Unlist Your Number from TrueCaller today!

UPDATE July 18, 2013: Approximately 7 months after this article was published, there’s been news that the TrueCaller database has been hacked into by the so-called Syrian Electronic Army. Again, this highlights the need for users to be careful in the choosing the companies with whom they entrust their private data.

TrueCaller is a mobile app and online service that serves as a very large phonebook for reverse phone number lookups. It can be used to augment your own phone’s contact list in your iOS, Android, Windows Phone, Symbian, or BlackBerry device, helping you let know the names of unknown callers. You can test to see which of your or your friends’ numbers are available in their database at www.truecaller.com.

How does it work?

TrueCaller claims to source the caller information present in their database partly from public directories, and partly from “crowdsourced” data.

However, when I checked, their data didn’t seem to come from public directories. I began searching for my friends’ landline and mobile numbers and those of my own as well, and noted a few interesting things:

  1. Sometimes somebody else’s name would prop up. This would probably be a previous owner, or the former name of the person in case of a name change.
  2. Sometimes the company name would be suffixed or prefixed to the name.

This definitely seems to be populated from contact lists of users.

TrueCaller seems to stop here – it doesn’t, for example, seem to retrieve or store users’ locations. Also, it doesn’t support searching by name – you can only search by number. However, what TrueCaller does reveal is still bad enough, and has actually made many users unhappy, as you can see in a Quora thread on this subject.

Removing your Number

Luckily, fixing this privacy issue turns out to be easy. Head over to Unlist your Phone Number to request an automatic unlisting of your number. It took a few hours for my numbers to get unlisted, and I heaved a sigh of relief after that.

6 Ways to Defend Yourself Against Viruses and Malware

Which virus protection is the best?

Well, to protect yourself against malicious software, the six defensive ways detailed below can work better than the best anti-virus software left to act alone.

1) Be aware of virus symptoms, and attack vectors

This piece of advice might sound something beyond the realm of non-techies. However, non-techies had to learn how to use computers anyway, and learning a little about the basics of viruses won’t hurt. The information contained in this article is a good start.

(i) Be wary of suspicious, new process names in the list of running processes

Sometimes these processes have the same names as legitimate ones to disguise themselves (svchost.exe is an example). Sometimes they have similar names, like svvchost.exe and _services.exe (the legitimate ones have the names svchost.exe and services.exe). The username that’s running the process sometimes gives an indication of whether it’s a legitimate system process or not – a virus usually runs under the currently logged-in user’s name. If you’re a power user, you’d want to use Process Explorer, which will allow you to dive in more deeply when inspecting processes, such as figuring out which exact executable on the file system is responsible for the running process.

(ii) Emails from your friend may not have been actually sent by them

Be wary of opening email attachments, unless you were expecting them – even seemingly innocuous video files could cause your data to disappear. Take your precautions even when the attachment is expected – the anti-virus scanners embedded with the popular email providers provide a good defense.

On a similar note, be careful when downloading files randomly from the Internet. Executable (.exe or .com on Windows) files are the ones that can cause most harm.

(iii) Do not leave the Windows’ auto-run option enabled for portable drives

Auto-run has long been one of the most popular ways in which viruses spread – ensure that you keep it disabled. Never, ever, trust a portable drive that had been previously inserted into a machine that you don’t own, even if it has an anti-virus. Use your anti-virus to scan data that has arrived from external sources. Viruses won’t usually spread through text editors, so you can use these if you’re just inspecting simple files and don’t have an anti-virus at hand.

(iv) Watch out for typical virus symptoms, and gear up to protect yourself

These include:

  1. Access disabled to Task Manager, the Registry Editor1, or msconfig2.
  2. Spikes in CPU or GPU usage – these can be observed either through monitoring tools, such as the Task Manager for the CPU, or GPU-Z for the GPU, or by noticing the hardware fans spinning faster when there is no processor intensive program running.

