2 days back i went to one mid size web services company. While waiting at the reception area, to kill time, i thought to listen to some music on my phone. When i took it out, i saw that my phone was detecting a WiFi network which was of that company. In due curiosity i tried to connect and it asked for password. I entered the default password "12345" just for fun. To my shock, it got connected and i was able to browse on my phone, but through the company's network.
That is a serious issue. I mean, they have provided me a free pass to their network which nobody would ever find it out. I may be the good guy, but dont you think thats a serious security glitch. A web services firm has not changed its password from default to a personal one and anyone with trial and error method would first try default password only. The next moment i contacted their network team and showed them that what they are ignoring is actually what others are seeing.
Criminals could be stealing from you and not even have to step foot on your property. It is WIFI hacking, and the problem does exist. Numerous people are affected daily, and might not even know it is happening.
So many people don't secure their WIFI. You could drive down any neighborhood, and be able to get access to free internet, but it is when individuals take it a step further that crosses the line. Over the years, with more sensitive information transmitted, individuals need to be aware, without proper security, criminals could be accessing your WIFI network.
"If I'm just the average Joe and somebody's hacking into my WIFI with the sophistication of the tools now-a-days you will not be aware of what going on," "It is security auditing. Preventative maintenance is what I like to call it." He says in order to prevent hacking you have to be able to think like a hacker. "In the mind of a hacker I would think the value of the target. Am I trying to retaliate or disable their network, or use their network to try to hack from their network to get to other networks? So if I was detected it would show I was coming from their location."
"Numerous crimes happen on the internet daily," Your WIFI is hacked the results could be very damaging, "There is phishing, child pornography, that's traded daily, you have internet fraud, financial identity fraud, purchases that are made with stolen credit cards, all of these all of them if someone were to hacking into your WIFI, everything is going to point to you." That is because it's tracked to your IP address.
Not having the proper security on your WIFI is like locking the front door but leaving the windows open. So if you want to be sure to dead bolt your WIFI , "It's critical to keep up to date with all the software patches if Microsoft comes out with a new patch you need to be aware of that and go ahead click update."
"Change your passwords often and make them hard passwords," , and if you change your password make sure to change it on the router and each computer. He also says to keep your network hidden. One of the best ways to keep someone from doing real damage with your WIFI is to have a good firewall, "There are some out here that you can actually get to, connect to, but you can't go anywhere once you connect.
Be aware if someone is caught stealing the internet, they can be charged with a class a misdemeanor, and if any information is obtained it's a felony.
Many people ignore updates that pop up, or just put them off for later. It is always best to be safe than sorry because it's what you can't see, that can be the most damaging.
Friday, May 7, 2010
Tuesday, February 2, 2010
Have i really become a Millionaire?
I still remember my school/college days when people had a simple method of hacking. They would either hack your e mail account by guessing the password or by installing a key logger in your computer or may be by phishing.
First two methods are obsolete now but phishing has taken a new form and advanced version is used for your bank accounts hacking.
The hackers today are getting more advanced each day and are creating innovative ideas to hack. Morover hacking is not just getting into your account now, it revolves around money.
Thus we can say that now they dont even need your account to get money, all they use is power of internet.
Well i am talking about the sudden mails which tell you that you have won a jackpot in some lottery or som one died and you are the chosen one to get all his money.
I hope you must have got these type of mails.
Sadly many people have fallen in trap and lost hundreds of thousands of their money.
I personally got many emails claming that i have become super rich :)
Here are excerpts from those mails
from Mr. Harley Wade <meuoidb@mersin.edu.tr>
reply-to "Mr. Harley Wade" <mrharleywade@ymail.com>
to
date Tue, Feb 2, 2010 at 1:59 AM
subject Hello
mailed-by mersin.edu.tr
Dear friend,
I am the above named person but now undergoing medical treatment in Canada. I worked with Bahamas Drilling Corporation for over a decade I married for fifteen years without a child. my wife died after a brief illness that lasted for two weeks.I vow to use my wealth for the down trodden and the less privileged in the society.
Since the doctor had comfirmed my situation that I will not live long I have decided to give out my money to the poor. Deposited the sum of 5M United State Dollars (Five Million United State Dollars) with my Bank.Presently in Bahamas, this money is still there. Recently,my Doctor told me that I would not last for long that i can't answer phone calls or talk much for long due to cancer problem.Though what disturbs me most is my stroke. Having known my condition I decided to donate this fund to an individual or better still a God fearing person who will utilize this money the way I am going to instruct here in.
I want an individual that will use this to fund and provide succor to poor and indigent persons, orphanages, and above all those affected in the Tsunami in far Asia and the Hurricane Katrina Disasters.I understand that blessed is the hand that giveth.
