Social Icons

Showing posts with label computer hacker. Show all posts
Showing posts with label computer hacker. Show all posts

Tuesday, July 23, 2013

Treat your E-Mail address classified : ADVISORY

1.    Do you know that simply your E-MAIL disclosure to a person with malicious intent can be a key to disclosing your E-mail content and other personal attributes of life?...I mean it can invade your privacy...and just for info this is an active organised crime in the cyber world.

2.   What is the most important first thing that a hacker desires to know?....and the answer is the IP Address of the victim..and all it takes to know the IP address is to send a dummy mail at the victims id.. that's it....strange it may sound but there are so many websites offering you free solutions on how to get not only the IP address but also the browser and OS system details of the victim.One of the leading sites offering a free solution is SPYPIG...this site facilitates to let you know when your email has been read by the recipient! ...this happens in form of a intimation by SPYPIG as and when the e-mail is read by the recipient.

3.   Now some thing about SpyPig ....is a simple email tracking system that sends you a notification by email when the recipient opens your message.It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others.In addition to the notification it actually sends you additional but undesired details also which can be exploited by malicious intent person.Thde details that can be used and exploited are shown here in the screen shot below in one test mail....

Red Encircled are the Critical Info

4.     But sadly,the recipient will never know of the fact that he is being tracked and so much of critical info has already swapped hands with unknown guys...I mean the OS,the browser with their respective versions etc....so in the state today the following preventions can be taken to avoid such a hijack :

-           Avoid opening E-mails from unknown sources

-      Disable Image display by default in E-Mail settings.This is important because this works on the funda of a hidden script in the image sent along with the mail.So if you disable the images display by default,it is unlikely that this will be executed.

-           Avoid sharing and disclosing your E-Mail addresses openly.

5.     To know about spypig visit : http://www.spypig.com

Friday, July 12, 2013

Cyber Security Tips for Home Users

Maximum percentage of internet users will remain the naive Home users and it is this major percentage that needs to be acquainted with the basic cyber security hygiene. This presentation will equip the basic user with a small set of skills to be slightly better on handling security front on their respective PCs.

Sunday, March 24, 2013

Twitter Session Cookie Vulnerability

1.    This one is pretty easy to show and understand..but the only thing not understandable is the fact that it actually exists even today.....so this one is about Twitter Session Cookie Vulnerability.I got to know of this at Null's delhi meet where Rishi Narang (http://www.wtfuzz.com/ )gave this demonstration of which I made a video cast subsequently and uploaded it here at your tube.


2.    In brief it goes like this...u login into your twitter account,an auth_token cookie is generated in the crowd  of various other cookies.Now this cookie only will be able to log you in your twitter account from anywhere across the web....simply watch how to exploit!!!!

3.   Thanks Rishi Narang @ http://www.wtfuzz.com/

Saturday, January 29, 2011

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History


1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:
- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE
Powered By Blogger