Search This Blog

Showing posts with label Warning. Show all posts
Showing posts with label Warning. Show all posts

Tuesday, August 30, 2011

When Hackers Become the Good Guys


At DefCon III in 1995, the young crowd of 470 spent their time jamming a local radio station broadcast and playing Hacker Jeopardy at midnight when they couldn't drink at the bar. "Free Kevin" stickers were plastered everywhere protesting the jailing of fugitive hacker Kevin Mitnick, and a 14-year-old ran away from home to attend the event. (I know because I was there.)
At DefCon 19 this year, plenty of the nearly 12,000 attendees had gray hair, most work as security professionals, and some even brought their children. Mitnick was there signing copies of his latest book, "Ghost in the Wires," and posing for photographs, before appearing as a guest on "The Colbert Report" last week.
A community is growing and growing up.
In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser," Richard Thieme, author of "Mind Games" and a professional speaker, recounted in his DefCon talk this year and in an interview with CNET afterward. "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"
Moss, aka "Dark Tangent," started DefCon in 1993 as a farewell party to a buddy, only to have it become the world's largest hacker conference. He sold off the more commercial Black Hat security conference, which frees him up for public service--he serves on the Homeland Security Advisory Council and was named the chief security officerfor the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) earlier this year.
Another hacker role model who is having a very direct impact on U.S. cyber security policies and funding is Peiter Zatko, who was better known as "Mudge" when he was a member of The Cult of the Dead Cow (CDC) and L0pht hacker groups in the 1990s. He presented at a session on password cracking and holes in Microsoft software at DefCon in 1996. This year, he gave a keynote talk at Black Hat about his plans as program manager for the information innovation office at the Defense Department's DARPA (Defense Advances Research Projects Agency) to fund hacker spaces and small security start-ups.


Read more: http://news.cnet.com/8301-27080_3-20095649-245/when-hackers-become-the-man/#ixzz1WVPoCjyq

Thursday, August 11, 2011

TABNABBING: BEWARE OF NEW TYPE OF PHISHING ATTACK

Phishing attack is one of the best methods used for hacking email passwords. Aza Raskin introduced new way of Phishing called Tabnabbing.

Tabnabbing - New Type of Phishing Attack :

Tabnabbing is using the same phishing concepts which we were using previously. But, there are slight changes made to our conventional Phishing method.

Requirements for attack:

- The attacker must have a website.
- The attacker has to embed javascript file(necessary for phishing) in his website.
- Tabnabbing implements multi-tabbing advantage. So, user must browse with multiple tabs.

How Tabnabbing works???

- The user visits the attacker site which looks normal at first.
- The user switches from this attacker site tab and opens another site in new tab, leaving this attacker site tab open. Assume that user opens many tabs.
- While the user browses another site, the attacker site which is left open in previous tab changes or redirects itself to a phishing page say Gmail login.
- Now, when the user returns back to this tab, he may not remember exactly which site he had opened. He will now see fake Gmail login and will think that he has left this Gmail login tab open.
So, now, without checking out url of the site, the user is most probable of logging in to his account.
- Once he enters his login userid and password in our phisher, this information is sent to our inbox or any online account. Thus, his account hacked using this Tabnabbing.

How to protect yourself from Tabnabbing???

The most useful way to remain protected from such attacks is to reside on addons like Secure Login for logging in to any online account. So, when you return to attacker website(which has been redirected to phisher), the addon Secure Login will check for url and will show the message:

"No login data found for this page"

So, even if the attacker website has changed itself to phisher and the user has forgotten to check it's url, Secure Login will alert user that page is a phisher. Also, it is expected that various browsers will soon release a fix for this hack.

So friends, beware of this new phishing attack - Tabnabbing and protect your online accounts. Remember, Secure Login is the best solution to phishing attacks. If you have any views on this new phishing attack, please share it with us in comments.

Sunday, July 31, 2011

How to avoid facebook scams

Facebook is the part of people's daily life. It's no. 1 social networking website so it is used for spreading scams by spammers. Scammers search through Facebook user accounts and gather information from public profiles to send phishing emails so they can gather more secure information such as bank account numbers, credit card numbers and user login and password to other secure sites. On facebook scammers use Facebook applications to gather user's information and use their profile to post links of worms and trojans.

Steps to protect your facebook account from scams:

Steps


  1. Avoid clicking on short url's posted in facebook. If you want to click that link, verify it first from the person who posted it. MOst of this type of links are posted by facebook worms.
  2. Most of the scams are of the form of some videos. So avoid to click on such video link without verifying.
  3. If any of your friend send a link with some strange message, ask your friend first before click on those links.
  4. If after clicking on a link, it is aksing for some permission for using your profile information as every application ask before use. Be sure to check all the permission whether it is asking for valid permission or not.
  5. Try to use less application on facebook. Most of the applications on facebook are useless.
i know it's hard to avoid facebook applications but use those application after verifying it. Most of the scammers use your information for phishing and selling your information to other parties