I took this decision because I do not have any child that will inherit this money and my relatives are not inclined to helping poor persons and I do not want my hard earned money to be misused or spent in the manner I will not like and I also do not want a situation where this money will be used in an ungodly manner, hence the reason for taking this bold decision. I am not afraid of death hence I know where I am going.I know that I am going to be in the bosom of the Almighty.I do not need any telephone communication in this regard because of my health, and because of the presence of my relatives around me always. I do not want them to know about this development but i can check my mail time to time over here to give you further instruction's on how to get to the bank to release the funds to you, but you shall promise me that you are going to give 40% to the orphanages and help assist in the work of GOD.
With God all things are possible. As soon as I receive your reply I shall give you the contact of the Bank. I will also issue them a letter of authority and change of ownership certificate,that will empower you as the original beneficiary of this fund,through my Lawyer. I want you to always pray for me. My happiness is that I lived a life worthy of emulation. Whosoever that wants to serve the Almighty must serve him with all his heart and mind and soul and also in truth. Please always be prayerful all through your life.
Any delay in your reply will give me room in sourcing for an individual for this same purpose.
Please assure me that you will act according to my specification herein.Hoping to hear from you.
Thank you and may the Almighty bless you.
God Bless You,
Mr Harley Wade.
from MANAGING DIRECTOR IMF <imfdirector@imf.org>
reply-to imfoffice92@centrum.sk
to
date Mon, Feb 1, 2010 at 10:59 PM
subject INTERNATIONAL MONETARY FUND
INTERNATIONAL MONETARY FUND
20 FISKERTON ROAD LINCOLN,LN3 4LA
LONDON-UNITED KINGDOM
TEL: +44-704-574-7261
FAX: +44-87-1251-7351
Attention
THIS IS TO NOTIFY YOU THAT YOUR OVER DUE INHERITANCE/CONTRACT FUNDS VALUE $12.5MILLION HAS BEEN APPROVED FOR RELEASED IMMEDIATE RELEASE VIA BANK OF AMERICA.
I SAW YOUR NAME (IN THE CENTRAL COMPUTER AMONG THE LIST OF UNPAID BENEFICIARIES, CONTRACTORS, LOTTERY INNERS,INHERITANCE NEXT OF KIN, THAT WAS ORIGINATED FROM UNITED KINGDOM AMONG THE LIST OF INDIVIDUALS AND COMPANIES THAT YOUR UNPAID FUND HAS BEEN LOCATED US.
YOUR NAME APPEARED AMONG THE BENEFICIARIES WHO WILL RECEIVE A PART-PAYMENT OF $12.5MILLION WHICH HAS BEEN APPROVED ALREADY TO BE RELEASE TO YOU.
MEANWHILE, A MAN CAME TO OUR OFFICE FEW DAYS AGO WITH A LETTER OF AUTHORITY, CLAIMING TO BE YOUR TRUE REPRESENTATIVE.
HERE ARE HIS INFORMATION'S FOR YOU TO CONFIRM TO THIS OFFICE IF THIS MAN IS TRULY FROM YOU OR NOT SO THAT WE WILL NOT BE HELD RESPONSIBLE FOR PAYING INTO THE WRONG ACCOUNT NAME:
NAME: MR.BROWN JOHNSON
BANK NAME: CITI BANK
BANK ADDRESS: ARIZONA, USA.
ACCOUNT NUMBER: 6503809428.
PLEASE, DO RECONFIRM TO THIS OFFICE, AS A MATTER OF URGENCY IF THIS MAN IS FROM YOU.
I APOLOGIZE TO YOU ON BEHALF OF IMF (INTERNATIONAL MONETARY FUND) HTTP://WWW.IMF.ORG/EXTERNAL/NP/EXR/CHRON/MDS.ASP FUTURE TO PAY YOUR FUNDS IN TIME, WHICH ACCORDING TO RECORDS IN THE SYSTEM HAD BEEN LONG OVERDUE.
PLEASE GET BACK TO ME IMMEDIATELY WITH YOUR COMPLETE DETAILS AND ACCOUNT INFORMATION TO ENABLE US FORWARD YOUR INFORMATION TO OUR PAYING BANK IN NEW YORK SO THAT YOUR FUNDS CAN BE TRANSFER TO YOU WITHIN 48 HOURS.
YOURS SINCERELY,
MR.DOMINIGUE STRAUSS-KAHN
MANAGING DIRECTOR IMF
rom LIU YAN <liuyan51@yahoo.com.hk>
reply-to yan.liu56@yahoo.com
to
date Fri, Jan 29, 2010 at 6:06 PM
subject ATTENTION PLEASE..28/01/10
FROM: Liu Yan
Bank of China Ltd.