A good tactic is to run anti-virus scans, preferably from outside your OS, such a Live CD, whenever you detect suspicious activity. Live CDs allow you to boot into them without having to load your OS, which might end up running the virus before any anti-virus can take effect (assuming that the anti-virus failed to detect the malware when it loaded itself onto the machine). Bitdefender Rescue CD is one such option. In addition to regular viruses, Bitdefender scans for rootkits – malware that reside deep within the core of the OS, evading detection while carrying out malicious activity.

(v) Safe online banking

Most Linux distributions, including Ubuntu, support booting from a Live CD and are great for providing added protection when banking online, since viruses cannot write to these disks permanently. Live CDs offer no compromise when it comes to your online browsing experience. These Linux distributions can also be installed on bootable USB sticks.

2) Choose to manually enable the running of plugins in your browser

Chrome and Firefox have the option of enabling “Click to Play” for plugins (i.e. either Flash or Java) within websites so that they run each time only with your permission which you provide by clicking on the area of the page in which . This will help prevent drive-by attacks from malicious code embedded in such plugins, which are almost always hidden from view, or use some sort of social engineering to trick users into downloading malware.

In Chrome, copy and paste chrome://chrome/settings/content into your address bar, and choose “Click to play” under “Plugins”.

Chrome Plugin Settings

In Firefox, go to about:plugins, and turn on the plugins.click_to_play option.

3) Update your OS, focusing on the security updates

They are called “security” for a reason. This is especially important for the Windows OS. Because of Windows’ popularity, hackers have been known to target security holes in Windows on unpatched machines by studying the fixes Microsoft sends out. This is becoming true even for Mac’s OS X; the recent Java malware is an example –though Apple actually released the update and fix after the Trojan was out in the wild. A Windows example: If you updated before Sasser arrived, you’d be 100% secure.

4) Use a firewall

This doesn’t offer much more protection from Internet worms than a NAT, but will be useful if you connect your laptop to a public network. It will also protect yourself from infected machines on your own network. A firewall would protect you from Sasser even if you didn’t install security updates at the time, and would offer partial protection against MSBlast.

While the built-in Windows Firewall provides decent protection, you could try out third-party solutions like ZoneAlarm for better control over what moves in and out of your computer.

5) Use an Anti-virus

This is important, but you must know where it stands – it cannot protect you against everything. In fact, most people skip it on the Mac and Linux, though it’s always recommended for Windows. Remember, you are worse off if you use an anti-virus but don’t know how viruses work.

I bet if you brush up your knowledge of viruses and run Windows without an anti-virus, you’d be infected fewer times than a noob running an anti-virus on a Windows and not knowing a thing about viruses. Anti-virus software are perfect if you realize that they work best for protecting against viruses that the software already knows about, and not so good at protecting new ones.

6) Backups

Whatever precautions you take, you might still lose the fight. Always ensure that you have important data backed-up, so that you can easily restore it in the case of an infection.

Even if there was no danger of infection, backups come in handy in the case of hardware failure, for which you should be prepared for anytime.

Footnotes

  1. ^The Registry is a database of configuration settings and options related to the Microsoft Windows operating systems. It can be accessed by pressing Ctrl+R, typing regedit.exe and pressing Enter
  2. ^MSConfig is a Microsoft Windows utility you can use to troubleshoot issues related to processes that are loaded on startup. Viruses often register themselves to start up automatically – you can remove the easier ones using msconfig or by editing the registry.

Converting Multiple VMDK (Virtual Machine Disk) files into one

To convert multiple VMDKs into a single file, I used the following command (LinuxVM.vmdk is the name of the first VMDK file – i.e. the one attached to the VM):

$ vmware-vdiskmanager -r LinuxVM.vmdk -t 0 LinuxVMSingleDisk.vmdk

Note that vmware-vdiskmanager is bundled as part of VMware Workstation. I couldn’t locate that as a separate download, so I ended up downloading the trial version of Workstation.

