Category Archives: Computers

Hacking, Security

How strong is your password

Leave a comment

http://www.passwordsafepro.com/images/secure_passwords.gifIf you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password LengthAll CharactersOnly Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters		0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia		0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Via One Mans Blog
image: Passwordsafepro
Information Security, Internet, News

India Defends Right to Access Personal Data

Leave a comment

http://sunilnehra.com/wp-content/uploads/2011/04/login.jpgThe Indian government said Tuesday that new rules allowing it to access personal information available with Internet companies have inherent checks and balances against misuse.
The rules under section 43A of the Information Technology Act were enacted last month and reflect the government’s perception that security threats to the country can be countered by better access to online information.

The country is, for example, locked in a dispute with Research In Motion, demanding access to e-mails and other communications on RIM’s corporate service, called BlackBerry Enterprise Server.

Privacy groups and lawyers have described the rules as draconian and said they infringe Indians’ fundamental rights. “These are arbitrary powers that are being given to government, without any checks and balances,” said Pavan Dugga, a cyberlaw consultant and advocate in India’s Supreme Court.

The rules place controls on the gathering and use of personal data by Internet companies, including requiring permission from the provider of information for sharing such data. But the rules cite the government as an exception in this regard.

This article first appeared on The PC World
Computers, Technology

Top 7 Alternatives to Apple’s MacBook Air

Leave a comment

Many people consider the Apple MacBook Air to be the gold standard in ultrathin laptops, but Windows users don’t have to jump to the Mac platform to get the same slim and sleek design.

The seven lightweight laptops here are each no more than about an inch thick, and in some cases they cost several hundred dollars less than the groundbreaking Apple laptop.

Here’s how these ultrathin laptops each stack up to Apple’s popular 13.3-inch ultraportable (discussed in the order of their announcement).

Complete details

Information Security

‘Extremely weak’ security in file hosting sites

Leave a comment

http://blog.host.co.in/wp-content/uploads/2009/09/file-hosting.jpgA research carried out by the Katholieke Universiteit Leuven in Belgium and France’s Institute Eurecom reveals that the private files stored on cloud sites are extremely vulnerable to attakers. After examining 100 file hosting services, the researchers concluded that the unique URIs(Uniform Resource Identifiers) were too predictable and easy to crack.

The service providers claim that these URIs are secret and cannot be guessed, but the research results prove to be otherwise. The research reveals that the ‘secret’ URIs are generated in a predictable fashion; thereby making it easy for the attackers to guess and get access to the content.

The report did not point out any particular service provider specifically. However, during a month’s testing they could extract more tha 168,000 private files.

Source: PCPRO
Information Security

Fraud Prevention Trends in 2011

Leave a comment

http://www.tctinvestigations.com/images1/fraud-prevention-services.jpgWith the exponential rise in internet usage online transactions are also increasing; and so is the number of online frauds increasing. Thus the companies not only have to prevent online frauds, but also they have to protect the customer privacy.

According to ThreatMetrix, California based provider of cloud-based fraud prevention solutions, there has been a shift in fraud detection. The shift has been from cookie based identification to utilizing device identification, i.e., detecting returning visitors based on attributes of the device. Also the rules have been improved to use the information to detect spoofed devices and IP addresses as well as sniff out botnets.

Some other trends and predictions in fraud prevention as shared by ThreatMetrix are given as below:

1. Less Reliance on Cookies and Personally Identifiable Information (PII).

As the consumers are becoming more aware of the online frauds these days, they concerned with online privacy. Many of them block or delete cookies themselves or using security software. Hence many fraud prevention solutions are becoming ineffective. Thus there is this shift towards cookieless device identification and device fingerprinting in preventing fraudulent transactions today.

 

2. New Classes of Devices Become Commodities for Fraudsters.

The users use new devices like Smartphone and tablets in which they can hide their IP address and thus eliminate the possibility of detecting the source of transactions.

 

3. Use of Fraud Prevention Solutions Across the Entire Value Chain.

Today’s fraudsters are very smart and hence the threat across the entire value chain in e-commerce continues to persist. Thus the use of fraud prevention software has become very important for the online brands.

 

4. Rise of Online Services and Digital Goods Encouraging Fraud Automation.

The real time online transactions have increased considerably which is now the hot target of online fraud automation and the fraudster can easily automate fraudulent transactions.