13/F. Bank of China Tower
1 Garden Road
Hong Kong,
I sincerely ask for forgiveness for I know this may seem like a complete
intrusion to your privacy but right about now this is my best option of
communication. This mail might come to you as a surprise and the
temptation to ignore it as frivolous could come into your mind; but please
consider it a divine wish and accept it with a deep sense of humility
This letter must surprise you because we have never meet before neither in
person nor by correspondence,but I believe that it takes just one day to
meet or know someone either physically or through correspondence.
I got your contact through my personal search, you were revealed as being
quite astute in private entrepreneurship,and one has no doubt in your
ability to handle a financial business transaction. I am Liu Yan a
transfer supervisor operations in investment section in Bank of China Ltd.
Secretariat of the BOCHK Charitable Foundation 13/F. Bank of China Tower,
1 Garden Road,Hong Kong I have an obscured business suggestion for
you.Before the U.S and Iraqi war our client General Mohammed Jassim Ali
who work with the Iraqi forces and also business man made a numbered fixed
deposit for 18 calendar months, with a value of (I will disclose amount
upon your reply) in my branch.
Upon maturity several notices was sent to him, even early in the war,again
after the war another notification was sent and still no response came
from him,We later find out that General Mohammed Jassim Ali and his family
had been killed during the war in a bomb blast that hit their home.
After further investigation it was also discovered that General Mohammed
Jassim Ali did not declare any next of kin in his official papers
including the paper work of his bank deposit. And he also confided in me
the last time he was at my office that no one except me knew of his
deposit in my bank. So, (I will disclose amount upon your reply) is still
lying in my bank and no one will ever come forward to claim it. What
bothers me most is that, according to the laws of my country at the
expiration 3 years the funds will revert to the ownership of the Hong Kong
Government if nobody applies to claim the funds.
Against this backdrop, my suggestion to you is that I will like you as a
foreigner to stand as the next of kin to General Mohammed Jassim Ali so
that you will be able to receive his funds.I want you to know that I have
had everything planned out so that we shall come out successful.
I have contacted an attorney who will prepare the legal documents that
will back you up as the next of kin to General Mohammed Jassim Ali, all
what is required from you at this stage is for you to provide me with your
Full Names, private phone number and Address so that the attorney can
commence his job. After you have been made the next of kin, the attorney
will also fill in for claims on your behalf and secure the necessary
approval and letter of probate in your favor for the transfer of the funds
to an account that will be provided by you with my guidance.There is no
risk involved at all in the matter as we are going adopt a legalized
method and the attorney will prepare all the necessary documents.
Please endeavor to observe utmost discretion in all matters concerning
this issue.
Once the funds have been transferred to your nominated bank account we
shall discuss the percentage issue on your reply.
If you are interested please send me your full names and current
residential address, and I will prefer you to reach me on my private and
secure email address below and finally after that I shall provide you with
more details of this operation.
Best Regards
Liu Yan
You must be laughing after seeing these mails. Suddenly i am chosen one, lucky one and would soon be millionaire.
But reality is that you will lose your hard earned money . Many people have been unlucky and lost their money.
The procedure :
1) You will recieve such email claiming that you have won so and so thing or you are chosen one to get all the money
2) As per mail you reply to them that you are interested
3) They need your bank info and you provide them
4) Next they will ask for some service charge or processing fees or guarantee fees or whatsoever way they want you to give money
5) Step 4 is repeated many times till you have given some lacs in cash to them
6) Congrats , you have made them rich and yourself a fool. they suddenly dissapear
Dear, no one in this world will give you money like that. You think that a person on death bed will contact you from far off country to give you money by email??? wont he give it to any of his known person
A bank person wants to send you money that some one has died and his money is lying in bank , wont he himself take it???
Think friends, think...... This is not a reality. No one will make you millionaire in one day.
Recently in India a man fell into their trap. He got a SMS telling that he has won and he gave processing fees also. Then another time he was asked to pay but he luckily got to know he was being fooled thus he told that i will give money but only in person. The person came 2 Bangalore and was caught and was found out that he has duped many people
This is what happens.
So dear folks, Next time you recieve such mail or sms, ignore it, no one will make you rich that way..
Best of luck :)
First two methods are obsolete now but phishing has taken a new form and advanced version is used for your bank accounts hacking.
The hackers today are getting more advanced each day and are creating innovative ideas to hack. Morover hacking is not just getting into your account now, it revolves around money.
Thus we can say that now they dont even need your account to get money, all they use is power of internet.
