Category Archives: Security

Getting rid of Babylon virus

Well, it is not exactly a virus, but babylon plugin can impose itself on your browser in form of search toolbars or default search setting. It has happened to me more than once now, so sharing some quick steps of getting rid of it here. Please note that at times this app/ toolbar will be stored as any other name, so look out for anything suspicious and out of place.

1. Remove the app: Check if a program is shown under add/ remove program (go to control panel-> uninstall program) with name babylon. Remove it.

2. Remove toolbar: Check if toolbar exists under browser toolbars, and remove it.

Firefox: Go to Add Ons->look for babylon

IE: Go to Manage Add Ons->Toolbars and extensions->look for babylon

3. Remove as default search engine: For IE Manage Add Ons-> Search providers->babylon (in my case it was named just default)

More info,2817,2418379,00.asp

Are my online transactions secured? HTTPS to rescue

You must have wondered at times that how can my data be secured over the internet when using a website that needs sensitive data like bank account details (or how secured is a banking site).

The protocol that comes to rescue is HTTPS. Whenever we are working on a website where we want ourselves to be secure, we should make sure the url starts with instead of http. http is hyper text transfer protocol which just specifies some rules as to how the data needs to be transferred and understood on the internet. https is http + secure or http over SSL (Secured socket layer).

If I ask you, how can I secure the data? The obvious answer is encryption. The most common type of encryption is symmetric encryption which uses a single key to encrypt and decrypt the data. That is the same key that encrypts the data will decrypt it. The problem with this kind of encryption is that if someone gets access to this key, he can create or read the data using the key. To solve this problem, there is concept of 2 key encryption. In this we have a private and public key. the beauty of this approach is that data encrypted using one key can be decrypted using second key only. On the downside this approach is a bit slow because of added complexity.

Lets quickly talk about concept of certificates as well. There are various certification authorities (CA) which can provide a certificate of authentication to a website. Whenever you are on a https website, you will see a small icon of a lock (may vary from browser to browser), on which when you click, will show you the certificate details. This will guarantee that the website is indeed what it claims to be. So for example you misspelt a link or opened a link from a spam email, looking for https and certificate will be sufficient for you to ensure authenticity of the website.

Now lets go behind the scenes and see how my websites are secured because of https.

Step 1: You click a secured url or type into your browser.

Step 2: The server listens to your request and returns back a certificate and a public key (server will never share the private key for security reasons)

Step 3: Your browser will verify this certificate (shows error in case of some doubt)

Step 3a: After verifying certificate, browser will generate a symmetric key and encrypt it using “the public key” sent by server.

Step 3b: Browser then sends this encrypted symmetric key to web server.

Step 4: Web server decrypts the data sent by browser using its private key (as this was encrypted using public key). The decrypted data is symmetric key from browser.

Step 5: Now this symmetric key will be used by both parties (browser and web server) to transfer the data (remember public/ private key is time consuming, so it is used only to initially transfer the symmetric key).

The above steps ensure that the communication between server and browser is always secured and hence you can do the online shopping or banking without fear.