Archive for 2012

Home Archive for 2012

How to keep passwords safe from the hackers?

1.You need different passwords for different site/accounts

Keep different passwords for different sites, i.e your facebook and gmail's password should not be the same. If you keep same passwords and incase your one account is hacked, all your other accounts will be easily accessed.

2.Longer passwords are harder to crack

Though it is not the best way to safeguard your password, but it can help if brute-force attack is used to crack the password. So, the longer the password, better it is.

3.You shouldn’t use a word from the dictionary

to avoid dictionary attack. Don't use words that can be easily searched in a dictionary.

4.Humans tend to choose passwords with personal meanings

Avoid this, as it is easy to guess password which contain your or your girlfriend's name, number, address, date of birth. Such passwords are so easy to crackthat even the boy next door can get your password just by guessing.

5.Passwords need to be changed regularly

It is a good practice to keep changing the passwords frequently at an interval of couple of months. By changing passwords regularly you can avoid major trouble.

6.There are guidelines for creating strong ones

Most Internet security experts recommend having a password that contain at least 8 characters mixed with capitalized and lower-case letters, numbers, and symbols. A common technique is to put three unrelated words together and make up a short story that involves all three so you can remember it. You can also use the first letter of each word in your favorite line of a song or movie. Change out a couple letters for numbers or special characters, and your password should be too much trouble for a hacker to figure out. and this depends on you how well you mix up words that you can remember. Like replacing s with $ , o with 0, i with ! etc. eg, if your name is john doe your password can be j0hN'sLasTN@me!sD03. Be creative.

So enjoy the internet and be safe.

The only guy who can protect you against hackers is YOU!

If you are reading this post you are having an account on facebook..may be more than one (not ethical). Any way today's blog is all about facebook security, that is to improve security on facebook and protect your private photos and infos from the malicious hands sitting quitely to capture everything about you. OKay enough of 'faltu' dialogues and let us get started

WARNING!

Social network websites can be hazardous if you don’t change the default settings!

5 Tips for Using any Social Network

1) Set appropriate privacy and security defaults and choose a complex/unique password for your account.

2) Be careful while installing third-party applications. Don’t use applications from sources you don’t trust.

3) Only accept friend requests from people you know in real world or atleast you've seen them once.

4) Read the privacy policy and terms of service carefully. (lil bit tedious, but you should do it)

5) Limit personal information while sharing and be careful about things you post.

Control Your Default Privacy

These settings can be found by clicking the arrow on the top

right then click Privacy Settings. Limit your audience to your friends only for your posts and photos.

Enable Secure Browsing (https) and Login Notifications

Account Settings-> Security-> Enable Secure

Browsing (check the box) and the box for Login

Notifications. For additional security check the box for

Facebook will send a SMS code to your phone that you

use when signing-in in addition to your password.

Use extreme caution when posting your phone numbers, address and work information.

and the most important thing : for facebook or any sort of security :

Be conscious and alert, understand what you're doing and just don't go on clicking anything and everything that comes around.

Stay safe.

Everyone knows about computer viruses. Or at least they think they do.

copied from sophos.com

Thirty years ago, the first computer virus appeared, Elk Cloner, displaying a short poem when an infected computer booted up for the 50th time. Since then, cybercriminals have created millions of viruses and other malware—email viruses, Trojans, Internet worms, spyware, keystroke loggers—some spreading worldwide and making headlines.

Many people have heard about viruses that fill your computer screen with garbage or delete your files. In the popular imagination, malware still means pranks or sabotage. The early 1990s saw global panic about the Michelangelo virus. In the 2000s, when millions of computers were infected with the SoBig-F virus and primed to download unknown programs from the web at a set time, antivirus companies scrambled to persuade Internet service providers to shut down servers to avoid a doomsday scenario. Hollywood movies like Independence Day reinforced this perception, with virus attacks signaled by flashing screens and alarms.

However, this is far from the truth today.

The threats are no less real now, but they are low-profile, well-targeted, and more likely to be about making cash than creating chaos.

Today, malware is unlikely to delete your hard disk, corrupt your spreadsheet, or display a message. Such cyber-vandalism has given way to more lucrative exploits. Today’s viruses might encrypt all your files and demand a ransom.

Or a hacker might blackmail a large company by threatening to launch a denial-of-service attack, which prevents customers from accessing the company’s website.

More commonly, though, viruses don’t cause any apparent damage or announce their presence at all. Instead, a virus might silently install a keystroke logger, which waits until the victim visits a banking website and then records the user’s account details and password, and forwards them to a hacker via the Internet.

The hacker is an identity thief, using these details to clone credit cards or plunder bank accounts. The victim isn’t even aware that the computer has been infected. Once the virus has done its job,

it may delete itself to avoid detection.

Another trend is for malware to take over your computer, turning it into a remote-controlled zombie. It uses your computer without your knowledge to relay millions of profit-making spam messages. Or, it may launch other malware attacks on unsuspecting computer users.

And as social networks like Facebook and Twitter have grown in popularity, hackers and cybercriminals are exploiting these systems to find new ways of infecting computers and stealing identities.