Well i am talking about the sudden mails which tell you that you have won a jackpot in some lottery or som one died and you are the chosen one to get all his money.
I hope you must have got these type of mails.
Sadly many people have fallen in trap and lost hundreds of thousands of their money.
I personally got many emails claming that i have become super rich :)
Here are excerpts from those mails
from Mr. Harley Wade <meuoidb@mersin.edu.tr>
reply-to "Mr. Harley Wade" <mrharleywade@ymail.com>
to
date Tue, Feb 2, 2010 at 1:59 AM
subject Hello
mailed-by mersin.edu.tr
Dear friend,
I am the above named person but now undergoing medical treatment in Canada. I worked with Bahamas Drilling Corporation for over a decade I married for fifteen years without a child. my wife died after a brief illness that lasted for two weeks.I vow to use my wealth for the down trodden and the less privileged in the society.
Since the doctor had comfirmed my situation that I will not live long I have decided to give out my money to the poor. Deposited the sum of 5M United State Dollars (Five Million United State Dollars) with my Bank.Presently in Bahamas, this money is still there. Recently,my Doctor told me that I would not last for long that i can't answer phone calls or talk much for long due to cancer problem.Though what disturbs me most is my stroke. Having known my condition I decided to donate this fund to an individual or better still a God fearing person who will utilize this money the way I am going to instruct here in.
I want an individual that will use this to fund and provide succor to poor and indigent persons, orphanages, and above all those affected in the Tsunami in far Asia and the Hurricane Katrina Disasters.I understand that blessed is the hand that giveth.
I took this decision because I do not have any child that will inherit this money and my relatives are not inclined to helping poor persons and I do not want my hard earned money to be misused or spent in the manner I will not like and I also do not want a situation where this money will be used in an ungodly manner, hence the reason for taking this bold decision. I am not afraid of death hence I know where I am going.I know that I am going to be in the bosom of the Almighty.I do not need any telephone communication in this regard because of my health, and because of the presence of my relatives around me always. I do not want them to know about this development but i can check my mail time to time over here to give you further instruction's on how to get to the bank to release the funds to you, but you shall promise me that you are going to give 40% to the orphanages and help assist in the work of GOD.
With God all things are possible. As soon as I receive your reply I shall give you the contact of the Bank. I will also issue them a letter of authority and change of ownership certificate,that will empower you as the original beneficiary of this fund,through my Lawyer. I want you to always pray for me. My happiness is that I lived a life worthy of emulation. Whosoever that wants to serve the Almighty must serve him with all his heart and mind and soul and also in truth. Please always be prayerful all through your life.
Any delay in your reply will give me room in sourcing for an individual for this same purpose.
Please assure me that you will act according to my specification herein.Hoping to hear from you.
Thank you and may the Almighty bless you.
God Bless You,
Mr Harley Wade.
from MANAGING DIRECTOR IMF <imfdirector@imf.org>
reply-to imfoffice92@centrum.sk
to
date Mon, Feb 1, 2010 at 10:59 PM
subject INTERNATIONAL MONETARY FUND
INTERNATIONAL MONETARY FUND
20 FISKERTON ROAD LINCOLN,LN3 4LA
LONDON-UNITED KINGDOM
TEL: +44-704-574-7261
FAX: +44-87-1251-7351
Attention
THIS IS TO NOTIFY YOU THAT YOUR OVER DUE INHERITANCE/CONTRACT FUNDS VALUE $12.5MILLION HAS BEEN APPROVED FOR RELEASED IMMEDIATE RELEASE VIA BANK OF AMERICA.
I SAW YOUR NAME (IN THE CENTRAL COMPUTER AMONG THE LIST OF UNPAID BENEFICIARIES, CONTRACTORS, LOTTERY INNERS,INHERITANCE NEXT OF KIN, THAT WAS ORIGINATED FROM UNITED KINGDOM AMONG THE LIST OF INDIVIDUALS AND COMPANIES THAT YOUR UNPAID FUND HAS BEEN LOCATED US.
YOUR NAME APPEARED AMONG THE BENEFICIARIES WHO WILL RECEIVE A PART-PAYMENT OF $12.5MILLION WHICH HAS BEEN APPROVED ALREADY TO BE RELEASE TO YOU.
MEANWHILE, A MAN CAME TO OUR OFFICE FEW DAYS AGO WITH A LETTER OF AUTHORITY, CLAIMING TO BE YOUR TRUE REPRESENTATIVE.
