How to Block Unwanted Emails

Do you want to  block emails from your ex wife/husband? Do you want to block those annoying offers and newsletters that reach your inbox? Well here is a way to block all those unwanted and annoying emails that you do not want to see or read! With this trick you can block individual email address or the whole domain from which you do not want the emails to come from. Here are the step-by-step instructions to do this.

How to Protect an Email Account from being Hacked

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is:”Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from bieng hacked.

If this is the case, then what is the reason for many people to loose their accounts?
The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who loose their email accounts are not the victims of hacking but the victims of Trapping. They loose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them loose their passwords. I’ll also mention how to protect your email account from these scams.

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original)especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and loose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site.Never click on the hyperlink to enter the site.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely loose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.
3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes? Then definitely you are under the risk of loosing your password.In fact many people loose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.

How to Protect an Email Account from SPAM

Most of us get SPAM every day. Some of us get more and some little. Even a newly created email account will begin to receive spam just after a few days of it’s creation. Many times we wonder where these spam come from and why? But this question remains unanswered within ourselves. So in this post I will try my best to give every possible information about the spam and will also tell you about how to combat spam.

What is SPAM?

Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. Most widely recognized form of spam is email spam.

Where do these SPAM come from?

These spam come only from spammers and never from a legitimate user or a company. These spammers send a single email to hundreds (some times thousands or millions) of email addresses at a time. They either send it manually or use spambots to automate the process of spamming.

Why do spammers SPAM?

The main goal of spammers is to send the spam (unsolicited bulk messages) to as many people as possible in order to make profit. For example, John builds a small website to sell an ebook which gives information about weight loss. In order to make sales he needs publicity for his website. Instead of spending money on advertising, John decides to create an email which contains information about his site along with it’s link and send this email to say 100 email addresses in his contact list. If 1 person out of hundred buy this book john gets $10. What if he sends this email to 1000s of email addresses. He gets $100. Imagine, if he sends this email to 1 Million email addresses he gets $100000.

Now I hope you understood the idea behind spamming. So in order to make money, spammers send their advertising emails to as many people as possible without respecting the recipient’s privacy.

From where do SPAMmers get my email address?

On the Internet there exists many sites who collect the email IDs of people and sell them to spammers in bulk. Most often, people sign up for monthly newsletters and take up surveys. This is the time where these scam sites get their email addresses. Also many spammers collect email addresses by using spambots. These spambots collect email addresses from the Internet in order to build mailing lists. Such spambots are web crawlers that can gather email addresses from Web sites, newsgroups, forums, special-interest group (SIG) postings, and chat-room conversations.

Spammers also use the trick of creating Hoax Emails for gathering a huge list of email IDs. For example, a spammer sends a hoax email which says “Forward this Message to Help Severely Burned Child”. This email claims that 11 cents will be donated to the child’s family every time the message is sent to others. Most of the people believe this and start forwarding this hoax email to all of the IDs in their contact list. In this way the email spreads rapidly and eventually when it reaches the creator (spammer), the spammer gets a huge list of valid email addresses in the email header. When you get these kind of hoax emails, you can see for yourself in the email header which contains a huge list of email addresses of all those people to whom the email is being forwarded to. This is one of the effective methods used by spammers to gather email addresses.

Is SPAMming legal?

Spamming is completely illegal. Yet it is really difficult to stop spammers from spamming since they keep moving from one hosting company to another after getting banned. This makes it practically impossible to catch spammers and prosecute them.

How to protect my email account from getting SPAMmed?

The following methods can be used to combat email spam.

1. Use spam filters for your email account. If you’re using email services like Gmail, Yahoo, Hotmail etc. then spam filters are used by defaut. Each spam filter has it’s algorithm to detect spam emails and will automatically move them to SPAM folder. This keeps your inbox free from spam. However some spam emails become successful to make their way into the inbox by successfully bypassing the filters.

2. Do not post your email address in public forums, user comments and chat-rooms. Give your email address only to trustworthy websites while signing up for newsletters.

3. While taking up online surveys and filling up feedback forms, it is better not to give your personal email address. Instead singup for a dummy email account and use this for surveys and feedback forms.

