Hotlinking of Secure ICICI bank web images

Most of the bank allow hot linking of their images which are misused by SPAMERS who use it to include it in their spam email.

I couldn’t believe myself when i saw hotlinking of ICICI bank web images; I didn’t except such breach of small loop hole from a MNC bank like ICICI.

Below is original header (source code) of such spam mail.

Code starts here
————————————————————————————————–

Delivered-To: xyzuser@gmail.com
Received: by 10.141.20.18 with SMTP id x18cs126207rvi;
        Fri, 30 Apr 2010 06:38:30 -0700 (PDT)
Received: by 10.141.187.9 with SMTP id o9mr772778rvp.211.1272634704143;
        Fri, 30 Apr 2010 06:38:24 -0700 (PDT)
Return-Path: <acct.service@icicibank.com>
Received: from mail.worldcourier.com.tw (60-250-153-149.HINET-IP.hinet.net [60.250.153.149])
        by mx.google.com with ESMTP id 26si3094608iwn.110.2010.04.30.06.38.19;
        Fri, 30 Apr 2010 06:38:24 -0700 (PDT)
Received-SPF: fail (google.com: domain of acct.service@icicibank.com does not designate 60.250.153.149 as permitted sender) client-ip=60.250.153.149;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of acct.service@icicibank.com does not designate 60.250.153.149 as permitted sender) smtp.mail=acct.service@icicibank.com
Received: from User (ml82.128.17.127.multilinks.com [82.128.17.127])
	by mail.worldcourier.com.tw (Postfix) with ESMTP id 88F2E688A6;
	Fri, 30 Apr 2010 20:55:04 +0800 (CST)
From: "ICICI Bank"<acct.service@icicibank.com>
Subject: Secure Your Account Now!!!
Date: Fri, 30 Apr 2010 14:38:26 +0100
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20100430125505.88F2E688A6@mail.worldcourier.com.tw>
To: undisclosed-recipients:;

<div align=”center”><img src=”https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif” border=”0″ height=”60″ width=”260″><br>

 

<div align="center">
	In view of the recent cyber attacks towards our customers,<br>

	We at ICICI have introduced a new protection System against<br>
Malicious Online Identity Theft
	<br><br>
	Kindly follow the link below to activate your secure service<br>

	&nbsp;<table style="" id="ecxtable1" bgcolor="#fffecd" height="25" width="295">
		<tbody><tr>
			<td align="center"><b><font face="Arial" size="2">

			<a rel="nofollow" target="_blank" href="http://is.gd/bOvU7">
			<span id="ecxlw_1243015215_0"><font color="#ff9900">CLICK HERE TO 

SECURE YOUR ACCOUNT</font></span><font color="#ff9900">
			</font></a></font></b></td>

		</tr>

	</tbody></table>
	<address>
&nbsp;</address>
	<hr></div>
			<div style="overflow: visible; visibility: visible;" id="ecxmessage1850487487"><div id="ecxyiv530294246">

<div id="ecxyiv2092694417">
		<p align="center"><font face="Times New Roman" size="2">
		<span style="background-color: rgb(255, 255, 255);">ICICI Bank <font size="3">apologizes for 

any 

inconvenience arising from this action.</font> </span></font></p>

		<p align="center"><font face="Times New Roman" size="2">
		<span style="background-color: rgb(255, 255, 255);">Thank you for using ICICI 

Bank.<br></span></font>
        <font size="2">� <span style="cursor: pointer;" id="ecxlw_1260090494_0">ICICI 

Bank</span>. All 

rights reserved.</font></p>
		<p align="center">

<span style="background-color: rgb(255, 255, 255);"><font face="Times New Roman" size="2">I</font></span><span id="ecxz2"><font face="Times New Roman" size="1"><span style="background-color: rgb(255, 255, 255);">nformation 

on 

protecting yourself from 

fraud, please
					review the Security Tips in our Security&nbsp; Center.</span>

————————————————————————————————–
Code ends here

Below is the image

ICICI being such a big MNC bank doesn’t have a single guy to plug this simple security loop hole.

Solutions for this type of issues would be to prevent hot linking of images using server side setting; which is available nowadays in most of web hosting server.

ICICI spends lakh to crores of money into TV ads, online banners, SMS asking its cutomers not to click on such spam email; but see the irony they don’t know how to prevent misuse of their own of images; All that money spent by ICICI bank to educate their customers is waste when they themselves don’t how to secure their site. Most of the Indian companies are like this they are big  joke. Hope they learn in near future.

Tags: hotlinking of images, icici, Optimization

How to make your Joomla site to run ( load ) faster

Ever wonder why your joomla sites takes ages to load! The problem is all the no. of files it has to load and heavy CSS & javascript files that are causing the problem.

use this link to check the loading time of your site  websiteoptimization Which can be used to calculate the amount of time the site takes to load

Solution:

1.  Use tools which are available to compress the CSS & JS files, using compressed CSS & JS files make the joomla site to load faster.

2. Reduce the no. of CSS files loaded for eg. do not combine all your CSS codes into single file instead break up your CSS codes and that CSS file where it is needed.

Below you can find links to the tools which can be used to compress these files

Tools links

1.Yahoo Compressor tool Yahoo compressor tool can be used to compress both CSS and JS files.

2. Online JS Compressor this can be used to compress JS files

3. Online CSS compressor This can be used to compress CSS files.

Tags: Optimization