The above operation takes a while, but not too long. It shows its progress as it completes.

Next, I had to modify the VM settings so that it would use the new disk. I couldn’t find this option in the GUI, so I had to modify the vmx file manually (use an appropriate editor on a Windows system):

$ vi LinuxVM.vmx

I modified the scsi0:0.fileName property to point to the new disk:

scsi0:0.fileName = "LinuxVMSingleDisk.vmdk"

Next, I double checked the VM settings in the GUI to check if the disk had changed, and then booted it up to confirm everything is fine. I then deleted all the old, multiple vmdk files.

The Motivation for Doing This

I’d been using a few heavy applications in my VM: an HTTP server, an Application Server behind it running a couple of large applications, and a database. When doing intensive work, my hard disk would make grinding noises and my Ubuntu host would suddenly exit to the login screen. I’d lose all data in my current session, though oddly, some background applications would continue to run.

So I decided to implement VMware’s suggestion to use a single file for better performance:

VMware Workstation - Creating a virtual disk

Did it really work? The host did crash once, but that was when another heavy application was running on the host itself. In my entirely subjective assessment, I do think there’s been an improvement in performance – though I still need to be a little careful with certain applications.

TCPMon – A Basic Tutorial

TCPMon is a nice little tool for testing TCP communication between a client and server. It is an open source project, distributed under the Apache 2.0 license.

Downloading and Running TCPMon

To download TCPMon, head over to the Apache TCPMon download page and download the binary distribution.

(There’s a Google Code Project called TCPMon too, but that’s not the same one, and has fewer features)

Once downloaded and extracted, navigate to the build folder and run TCPMon by executing tcpmon.sh on Linux or tcpmon.bat on Windows. (On Linux, you’ll need to set the execute bit on the sh file before you run it). Note that your current working directory must be the build folder, else Java will report a ClassNotFoundException

TCPMon as an intermediary between clients and a single server

I found TCPMon useful when testing a webservice client I was implementing – I wanted to be certain that it’s sending the right data, and also wanted to double check the server responses in a convenient way. Here’s what you need to do:

  1. Specify the listener properties. The listener port is any arbitrary port that you’d like TCPMon to listen to (and that any other process isn’t using). The target port is that of your webservice.
  2. Click Add

TCPMon admin tab - Configuring a listener

In the window that appears, you will be able to monitor connections between your client and server after setting up your client to point to TCPMon’s listening port. TCPMon forwards all requests to the target server, and you’ll be able to see the requests and responses as they occur.

Requests and responses in TCPMon

Checking the “XML Format” box adds appropriate indentation to any XML in subsequent requests and responses. This can make it easier to read.

TCPMon as a proxy server (an intermediary between clients and an outbound connection of the machine hosting TCPMon)

Another functionality is the use of TCPMon as a proxy – you can set up a proxy server on your machine using it, so that all requests from another device or machine are routed through the proxy.

I found this useful when testing on mobile devices that needed to connect to a VPN network accessible from my computer, but not from the device itself.

Here’s what you need to do to set up the proxy server:

Setting up a proxy server in TCPMon

To get a mobile device connected through this proxy, you’ll need to modify the proxy settings of your Wifi connection:

Setting up an iPad to connect to TCPMon

Now all requests from this device will be routed through the TCPMon proxy.

Note that TCPMon is useful only for simple testing of requests and responses – it fails to work on anything more than a small number of requests. You’ll need a dedicated proxy server for that.

Also, if you’re connecting to a single server, it’s best to go with the first approach of an intermediary rather than a proxy server, so that TCPMon doesn’t capture traffic you don’t need to inspect.

Sending custom requests

The “Sender” tab can be used to craft your own SOAP requests and send them. The fields under this tab are pretty self-explanatory:

Sending requests from TCPMon

– See more at: file:///C:/B/Backups/Technonstop/technonstop.com/tcpmon-tutorial.html#sthash.uvcYqRuS.dpuf