HERE ARE HIS INFORMATION'S FOR YOU TO CONFIRM TO THIS OFFICE IF THIS MAN IS TRULY FROM YOU OR NOT SO THAT WE WILL NOT BE HELD RESPONSIBLE FOR PAYING INTO THE WRONG ACCOUNT NAME:
NAME: MR.BROWN JOHNSON
BANK NAME: CITI BANK
BANK ADDRESS: ARIZONA, USA.
ACCOUNT NUMBER: 6503809428.
PLEASE, DO RECONFIRM TO THIS OFFICE, AS A MATTER OF URGENCY IF THIS MAN IS FROM YOU.
I APOLOGIZE TO YOU ON BEHALF OF IMF (INTERNATIONAL MONETARY FUND) HTTP://WWW.IMF.ORG/EXTERNAL/NP/EXR/CHRON/MDS.ASP FUTURE TO PAY YOUR FUNDS IN TIME, WHICH ACCORDING TO RECORDS IN THE SYSTEM HAD BEEN LONG OVERDUE.
PLEASE GET BACK TO ME IMMEDIATELY WITH YOUR COMPLETE DETAILS AND ACCOUNT INFORMATION TO ENABLE US FORWARD YOUR INFORMATION TO OUR PAYING BANK IN NEW YORK SO THAT YOUR FUNDS CAN BE TRANSFER TO YOU WITHIN 48 HOURS.
YOURS SINCERELY,
MR.DOMINIGUE STRAUSS-KAHN
MANAGING DIRECTOR IMF
rom LIU YAN <liuyan51@yahoo.com.hk>
reply-to yan.liu56@yahoo.com
to
date Fri, Jan 29, 2010 at 6:06 PM
subject ATTENTION PLEASE..28/01/10
FROM: Liu Yan
Bank of China Ltd.
13/F. Bank of China Tower
1 Garden Road
Hong Kong,
I sincerely ask for forgiveness for I know this may seem like a complete
intrusion to your privacy but right about now this is my best option of
communication. This mail might come to you as a surprise and the
temptation to ignore it as frivolous could come into your mind; but please
consider it a divine wish and accept it with a deep sense of humility
This letter must surprise you because we have never meet before neither in
person nor by correspondence,but I believe that it takes just one day to
meet or know someone either physically or through correspondence.
I got your contact through my personal search, you were revealed as being
quite astute in private entrepreneurship,and one has no doubt in your
ability to handle a financial business transaction. I am Liu Yan a
transfer supervisor operations in investment section in Bank of China Ltd.
Secretariat of the BOCHK Charitable Foundation 13/F. Bank of China Tower,
1 Garden Road,Hong Kong I have an obscured business suggestion for
you.Before the U.S and Iraqi war our client General Mohammed Jassim Ali
who work with the Iraqi forces and also business man made a numbered fixed
deposit for 18 calendar months, with a value of (I will disclose amount
upon your reply) in my branch.
Upon maturity several notices was sent to him, even early in the war,again
after the war another notification was sent and still no response came
from him,We later find out that General Mohammed Jassim Ali and his family
had been killed during the war in a bomb blast that hit their home.
After further investigation it was also discovered that General Mohammed
Jassim Ali did not declare any next of kin in his official papers
including the paper work of his bank deposit. And he also confided in me
the last time he was at my office that no one except me knew of his
deposit in my bank. So, (I will disclose amount upon your reply) is still
lying in my bank and no one will ever come forward to claim it. What
bothers me most is that, according to the laws of my country at the
expiration 3 years the funds will revert to the ownership of the Hong Kong
Government if nobody applies to claim the funds.
Against this backdrop, my suggestion to you is that I will like you as a
foreigner to stand as the next of kin to General Mohammed Jassim Ali so
that you will be able to receive his funds.I want you to know that I have
had everything planned out so that we shall come out successful.
I have contacted an attorney who will prepare the legal documents that
will back you up as the next of kin to General Mohammed Jassim Ali, all
what is required from you at this stage is for you to provide me with your
Full Names, private phone number and Address so that the attorney can
commence his job. After you have been made the next of kin, the attorney
will also fill in for claims on your behalf and secure the necessary
approval and letter of probate in your favor for the transfer of the funds
to an account that will be provided by you with my guidance.There is no
risk involved at all in the matter as we are going adopt a legalized
method and the attorney will prepare all the necessary documents.
Please endeavor to observe utmost discretion in all matters concerning
this issue.
Once the funds have been transferred to your nominated bank account we
shall discuss the percentage issue on your reply.
If you are interested please send me your full names and current
residential address, and I will prefer you to reach me on my private and
secure email address below and finally after that I shall provide you with
more details of this operation.
Best Regards
Liu Yan
You must be laughing after seeing these mails. Suddenly i am chosen one, lucky one and would soon be millionaire.