4. While posting your contact email address on your website use this format: emailaddress [at] yoursite.com instead of emailaddress@yoursite.com. This protects your email address from being indexed by spambots.

5. Do not respond to hoax messages. When you receive a hoax email, avoid forwarding it to your friends. Examples of hoax messages can be found at www.hoax-slayer.com. If you really want to forward it to your friends, make sure that you use “Bcc” (blind certified copy) option to send the email. This will hide all the email IDs to which the mail is forwarded to.

Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript

pleez, pleez, PLEEZ teach me how to hack a Hotmail Account!!!”
-unidentified IRC user

From here on in you walk alone. Neither little_v OR Black Sun Research Facility AND its members will be responsible for what you do with the information presented here. Do not use this information to impress your “l33t0_b0rit0″ friends. Do not operate in shower. Objects in article may be closer than they appear.

Note: If you see (x), where x is a number, it means that this term is defined at (x) at the bottom of this article.

Intro

The purpose of this article is NOT, I repeat, NOT to teach someone how to “hack an email account”. It’s true purpose is actually MUCH more devious. The purpose of this and all other articles in the “An Exploit Explained: ” series is to teach readers about various web technologies, and the basics of security and exploiting. I will try to give you a hands-on, learn as you go type of education in computer security. Sound good??? Then let’s get in to it!!

Preface

On Wednesday, Sept. 22 1999, yet another bleary day in the life of little v, the following message was sent to my inbox:

To: BugTraq
Subject: Yet another major Hotmail security hole -
injecting JavaScript using "javasCript:"
Date: Wed Sep 22 1999 10:48:04
Author: Georgi Guninski
Message-ID: <37e8d004.ef848f34@nat.bg>

Yet another major Hotmail security hole - injecting
JavaScript using "javasCript:"

There is a major security flaw in Hotmail which allows
injecting and executing JavaScript code in an email
message using the javascript protocol. This exploit
works both on Internet Explorer 5.0 (guess IE 4.x)
and Netscape Communicator 4.x. Hotmail filters the
"javascript:" protocol for security reasons. But it
does not filter properly the following case:
"javasCript:" where "C" is the ASCII code of "C".

So the following HTML is executed 
if the user has enabled automatically loading of
images (most users have).

Probably this may be used in other HTML tags.

Executing JavaScript when the user opens Hotmail
email message allows for example displaying a fake
login screen where the user enters his password
which is then stolen. I don't want to make a scary
demonstration, but I am sure it is also possible to
read user's messages, to send messages from user's
name and doing other mischief. Hotmail deliberately
escapes all JavaScript (it can escape) to prevent such
attacks, but obviously there are holes. It is much
easier to exploit this vulnerability if the user uses
Internet Explorer 5.0. AFAIK this is not a browser
problem, it is Hotmail's problem.

Workaround: Disable JavaScript

The code is:


....

....
Regards,
Georgi Guninski
http://www.securityfocus.com/external/http://www.nat.bg/~joro

Ok, don’t puke, I’m going to explain what just happened in a fashion that even your dog can understand.

What is this all about?

This important part of this posting to the Bugtraq(1) (http://www.securityfocus.com) mailing list is the actual exploit(2).
The exploit would be:

What does it do?

As this exploit, when put into an email message sent to a hotmail user, opens a little box using the “alert()”(3) function in javascript(4), and is also supposed to read who the first message in your inbox is from. However, this code does not work on its own. You see, the email also says that you need to use the ASCII(5) code for “C” in the message. If I get out my handy HTML reference book, I can see that the ASCII code is C. If we substitute this into our little exploit, minus the “read who the first message in your inbox” part, we get this:

How does it work?

Finding out how an exploit works is always the part that makes people a bit spindizzy. If we look at that gibberish we call code one more time we can see that it uses an tag, which all you who took my HTML tutorial would know is to display an image onto the page. Because hotmail tries to be the “top dog” webmail provider, they allow you to set autoloading of images, so the image just shows up on the same page as the mail. When you open a new hotmail account, this option is already set (hurray!). The conflict happens because your normal browser allows you to put javascript tags into your IMG tags. Because JavaScript is a strong little language, and allows just about full control over someone’s browser, if the conditions are right. Naturally, people like you and me started exploiting hotmail’s allowing of javascript. Soon, the