Hackers may not even target large numbers of victims any more. Such high-visibility attacks bring unwanted attention, and antivirus companies can soon neutralize malware that is widely reported. In addition, large-scale exploits can bring hackers more stolen data than they can handle. Because of this, threats are becoming more carefully focused.

Spearphishing is an example. Originally, phishing involved sending out mass-mail messages that appeared to come from banks, asking customers to re-register confidential details, which could then be stolen. Spearphishing, by contrast, confines itself to a small number of people, usually within an organization. The mail appears to come from colleagues in trusted departments, asking for password information. The principle is the same, but the attack is more likely to succeed because the victim thinks that the message is internal, and his or her guard is down.

Stealthy, small-scale, well-targeted: for now,

this seems to be the way that security threats

are going.

What of the future, though? Predicting how security threats will develop is almost impossible. Some commentators assumed that there would never be more than a few hundred viruses, and Microsoft’s Bill Gates declared that spam would no longer be a problem by 2006. It’s not clear where future threats will come from, or how serious they will be. What is clear is that whenever there is an opportunity for financial gain, hackers and criminals will attempt to access and misuse data.

What is Trojan?

A Trojan horse, or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses can make copies of themselves, steal information, or harm their host computer systems. Many trojans rely on drive-by downloads or install via online games or internet driven applications in order to reach target computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of “social engineering,” presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers.

A trojan is used for

1.Capturing the user's screen

2.Crashing the computer

3.Keystroke logging (Including usernames and password )

4.Use of the machine as part of a botnet (e.g. to perform
automated spamming or to distribute Denial-of-service attacks)

5.Electronic money theft

6.Data theft (e.g. retrieving passwords or credit card
information)

7.Installation of software, including third-party malwares

8.Downloading or uploading of files on the user's computer

9.Modification or deletion of files

10.Anonymising internet viewing

These are some few functionality of trojan horse, different scripts have different functions.

Popular trojan horses

Netbus (by Carl-Fredrik Neikter)
Subseven or Sub7(by Mobman)
Y3K Remote Administration Tool (by Konstantinos & Evangelos Tselentis)
Back Orifice (Sir Dystic)
Beast
Zeus
The Blackhole exploit kit
Flashback Trojan (Trojan.BackDoor.Flashback)

Avoiding Trojan

1. Never execute programs unless they are from a trusted source.

2. Never open e-mail attachments unless you know who they're from, especially attachments with the extensions .exe, .ink and .vbs.

3. Update your antivirus and security software on a regular basis.

4. Install patches and security updates for your operating system and software as they become available.

5. Beware of homemade CDs and floppy disks or pen-drive. If you plan to use these disks in your computer, scan them with your anti-virus software first.

6. Never accept programs transferred by instant messaging applications.

PHISHING - an introduction

The most common way a usual internet user get attacked by hackers is phishing. Phishing is one of many ways by which your private data can be attacked. Wikipedia describes phishing as :

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Phishing attack can be used to get your social networks's password, your bank account's information or any other private information which can be dangerous in hands of hackers. Broadly speaking it is a way of fooling a person. I mean the victim gives the information on a site which look legitimate, but it is not.

For explaining the rest of the part let us take an example of bank account's phishing attack.

Suppose the hacker want to have back account's information. So he go to the bank's official web site and make a copy of the page where users log in to their account. The copied page looks similar to the original one. The attacker creates a php script , that copies the user name and password to a simple text file accessible to the hacker. Little changes are made in the copied log in page of bank to get the password but it does not affect the look of the page, it is similar to the original page. Now he upload the copied page, the php script and a blank text file to get passwords to a server.

This was the hackers part, now here come the step where the user get trapped.
The attacker will send the link of the copied fake page of bank's login area to the user, claiming that he is a bank authority. The user generally log in through the fake copied page and his password is stolen and the hacker can access his account using his password. There are numerous ways in which a fake mail can be sent, editing the from field, the header and much more.

Using a similar way facebook's or gmail's fake page can be created.
The hacker get the passwords written on a text file as follows :

OK! so how to stop this and prevent phishing attack?

PREVENTING phishing attack

Be suspicious of any email with urgent requests for personal financial information

Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle

Avoid filling out forms in email messages that ask for personal financial information

Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser

Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to facebook? Does the address line display something different like "http://www.somethibgelse.com/facebook/login.htm?" Be aware of where you are going.

Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate

If you are on facebook and you click on any suspicious link(other than facebook)link that asks you to enter password and login details. Never do it.

At last if you find that this is a phishing/spoofing , bring it in notice of reportphishing@antiphishing.org

Indian users can go to: www.complaints-india.com/Online-Scam-Complaints/Phishing-Scams/

The most important step towards avoiding phishing is to look at the URL where you are entering any information

Subscribe to: Posts ( Atom )

How to keep passwords safe from the hackers?

SSL - Secure Socket Layer

The only guy who can protect you against hackers is YOU!

Control Your Default Privacy

Enable Secure Browsing (https) and Login Notifications

How it works?

History!

Crypters

How Crypters Work?

FUD

What is botnet?

More about it...