But reality is that you will lose your hard earned money . Many people have been unlucky and lost their money.
The procedure :
1) You will recieve such email claiming that you have won so and so thing or you are chosen one to get all the money
2) As per mail you reply to them that you are interested
3) They need your bank info and you provide them
4) Next they will ask for some service charge or processing fees or guarantee fees or whatsoever way they want you to give money
5) Step 4 is repeated many times till you have given some lacs in cash to them
6) Congrats , you have made them rich and yourself a fool. they suddenly dissapear
Dear, no one in this world will give you money like that. You think that a person on death bed will contact you from far off country to give you money by email??? wont he give it to any of his known person
A bank person wants to send you money that some one has died and his money is lying in bank , wont he himself take it???
Think friends, think...... This is not a reality. No one will make you millionaire in one day.
Recently in India a man fell into their trap. He got a SMS telling that he has won and he gave processing fees also. Then another time he was asked to pay but he luckily got to know he was being fooled thus he told that i will give money but only in person. The person came 2 Bangalore and was caught and was found out that he has duped many people
This is what happens.
So dear folks, Next time you recieve such mail or sms, ignore it, no one will make you rich that way..
Best of luck :)
Saturday, February 28, 2009
One More Reason not to Trust Bank Security
I hate to be the one to continually complain about security, but that doesn’t mean I won’t keep doing it. I would estimate that 95% of people are FAR too lax when it comes to security measures, and that another 4% are just plain old lax.
This latest story focuses on a concept called social engineering as a weak link in the chain (among other issues). Social engineering is the process of causing a security breach through submersive human interaction - in this case fooling bank personnel into believing you are someone you are not.The full story can be found here. These are the pertinent excerpts:
Banking on Security
Our first step was to select a vendor to impersonate. To keep the suspicion level down, it needed to be someone who’d use a computer or laptop once inside. To find out more, I sent a colleague into the bank to inquire about a checking account. While in the bank she took notice of the various pieces of office equipment, specifically the printers, faxes, and copiers.…After reviewing the list of office equipment she retrieved, we decided the best person to enter the facility was a copier technician.…On the day we planned to go in, I called the bank and indicated I was new to the copier company and wanted to get familiar with the machine to properly service the equipment. I indicated we could perform a preventive maintenance call at no charge to insure the quality of the prints and copies. The person at the bank agreed and thought it was a good idea.…I entered the bank lobby and was immediately greeted by a woman in a small glass-paneled workspace. I mentioned we called earlier, dropped the contact’s name, and indicated I was here to service the copier/printer. Without hesitation I was escorted to the machine and left unattended. To make it appear as if I were working on the device, I opened every panel on the machine, pulled all the trays out, and placed my laptop on the glass surface of the copier/printer.
I was approached by a few people who needed to make copies, I apologized for the inconvenience and said the machine might be down for 30-40 minutes. I then disconnected the network cable from the copier/printer and attached my laptop. As soon as my laptop booted up, DHCP provided a network address and I was on the internal network. I started a few of our utilities and started sniffing the traffic on the network.
Within seconds I had a variety of logins and passwords, access to numerous shared folders, data, and administrative accounts.…When I returned to my office I immediately called my contact and explained what we did and that we were successful. After retrieving the ream of paper with his password, I could hear the concern in his voice since our job confirmed his worst fears. I explained to him this type of problem can be fixed by sharing the results with his employees, and that no one person should be targeted as a single point of failure.
The good news is that the bank in this story actually hired these pros to come in and do this testing for them. That gives them the opportunity to try to plug these security holes. The bad news is that the security breach in this case is so simple that I could grab my laptop and go duplicate the attack tomorrow without any special tools or additional software.
The moral to this story is that in your business you need to be constantly vigilant and in your private life you need to be paranoid about what types of information to allow people access to.
This latest story focuses on a concept called social engineering as a weak link in the chain (among other issues). Social engineering is the process of causing a security breach through submersive human interaction - in this case fooling bank personnel into believing you are someone you are not.The full story can be found here. These are the pertinent excerpts:
Banking on Security
Our first step was to select a vendor to impersonate. To keep the suspicion level down, it needed to be someone who’d use a computer or laptop once inside. To find out more, I sent a colleague into the bank to inquire about a checking account. While in the bank she took notice of the various pieces of office equipment, specifically the printers, faxes, and copiers.…After reviewing the list of office equipment she retrieved, we decided the best person to enter the facility was a copier technician.…On the day we planned to go in, I called the bank and indicated I was new to the copier company and wanted to get familiar with the machine to properly service the equipment. I indicated we could perform a preventive maintenance call at no charge to insure the quality of the prints and copies. The person at the bank agreed and thought it was a good idea.…I entered the bank lobby and was immediately greeted by a woman in a small glass-paneled workspace. I mentioned we called earlier, dropped the contact’s name, and indicated I was here to service the copier/printer. Without hesitation I was escorted to the machine and left unattended. To make it appear as if I were working on the device, I opened every panel on the machine, pulled all the trays out, and placed my laptop on the glass surface of the copier/printer.
