Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server.Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages.When we see this, we may wonder what’s the difference between http and https.In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.
What exactly is Secure Communication ?
Suppose there exists two communication parties A (client) and B (server).
Working of HTTP
When A sends a message to B, the message is sent as a plain text in an unencrypted manner.This is acceptable in normal situations where the messages exchanged are not confidential.But imagine a situation where A sends a PASSWORD to B.In this case, the password is also sent as a plain text.This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted.This scenario is illustrated using the following figure.
Now lets see the working of HTTPS
When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format.The encrypted message is decrypted on B’s side.So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (”xz54p6kd“) and not the original password.This is shown below.
How is HTTPS implemented ?
HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate.Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses
1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate contains unique, authenticated information about the certificate owner.
3. A Certificate Authority verifies the identity of the certificate owner when it is issued.
How Encryption Works ?
Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it.When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption.The public key is made available to every one but the private key(used for decryption) is kept secret.So during a secure communication, the browser encrypts the message using the public key and sends it to the server.The message is decrypted on the server side using the Private key(Secret key).
How to identify a Secure Connection ?
In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.
In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.
So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication.A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.
Tuesday, March 31, 2009
ALL ABOUT PHISHING ATTACK
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users.Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.
Recent phishing attempts have targeted the customers of banks and online payment services.Social networking sites such as Orkut are also a target of phishing.
Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack.In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.
TECHNIQUES BEHIND PHISHING ATTACK
1.Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of http://www.microsoft.com/
2.Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
How does a phishing attack/scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
How to identify a fraudulent e-mail?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
“Verify your account.”
Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.
“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking.
“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.
So the Bottom line to defend from phishing attack is
1.Never assume that an email is valid based on the sender’s email address.
2.A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3.An email from trusted organization will never contain attachments or software.
4.Clicking on a link in an email is the most insecure way to get to your account.
Recent phishing attempts have targeted the customers of banks and online payment services.Social networking sites such as Orkut are also a target of phishing.
Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack.In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.
TECHNIQUES BEHIND PHISHING ATTACK
1.Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of http://www.microsoft.com/
2.Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
How does a phishing attack/scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
How to identify a fraudulent e-mail?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
“Verify your account.”
Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.
“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking.
“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.
So the Bottom line to defend from phishing attack is
1.Never assume that an email is valid based on the sender’s email address.
2.A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3.An email from trusted organization will never contain attachments or software.
4.Clicking on a link in an email is the most insecure way to get to your account.
Monday, March 30, 2009
FIX CORRUPTED FILES IN XP
This tutorial has been made so people that are having problems
with corrupted files, can learn how to fix them easy.
// Required //
+ Windows XP operating system
+ Windows XP cd
//Steps //
+ Place the xp cd in your cd/dvd drive
+ Go to start
+ run
+ type in 'sfc /scannow' (without the ')
Now it should all load,and fix all your corrupted file on windows XP.
with corrupted files, can learn how to fix them easy.
// Required //
+ Windows XP operating system
+ Windows XP cd
//Steps //
+ Place the xp cd in your cd/dvd drive
+ Go to start
+ run
+ type in 'sfc /scannow' (without the ')
Now it should all load,and fix all your corrupted file on windows XP.
MULTIPLE MAIL ID OR ORKUT LOG IN AT A TIME
Do you ever need to check two different accounts of same service, at the same time?
As an example, consider the scenario you are checking mails of your Gmail account and at the same time you want to check another gmail account. What you normally do is open up another Gmail account in another browser. Another similar situation often encountered by many orkuttians who have multiple orkut profiles!
Now from firefox 2.0+ onwards this is solved and you can run firefox with as many accounts as you want! Here comes one of the most awaited trick!
#1. Creating a Profile.
By default firefox runs in default profile. To run another instance of firefox with different profile you need to create first a different profile. To do this run firefox with command line parameter CreateProfile followed by profile name.
Window user, can click on “Start -> Run” and execute firefox with followed by the command line arguments. For example,
"C:\Program Files\Mozilla Firefox\firefox.exe" -CreateProfile Piyush
where Piyush is name of the profile. You can use any name.
(Note that the path C:\Program Files\Mozilla Firefox\ may change as per your installation directory.)
On similar lines Linux and Mac OS user can create a new profile.
#2. Running firefox with new profile.
First start firefox the way you start. (This is to assure you that we are going in right direction).
Now Windows users can again click on “Start -> Run” and execute firefox with followed by the command line arguments,
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -P Piyush
where Piyush need to be replaced by the name of the profile you have used in step 1 while creating a new profile.
When you hit ENTER the profile will start in new context!
The key here is -no-remote command-line argument!
Another tricks:-
You will probably use two or more profiles frequently. In that case the step 2 to run firefox with a new profile will need to be tweaked!
In simplest way Windows user can right-click on existing firefox shortcut and select copy option from right-click menu.
Then paste it at your favorite place (probably desktop)
[optional] It may appear with name like Copy of Mozilla Firefox, change it to some convenient name like Rahuls Firefox or New Firefox or anything you like.
Now again right-click on new shortcut and click on properties option in right-click menu.
Switch to shortcut tab in properties window.
In target you may find - “C:\Program Files\Mozilla Firefox\firefox.exe” change it to something like “C:\Program Files\Mozilla Firefox\firefox.exe” -no-remote -P Piyush.Or you can gate a menu to chose profile if u change the target to"C:\Program Files\Mozilla Firefox\firefox.exe" -p .
Now click OK.
As an example, consider the scenario you are checking mails of your Gmail account and at the same time you want to check another gmail account. What you normally do is open up another Gmail account in another browser. Another similar situation often encountered by many orkuttians who have multiple orkut profiles!
Now from firefox 2.0+ onwards this is solved and you can run firefox with as many accounts as you want! Here comes one of the most awaited trick!
#1. Creating a Profile.
By default firefox runs in default profile. To run another instance of firefox with different profile you need to create first a different profile. To do this run firefox with command line parameter CreateProfile followed by profile name.
Window user, can click on “Start -> Run” and execute firefox with followed by the command line arguments. For example,
"C:\Program Files\Mozilla Firefox\firefox.exe" -CreateProfile Piyush
where Piyush is name of the profile. You can use any name.
(Note that the path C:\Program Files\Mozilla Firefox\ may change as per your installation directory.)
On similar lines Linux and Mac OS user can create a new profile.
#2. Running firefox with new profile.
First start firefox the way you start. (This is to assure you that we are going in right direction).
Now Windows users can again click on “Start -> Run” and execute firefox with followed by the command line arguments,
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -P Piyush
where Piyush need to be replaced by the name of the profile you have used in step 1 while creating a new profile.
When you hit ENTER the profile will start in new context!
The key here is -no-remote command-line argument!
Another tricks:-
You will probably use two or more profiles frequently. In that case the step 2 to run firefox with a new profile will need to be tweaked!
In simplest way Windows user can right-click on existing firefox shortcut and select copy option from right-click menu.
Then paste it at your favorite place (probably desktop)
[optional] It may appear with name like Copy of Mozilla Firefox, change it to some convenient name like Rahuls Firefox or New Firefox or anything you like.
Now again right-click on new shortcut and click on properties option in right-click menu.
Switch to shortcut tab in properties window.
In target you may find - “C:\Program Files\Mozilla Firefox\firefox.exe” change it to something like “C:\Program Files\Mozilla Firefox\firefox.exe” -no-remote -P Piyush.Or you can gate a menu to chose profile if u change the target to"C:\Program Files\Mozilla Firefox\firefox.exe" -p .
Now click OK.
Subscribe to:
Posts (Atom)