 

“Every business that transacts on the Internet needs better automated fraud prevention that doesn’t rely on cookies or personal identifiable information,” said Faulkner. “2011 is the year that technologies like device fingerprinting and collective fraud intelligence in the cloud become mainstream tools for web security and fraud professionals. When fighting a collective problem you need a collective solution.”

 

Source: http://www.securityweek.com/fraud-prevention-trends-2011
image: http://techinvestigations.com
Security

Types of computer virus – An overview

Leave a comment

All the viruses that attack the computer system do not act in the same way; there are certain unique patterns that one follows in their contagious activity. There are numerous types of viruses that have come into existence that hits the security system of the computers. Behavior of the computer virus is troublesome as they delete or corrupt the data that are available in storage at the hard drive or interrupts the normal functionality of the operating system.

http://www.hugepedia.com/wp-content/uploads/2010/03/computer-virus-remove.jpgThe catching bug gets downloaded from the external sources such as internet connectivity through hidden files together with downloads; email attachments, instant messaging services and via external drives that are used to carry data.

Computer virus protection desires antivirus software to get periodically updated on advanced level antivirus tools and latest virus information that are about to affect the PCs.

Some of the types of computer virus that affects the PCs in common are as follows.

  • Resident viruses: They inhabit in the RAM interrupting into the operations of the system such as corrupting the data in the files that are used in the recent activities. Some of other resident viruses include the McKlunky, CMJ, Randex etc.
  • Companion Virus: These types of viruses are typically spread into the MS-DOS creating a file with extension of .Com or .Exd, which is called defectively when a programmer runs his program with a similar alphabet of file name with either of these extensions.
  • Network Viruses: This virus spreads via the LAN connectivity as the network is used as a medium to spread through shared resources. It spreads along the PCs that are connected along jumping from one system to another to find a new potential prey. Nimda and SQLSlammer are the dangerous network viruses.
  • Polymorphic Viruses: This type of virus replicates by creating multiple copies of the file spreading along the computers linked. Every time the replication is done it changes the digital signature, this activity makes the virus easier to spread from one system to another. Only sophisticated and updated antivirus can detect the Polymorphic virus.
  • Trojan horse: These types of computer viruses are more harmful that makes its establishment into the system and starts the viral activity. They neither copy nor replicate but strike hard on the security system. The malicious functionality of the Trojan is tougher to get out of the PCs once acquired, as they are acquired from any program on downloads.

There are various kinds of viruses that play the role of computer cracking behind the screen, which is being used as a tool to hack and destroy the data that are available on a security link of an organization.

image source : http://hugepedia.com
Security

Anti hacking tips for home based online business

Leave a comment

http://internetbusinessmastery.com/images/online%20business%20security%20vault.jpgTo protect your computer that makes money over your business is the key focus for one to afford protection. Ecommerce sounds to be the one we choose for comfortable environment that saves times, money and distance to make your business happen with good contacts over people. Dangers that attack one’s computer system starts when we use the same computer for both personal as well as for online business options. As it is found that more number of Home PC’s gets affected with virus attacks.

Hack tips and tricks

Tips on how to hack the system can also help people at critical situations but must be used on a professionally ethical way. Hacking tips are more important that one must learn which is linked to analyze the method of hack tips and tricks one employed by the password hacker and system crackers.

Keep your Business & system secure

OS Alerts: A regular maintenance acts its major part to claim on resolving the warning signs that are alerted by our Operating system on which almost all our Business applications work. Security flaw updates are notified now and then for a quick maintenance, in case of Microsoft Windows Update site can be referred. Ignorance to the Operating system warnings and updates is the first mistake one can do.

Antivirus updates: Keep track of the latest updates that are available in the antivirus program you have installed. This can help you to keep you system protected from the upcoming virus and worms that harm the system as a whole. Keep up the protection level of the antivirus with password setting for safety.

Firewall activation: Secure your in-ward and out-ward communications via firewall software installation to keep of unauthorized internet access. It may not be visible that some unlawful probe and scans happen onto your system. Port scanning is the most common practice that finds the weakness of the system exploitation. Start activation of Firewall, Go to “Start” button, select “Settings” -> Network Connection -> Properties -> Advanced ->click on “Internet Connection Firewall” box

Turn off software preview windows: There are certain worms or viruses that affect your computer without opening any attachment or link onto you system with just a small preview message window, affecting the sensitive data and information. Turning off the preview window can help via Outlook Express with the following steps.

Go to “Menu Bar”, Select – “View”, select – “Layout” then uncheck “Show Preview Pane”.