I was approached by a few people who needed to make copies, I apologized for the inconvenience and said the machine might be down for 30-40 minutes. I then disconnected the network cable from the copier/printer and attached my laptop. As soon as my laptop booted up, DHCP provided a network address and I was on the internal network. I started a few of our utilities and started sniffing the traffic on the network.
Within seconds I had a variety of logins and passwords, access to numerous shared folders, data, and administrative accounts.…When I returned to my office I immediately called my contact and explained what we did and that we were successful. After retrieving the ream of paper with his password, I could hear the concern in his voice since our job confirmed his worst fears. I explained to him this type of problem can be fixed by sharing the results with his employees, and that no one person should be targeted as a single point of failure.
The good news is that the bank in this story actually hired these pros to come in and do this testing for them. That gives them the opportunity to try to plug these security holes. The bad news is that the security breach in this case is so simple that I could grab my laptop and go duplicate the attack tomorrow without any special tools or additional software.
The moral to this story is that in your business you need to be constantly vigilant and in your private life you need to be paranoid about what types of information to allow people access to.
Most Popular Banking Encryption Method Cracked
According to the Epoch Times, in five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced “hash” algorithm, according to the article “Security Cracked!” from New Scientist.
The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).
What does this mean for the rest of us?Well, MD5 and SHA-1 are the two most extensively used hash algorithms in the world. These two main algorithms currently underpin many digital signature and other security schemes in use throughout the international community.
They are widely used in banking, securities, and e-commerce. In fact, SHA-1 has been recognized as the cornerstone for modern Internet security.
For example, whenever you login to your online bank account, or make a purchase from Amazon.com they tell you not to worry because “This transaction is protected by Secure Socket Layer Encryption”; well, guess what… That’s an SHA-1 encrypted session.
And if your company has set you up with a laptop and a VPN connection back to the corporate LAN, guess what? Yep, that’s an IPsec connection powered by SHA-1.
According to Bruce Schneier, who warned that this was coming 2 years ago:
For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before.
But there’s an old saying inside the NSA: “Attacks always get better; they never get worse.” Just as this week’s attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore’s Law will continue to march forward, making even the existing attack faster and more affordable.
Jon Callas, PGP’s CTO, put it best: “It’s time to walk, but not run, to the fire exits. You don’t see smoke, but the fire alarms have gone off.”
All of this demonstrates why I keep repeatedly commenting on the lack of defense in depth at our financial institutions.
If banks and investment firms would implement an additional layer of protection beyond the simple password or challenge Q&A and move to something such as Secure ID tokens, it wouldn’t matter nearly as much if a password was compromised because without the correct random code to go along with it a hacker would still be out of luck
The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).
What does this mean for the rest of us?Well, MD5 and SHA-1 are the two most extensively used hash algorithms in the world. These two main algorithms currently underpin many digital signature and other security schemes in use throughout the international community.
They are widely used in banking, securities, and e-commerce. In fact, SHA-1 has been recognized as the cornerstone for modern Internet security.
For example, whenever you login to your online bank account, or make a purchase from Amazon.com they tell you not to worry because “This transaction is protected by Secure Socket Layer Encryption”; well, guess what… That’s an SHA-1 encrypted session.
And if your company has set you up with a laptop and a VPN connection back to the corporate LAN, guess what? Yep, that’s an IPsec connection powered by SHA-1.
According to Bruce Schneier, who warned that this was coming 2 years ago:
For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before.
But there’s an old saying inside the NSA: “Attacks always get better; they never get worse.” Just as this week’s attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore’s Law will continue to march forward, making even the existing attack faster and more affordable.
Jon Callas, PGP’s CTO, put it best: “It’s time to walk, but not run, to the fire exits. You don’t see smoke, but the fire alarms have gone off.”
All of this demonstrates why I keep repeatedly commenting on the lack of defense in depth at our financial institutions.
