, adding their own message. It's your own personal forum.

• Link to other cl1ps. You and your friends can create cl1ps and link them together using the cl1p link feature.

How to use it?
1. Enter in any URL that starts with http://cl1p.com/
2. Paste/type any text you want, click save button in top right corner - your "cl1p" is saved.
3. On any other computer enter in the same URL as in step 1 - you can see your "cl1p"


A simple example[Please click the images to enlarge]

















A new URL
http://cl1p.net, a feature rich variant has much more like uploading / sharing pictures.

Let's explore more!

Gmail: A Useful Feature

I wish to discuss an interesting and useful feature of several email service providers including Gmail.

Recepient's e-mail address is used to identify the location for electronic message delivery.

Normally email IDs are in the form: some_name@domain.

An excerpt from RFC 2821 says:

An address normally consists of user and domain specifications. The standard mailbox naming convention is defined to be local_part@domain: contemporary usage permits a much broader set of applications than simple "user names". Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.

Like few other mail services, Gmail has a cool feature that lets you specify an additional string following the "local_part" of the email ID. For example, while subscribing to Qualys Vulnerability Alerts email, I subscribed with the email ID as: ptteam.1+qualys@gmail.com.

According to gmail, this address will be simply treated as ptteam.1@gmail.com and the additional tag "qualys" can be used at my inbox, to easily filter out the message arriving from qualys.
Notice the recipient's address.

Similarly one may use other tags while subscibing to other services or mailing lists.

Interestingly, apart from easy sorting of messages on sources, this feature can also be used as a trick to detect spam sources.

How?

Quite simple! - If a spam arriving at your inbox has recepient's address containing your predefined tag, you can easily make out the site from where your email address was leaked to spammers.

So, it's a good practice to add +someTag while subscribing to some online service or while giving out your email ID to anybody.

But,

Sometimes, it becomes impossible to use this feature, when the form based subscription page of some websites treat the "+" sign as an INVALID character in email ID field.

Addresses of this form, using various "separators" between the "base name in local_part" and "tag" are supported by several email services, including Google Mail (plus sign "+" ), Yahoo! Mail Plus, and qmail (minus sign "-")...and more.. let's find it out.