5 Million Gmail passwords hacked or maybe not

Is your Gmail ID safe after yesterday's leak?  How to find out safely?  That is what this article is about!

The biggest scare going around from yesterday night (India Time) is the alleged breach or leak of 5 million Gmail usernames and passwords.  Or maybe not!  Unknown hackers have dumped about 5 Million usernames and alleged passwords in a Russian Bitcoin forum. [https://forum.btcsec.com/index.php?/topic/9426-gmail-meniai-parol/]

At first people claimed that more than 60% of the leaked or breached Gmail passwords were valid, that is alive.  But Google quickly responded in their blog denying that this ‘credential dump’ was (not) due to any breach in Gmail or other Google services Security. [http://googleonlinesecurity.blogspot.in/2014/09/cleaning-up-after-password-dumps.html]

Google also clarified that less than 2% of the yesterday’s credential dump were valid username-password combination. 

Now this is both right and wrong.

From the day’s read through, it appears to me that (almost all) the usernames are probably valid.  It is the passwords which might be outdated (read 'changed') - in more than 98% of the accounts.

What seems to have happened is the security breach is not with Gmail or other Google Services, but with other totally unconnected sites.  Let me explain in further in the next post.  But first, how do we check whether our email ID is in the compromised list?

To find out, I scoured the internet for reliable sites where you can enter your email ID (*not* the password) and find out whether the email ID is in any breached list.  I found 4 sites which are reputed to be reliable, and one about which some doubts have been raised.  Here they are:
  • https://breachalarm.com/(formerly ‘shouldichangemypassword.com) and my former favourite;
  • https://pwnedlist.com/query;
  • https://haveibeenpwned.com/ (my current favourite);
  • http://securityalert.knowem.com/; and,
  • https://isleaked.com/en (doubts raised because the site appears to be only a few days old).
Checking my email ID (mad.madrasi) with them throws up different results.  The first 2 (knowem.com and isleaked.com) report that my email ID is not on the compromised list.

But what they 'presumably' report is only of the yesterday’s (10 Sept) credential dump.  The other 3  sites report that my email ID may have been breached in Feb 2014.  As I wrote before, more on that on the next post.

So, if your Gmail ID is on any of those first 4 sites listed above, quickly change the password – with a one which has nothing in common with your old password!

And read my further post on the subject.


Today, 10 September, is Battle for the Net Day

Today marks the first great voluntary Internet Slowdown – a protest against the US government and the United States Federal Communications Commission handling of the Net Neutrality issue.  All across the web, many sites like Reddit, Netflix, and WordPress, will display a spinning “loading…” icon, symbolising that the proposed internet slow lanes — where websites which will (can) not pay their ISPs ‘extra’ money, will load more slowly than others.

The Internet Slowdown is a public awareness effort by Battle for the Net, an off-shoot of Fight for the Future, which is a non-profit that was hugely successful in spearheading the fight against SOPA and PIPA.  In a surprise move even the EFF has changed its position – from advocating dismantling of the FCC, the EFF is now calling for a ‘retuning’ of the same organisation for ‘minimal’ oversight!

And the big (US) ISPs are acting in concert, to read the reports, in a covert manner.  Instead of saying they want a little extra to give to equal access, they have couched their proposals as some sort of deluxe, a la carte, access – calling them Internet Fast Lanes.  Obviously if there are fast lanes, there have to be slow lanes too, right?

Guess who will end up in those slow lanes?

As a simple example, think of today’s Facebook or the original Hotmail of Sabeer Bhatia!  Because the Internet was free, and provided equal access whether you are an internet startup or an established corporation, both the products could establish, and become market leaders.

If either Bhatia or Zuckerberg had to shell out $30,000 a month to stay on proposed the Internet Fast Lane, could their Hotmail or Facebook survived?

To mark today, and create awareness, major websites and participants are displaying overlays or banners on their websites – and blogs, like me.  The display shows a ‘spinning wheel’ or ‘loading…’ icon with the query that ‘if the site takes this long to load, will you wait?’  Mind you, the site itself is not slowed down, but the overlay gives a feel of what it would feel like.

Clicking on the icon will take you to a page where you can sign a petition to US Congress to oppose the proposed FCC rules.  If you are not a US citizen, you can do what I do – try to spread the word!


With rust we trust our bicycle basket

The basket in a bicycle, the one in front of the handlebar is a versatile contraption.  I have seen many things being held by those baskets - from groceries to tiffin boxes, flowers to fruits, wood to tools, and once even a baby.

But this is the first time I see a basket being held with such a rusty bracket or clamp.  And it makes it to this #rustysunday post!

