What it is.
Social engineering, in the context of computer security, refers to tricking people into divulging personal information or other confidential data. ... If you follow the instructions in the alert message, you may end up downloading spyware or giving away personal information over the phone.
Tuesday, 16 January 2018
Brute Force Attacks
What It Is
A brute force attack is a trial and error, automated software that is used to generate a large number of consecutive guesses as to the value of the desired data.
Why It's Used
It is used to obtain information such as a user password or personal identification number (PIN).
A brute force attack is a trial and error, automated software that is used to generate a large number of consecutive guesses as to the value of the desired data.
Why It's Used
It is used to obtain information such as a user password or personal identification number (PIN).
How is it prevented?
They can be prevented by the website by requiring the user to input a complex and difficult password so it is hard to guess.
What is a dictionary hack approach?
It is where a brute-force attack starts with dictionary words or slightly modified dictionary words, as most people will use those rather than a completely random password. Rather than just random strings of characters.
How to Prevent Brute Force Attacks.
Websites can prevent brute force attacks by limiting the amount of times that the hacker or user can try to log in. This prevent the hacker from trying every possible combination and using someone else's account. Also use a strong password so it will take longer to find it.
What Makes a Strong Password?
The use of symbols, numbers and spaces embedded into words makes it harder for hackers to discover your password.
What is a Dictionary Hack Approach?
A dictionary approach is where the hacker uses words from the dictionary, or modified words as people are more likely to choose these for a password.
How to Prevent Brute Force Attacks.
Websites can prevent brute force attacks by limiting the amount of times that the hacker or user can try to log in. This prevent the hacker from trying every possible combination and using someone else's account. Also use a strong password so it will take longer to find it.
What Makes a Strong Password?
The use of symbols, numbers and spaces embedded into words makes it harder for hackers to discover your password.
What is a Dictionary Hack Approach?
A dictionary approach is where the hacker uses words from the dictionary, or modified words as people are more likely to choose these for a password.
Monday, 15 January 2018
Data Interception & Theft
What it is
Data theft is the act of stealing computer-based information from an unknowing victim with the intent of compromising privacy or obtaining confidential information.
How data can be stolen.
Data theft is the act of stealing computer-based information from an unknowing victim with the intent of compromising privacy or obtaining confidential information.
How data can be stolen.
There is more than one way to steal data. Some popular methods are listed below:
- E-commerce: You should make sure that your data is safe from prying eyes when you sell or buy things on the Web. Carelessness can lead to leaking your private account information.
- Password cracking: Intruders can access your machine and get valuable data if it is not password-protected or its password can be easily decoded (weak password).
- Eavesdropping: Data sent on insecure lines can be wiretapped and recorded. If no encryption mechanism is used, there is a good chance of losing your password and other private information to the eavesdropper.
- Laptop theft: Increasingly incidents of laptop theft from corporate firms occur with the valuable information stored in the laptop being sold to competitors. Carelessness and lack of laptop data encryption can lead to major losses for the firm.
How to Prevent it
- Regularly test the network to find and fix security weaknesses and investigate problems to find their cause, if they happen.
- Use passwords, and strong passwords to prevent unauthorised people from accessing the network.
- Enforce user access levels to limit the number of users with sensitive information.
- Install anti-malware and firewall software to prevent and destroy malicious attacks.
- Encrypt sensitive data.
or
SQL Injection
Definition:
An SQL injection is a computer attack in which malicious code is entered in a poorly designed application and then passed to the database. The malicious data then produces database query results or actions that should never have been executed.
Why someone would use it:
Hackers frequently use SQL injection as a means of attacking and taking over databases. They could use this to and find their password log in to someones account
Examples:
' OR EXISTS(SELECT * FROM users WHERE username='user1' AND password LIKE '*w*') AND ''='
The above code would find if the letter w was in user1's password.
An SQL injection is a computer attack in which malicious code is entered in a poorly designed application and then passed to the database. The malicious data then produces database query results or actions that should never have been executed.
Why someone would use it:
Hackers frequently use SQL injection as a means of attacking and taking over databases. They could use this to and find their password log in to someones account
Examples:
' OR EXISTS(SELECT * FROM users WHERE username='user1' AND password LIKE '*w*') AND ''='
The above code would find if the letter w was in user1's password.
Denial of Service Attacks (DOS)
What it is
A denial-of-service (DoS) is any type of attack where the hackers attempt to prevent genuine users from accessing the service.
How it Works
In a DDoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses.
How a network Manager Might Prevent an Attack
You can prevent DOS attacks with dotDefender web application firewall. You can avoid DoS attacks because dotDefender inspects your HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited.
The Difference Between DOS and DDOS
A denial-of-service (DoS) is any type of attack where the hackers attempt to prevent genuine users from accessing the service.
How it Works
In a DDoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses.
How a network Manager Might Prevent an Attack
You can prevent DOS attacks with dotDefender web application firewall. You can avoid DoS attacks because dotDefender inspects your HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited.
The Difference Between DOS and DDOS
The difference between DOS and DDOS is in the origin of the attack.
- A denial of service (DOS) attack comes from a single person or network.
- A distributed denial of service attack (DDOS) will involve computers from networks all over the world. (Distributing the attack amplifies it, and it also makes it more difficult for the affected party to protect itself.)
Tuesday, 9 January 2018
Malware
Malware is short for Malicious Software. Malware is a term that refers to many different form of invasive software. Types of malware include:
Pharming
The practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information.
Viruses
A piece of code which is capable of copying itself and usually has a harmful effect, such as corrupting the system or destroying data.
Worms
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
Trojans
One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Spyware
Spyware is software that enables a user to obtain secret information about another person's computer activities by transmitting data covertly from their hard drive.
Adware
Adware is software that automatically displays or downloads advertising material such as banners or pop-ups when a user is
online.
Computer hackers are unauthorised users who break into computer systems in order to steal, change or destroy information. They have the ability to track your location, steal your money and information. They even have the ability to search through your documents and access your webcam!
Pharming
The practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information.
Viruses
A piece of code which is capable of copying itself and usually has a harmful effect, such as corrupting the system or destroying data.
Worms
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
Trojans
One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Spyware
Spyware is software that enables a user to obtain secret information about another person's computer activities by transmitting data covertly from their hard drive.
Adware
Adware is software that automatically displays or downloads advertising material such as banners or pop-ups when a user is
online.
What Hackers Can Do With Malware
How To Prevent Being Affected By Malware
Use firewall, antivirus, anti-malware, and anti-exploit technology. Your firewall and antivirus programs will detect and block the known bad guys. Meanwhile, your anti-malware and anti-exploit software can fend off sophisticated attacks from unknown people that could be hackers. Also make sure your privacy settings are on on your social media profiles as your information can be accesses via that.
Example
Cyptolocker was a Trojan ransom-ware that conned over 27 million dollars out of computers running Microsoft Windows from 5 September 2013 to late-May 2014, and was believed to have first been posted to the Internet on 5 September 2013. It spread via infected email attachments, and via an existing botnet; when activated, the malware codes certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the decoder stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline.
Subscribe to:
Posts (Atom)