If banks and investment firms would implement an additional layer of protection beyond the simple password or challenge Q&A and move to something such as Secure ID tokens, it wouldn’t matter nearly as much if a password was compromised because without the correct random code to go along with it a hacker would still be out of luck
How I’d Hack Your Weak Passwords
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth - yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 - whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters - like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Password Length
All Characters
Only Lowercase
3 characters4 characters5 characters6 characters7 characters8 characters9 characters10 characters11 characters12 characters13 characters14 characters
0.86 seconds1.36 minutes2.15 hours8.51 days2.21 years2.10 centuries20 millennia1,899 millennia180,365 millennia17,184,705 millennia1,627,797,068 millennia154,640,721,434 millennia
0.02 seconds.046 seconds11.9 seconds5.15 minutes2.23 hours2.42 days2.07 months4.48 years1.16 centuries3.03 millennia78.7 millennia2,046 millennia
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable - but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. - m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. - Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network - after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there!!!
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth - yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 - whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters - like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Password Length
All Characters
Only Lowercase
3 characters4 characters5 characters6 characters7 characters8 characters9 characters10 characters11 characters12 characters13 characters14 characters
0.86 seconds1.36 minutes2.15 hours8.51 days2.21 years2.10 centuries20 millennia1,899 millennia180,365 millennia17,184,705 millennia1,627,797,068 millennia154,640,721,434 millennia
0.02 seconds.046 seconds11.9 seconds5.15 minutes2.23 hours2.42 days2.07 months4.48 years1.16 centuries3.03 millennia78.7 millennia2,046 millennia
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable - but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. - m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. - Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network - after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there!!!
Wednesday, February 11, 2009
Change Your Ip In Less Then 1 Minute
1. Click on "Start" in the bottom left hand corner of screen2. Click on "Run"3. Type in "command" and hit ok
You should now be at an MSDOS prompt screen.
4. Type "ipconfig /release" just like that, and hit "enter"5. Type "exit" and leave the prompt6. Right-click on "Network Places" or "My Network Places" on your desktop.7. Click on "properties"
You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on "Local Area Connection" and click "properties"9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab10. Click on "Use the following IP address" under the "General" tab11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.13. Hit the "Ok" button here14. Hit the "Ok" button again
You should now be back to the "Local Area Connection" screen.
15. Right-click back on "Local Area Connection" and go to properties again.16. Go back to the "TCP/IP" settings17. This time, select "Obtain an IP address automatically"tongue.gif 18. Hit "Ok"19. Hit "Ok" again20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
P.S:This only changes your dynamic IP address, not your TCP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back
You should now be at an MSDOS prompt screen.
4. Type "ipconfig /release" just like that, and hit "enter"5. Type "exit" and leave the prompt6. Right-click on "Network Places" or "My Network Places" on your desktop.7. Click on "properties"
You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on "Local Area Connection" and click "properties"9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab10. Click on "Use the following IP address" under the "General" tab11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.13. Hit the "Ok" button here14. Hit the "Ok" button again
You should now be back to the "Local Area Connection" screen.
15. Right-click back on "Local Area Connection" and go to properties again.16. Go back to the "TCP/IP" settings17. This time, select "Obtain an IP address automatically"tongue.gif 18. Hit "Ok"19. Hit "Ok" again20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
P.S:This only changes your dynamic IP address, not your TCP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back
All about Spyware
There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.
What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is FreeTry: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is FreeInfo: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is FreeInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is SharewareInfo: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is SharewareInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is FreewareInfo: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is FreeInfo: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is FreeInfo: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is FreeInfo: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is FreeInfo: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".Check these sites.http://www.spychecker.com/http://www.spywareguide.com/http://www.cexx.org/adware.htmhttp://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtmlhttp://www.thiefware.com/links/http://simplythebest.net/info/spyware.html
Usefull tools...Try:
Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is FreeInfo: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is FreeTry: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is FreeInfo: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is FreeInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is SharewareInfo: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is SharewareInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is FreewareInfo: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is FreeInfo: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is FreeInfo: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is FreeInfo: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is FreeInfo: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".Check these sites.http://www.spychecker.com/http://www.spywareguide.com/http://www.cexx.org/adware.htmhttp://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtmlhttp://www.thiefware.com/links/http://simplythebest.net/info/spyware.html
Usefull tools...Try:
Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is FreeInfo: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
10-fast-and-free-security-enhancements
Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.
1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.
2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.3. Install a free spyware blocker. Our Editors’ Choice (”Spyware,” April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.
4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel Administrative Tools Services and you’ll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.
5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.
6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.
7. Buy antivirus software and keep it up to date. If you’re not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.
8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.
9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.
10. Be skeptical of things on the Internet. Don’t assume that e-mail “From:” a particular person is actually from that person until you have further reason to believe it’s that person. Don’t assume that an attachment is what it says it is. Don’t give out your password to anyone, even if that person claims to be from “support.”
For more help, you can mail me at saurabh.choudhary9@gmail.com
Subscribe to:
Posts (Atom)