Why so much of rust, only on that bracket, while the rest of the basket or the bicycle is in better condition?  Probably due to bimetal contact and galvanic corrosion, and a chance to take its place on #rustysunday.  The black paint over the square metal bracket of the basket must have been worn down because of repeated scraping when various items were placed into and removed from the basket.

Once the protective paint coating wore off, the bracket was open to elements.  That alone would not have made it rust away so fast. 

The electroplated inch-wide clamp used to fasten the bolts (along with the bolt and washers themselves) is the culprit. 

With the condensing moisture from the atmosphere acting as the electrolyte, the exposed iron of the bracket becomes the anode.  The cathode is the nickel coating on the clamp.  Result is the accelerated galvanic corrosion!

Here is the #rustysunday snap:


BTW, the theories of bimetal contact and galvanic corrosion, though learned in high school, were of practical importance and their startling effects experienced, and exposed while I sailed – thankfully never on any of those ‘rustbuckets’.

IceRocket Tags:

2 million profile views on Google Plus

More or less a month ago, the blog touched the personal milestone of 1 million pageviews.  Yesterday, my Google+ profile touched another personal milestone – 2 million profile views.  Not bad, is it not?

Now, two million profile views may sound great – and personally it does feel good, but there are others who have crossed that mark.  Looking through their profiles did not make my jealous, instead only boosted my self-confidence.  For, there are 3 categories of people with Google Plus profiles who have breached the million (and even the billion) profile views.
  • the 1st category is, who else, the celebrities – the movie people, politicians, etc. - and their count needs no explanation;
  • the 2nd category is the the top achievers in their fields – technical, business, etc. – and they have lakhs (even millions) of followers, and a billion profile views;
  • the 3rd category is not of the either two – a commoner like many of us – but with a difference.  They (usually) have a pretty face, are female, post a lot of selfies, most of the comments in their G+ pages are 3 or 4 letters like, hai, cute, nice, et al., and have thousands of followers;
Not belonging to either of the three categories, and with an obvious nom-de-plume, I am surprised that I have a hundred plus followers.  Even more astonishing is the 2 million profile views mark on Google Plus!

So however the Google God decided to favour me, I like it.  And to everyone who had had a look at my profile, glanced through the blog, and made the million pageviews and 2 million profile views possible – a big hug, and a thank you!


Looks great, does it not?

Rig Upakarma procedure in Tamil, Sanskrit and English for 07 Sep 2014

The Rig Vedis attach importance to Shravana Nakshatra (திருவோணம்) in Shravana Month (ஆவணி), when they perform their Upakarma.  In 2014, this occurs on Sunday, 07 September, whereas the Yajur Upakarma was performed on 10th August, as they do not follow the Shravan month rule. 

A point to note is on Sunday, 07 Sep, the Sharavana Nakshatra endures from 06th 12:01 IST – till 07th 09:17 IST, hence technically the Upakarma should be performed before 09:17 IST on 07 Sep.

People who live overseas in countries to the East of India may not have any problems in performing the same on 07th Sep. People in Western Countries may have to perform the Upakarma on Saturday, the 6th Sep, (that is the evening/night of Saturday in India).

Please check with your family acharyan regarding the timings as per the place you live in, and if performing on Saturday, change to ‘Sthira’ instead of ‘Bhanu’ Vasara.

The timings are : trayodasyām (from 06th 18:05 IST - till 07th 14:29 IST) & śravaṇa (from 06th 12:01 IST – till 07th 09:17 IST).

There is the free and the premium version of the Upakarma.  The free version is the same as the Yajur/Rig Upakarma 2014 of 10/8.  You can amend the relevant portions of the sankalpam with:

- ஜய நாம ஸம்வத்ஸரே தக்ஷிணாயணே வர்ஷ ருதௌ ஸிம்ஹ மாஸே ஷுக்ல பக்ஷே த்ரயோதஸ்யாம் (from 06th 18:05 IST - till 07th 14:29 IST) ஷுபதிதௌ – பாநு வாஸர யுக்தாயாம் ஷ்ரவண (from 06th 12:01 IST – till 07th 09:17 IST) நக்ஷத்ர யுக்தாயாம் விஷ்ணு யோக விஷ்ணு கரண ஏவம்குண விஷேஷண விஷிஷ்டாயாம் அஸ்யாம் த்ரயோதஸ்யாம் ஷுபதிதௌ –

OTOH, the Premium version is a totally reformatted version, exclusively for Rig Veda Upakarma of 07 September, explaining the step by step procedure, and is available in Tamil, Sanskrit and English (IAST) scripts.


The free version of Upakarma 2014 (of 10/8) can be downloaded from here.

Order them through the PayPal button below.
Within a couple of hours (during daytime India), I will email you the file link.  
Night time (India) will take much longer. :-D
Please note it is subject to the Terms & Conditions, which you accept by clicking on the button. 


IceRocket Tags: ,