Email filters: Inbox clearance with swamping junks can be done effectively by the email filters that control the viruses and spasm from harming the system there by cutting down the access time.

image source : http://internetbusinessmastery.com/
Security

Online Banking Safety Guidelines

Leave a comment

A majority of internet users use the online banking facility. Accessing accounts to spot fraudulent transactions is now easy, or so it seems. According to a research most of the bank sites have inbuilt flaws which could potentially put valuable customer data into the wrong hands. Though it is the sole decision of the financial institution to determine the level of firewalls employed to safeguard customer information, there are some basic rules which any online bank user should use to protect personal information and finances. Some of these general rules are mentioned as under: Websites starting with URLs such as “https://” are more secure than website URLs starting with “http://”. Especially when using passwords and PIN numbers one should look out for the extra ’s’ in the URL. If the URL is followed by the name of your bank or financial institution, it is a feature that authenticates the genuineness of the site. URLs followed by a ‘host’ name should be considered unsafe. Security indicators such as padlock and lock icons do not guarantee complete security and scammers now-a-days are able to duplicate such icons. Passwords and user Ids should be a combination of upper and lower case letters, numbers and symbols. Also the length of passwords should be more than adequate (8 or more is sufficient). Using common sense and not replying to any email claiming to be from the bank to provide passwords or information to update the accounts. Last but not the least, as far as possible avoid accessing bank accounts through internet cafe, or terminals at airports or railway stations.

Security

Reasons to secure your Web Browser

Leave a comment

 

Failing to secure your Web browser can encourage unscrupulous hackers to easily take control of your PC. By not securing your Web browser, you are opening up your PC to spyware and adware programs, viruses, and other attacks with malicious intent.

About Vulnerable Web Browsers

 

Most Web browser software comes pre-installed on your PC’s operating system. The common Web browsers are Internet Explorer, Apple Safari, and Mozilla Firefox. The fact that there are three popular types make it easier for hackers to focus on vulnerabilities and then exploit them with malicious software attacks.

 

Malicious attacks take advantage of the following:

A lot of Web surfers neglect to configure their Web browser security settings or do not understand how to do this.

Many users view enabling and disabling certain functions as a hassle so they do not take these security measures.

The average Web surfer clicks on ads and links without thinking about the reputation of the website or the consequences of their clicking habits.

Web browser users tend to concentrate on all of the advantages that are highlighted by the Web browser creator and do not consider what effect these improvements have on the overall security.

New PCs with Web browsers pre-installed usually contain other types of software bundled together. Although the software seems like a good deal, the PC user does not realize that the additional software increases the vulnerabilities to attacks.

Many websites encourage the download of added tools to enhance the browsing experience such as Plug-Ins, Java, ActiveX, and other related software. While these tools enhance the browsing experience, they also increase the vulnerability of your Web browser.

New vulnerabilities are always discovered once a Web browser has been released to the public. Until there is an upgrade to counteract the problem, the Web browser is vulnerable and open to software attack.

These are only a few reasons why you should secure your Web browser. The process of configuring your browser security features is rather simple to accomplish and well worth the investment of a few minutes of your time.

Due to the explosion of the Internet, attacking the vulnerabilities in Web browsers has become one of the most popular ways for intruders to take over your computer, steal your identity and passwords, spy on your surfing habits, and in the worst cases, destroy your computer altogether.

source | more on browser security  | image source

Security

Cyber security Basics for Beginners

Leave a comment

What information is collected?

When you visit a website, a certain amount of information is automatically sent to the site. This information may include the following:

  • IP address – Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet—this is a dynamic IP address. You can determine your computer’s IP address at any given time by visiting www.showmyip.com.
  • domain name – The internet is divided into domains, and every user’s account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA).
  • software details – It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running.
  • page visits – Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often available to the organization operating the website.

If a website uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you’ve visited. If the site you’re visiting is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk.

How can you limit the amount of information collected about you?

  • Be careful supplying personal information – Unless you trust a site, don’t give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information. Although some sites require you to supply your social security number (e.g., sites associated with financial transactions such as loans or credit cards), be especially wary of providing this information online.
  • Limit cookies – If an attacker can access your computer, he or she may be able to find personal data stored in cookies. You may not realize the extent of the information stored on your computer until it is too late.
  • Browse safely – Be careful which websites you visit; if it seems suspicious, leave the site. Also make sure to take precautions by increasing your security, keeping your virus definitions up to date, and scanning your computer for spyware.
Image source : RHIC News