Cyber security

Five Measures for Your Cyber security

1. Translate Security Answers to Another Language

Many times, security questions such as “What is your favorite book?” are much easier to break than passwords because they are susceptible to social engineering. Consider translating your answers to another language by using free online translation tools. Switching this up can serve to deter a hacker who may assume you’re sticking to only one language.

2. Start Passwords with a Space

Many modern password cracking tools, like Cain & Abel, do not take spaces into account simply because they aren’t common in passwords. Adding one to your password can throw off complex hacking software. Spaces carry other benefits, too. If you need to write your password down, only you will know a space is also needed at the front or end of it.

3. Don’t Depend on Just AES 256 Encryption

With just a few clicks, AES 256 encryption allows anyone using a PC or Mac to encrypt their files and protect them with a password. That said, there are holes, because AES 256 encryption is only as strong as the master password being used for the encryption. For example, if no randomness is used on data encrypted with AES 256, it is susceptible to the TLS CBC IV attack.
4. Do not use NTLM if the Underlying Protocol is Insecure
If you are accessing a site via HTTP or FTP — both protocols for exchanging files over the internet — never enter your credentials in a Windows authentication popup. Unlike HTTP or FTP, HTTPS and SFTP ensure data being sent from the host computer to the receiver isn’t available in plain text. HTTPS and SFTP ensure the entire transmission is encrypted, so no outside eyes can access usernames and passwords.

5. Use Drive Encryption Software

Use drive encryption software such as BitLocker on all machines. Even if you format your hard drive, sensitive data can easily be recovered from a machine if it is lost or stolen. Drive encryption software is a simple way to prevent this from happening, because it encrypts every bit of data on a storage volume.

Read more

Easy Way To Defeat a “Keylogger”

There are several ways to defeat a keylogger. I wanted to describe an easy way which does not need any software or cost you money. It is not a revolutionary or new but quite useful. Some of you may already be practicing the same.

Keyloggers and Trojans can steal you passwords, credit card details or important information while you type them on your system. We are sometimes bound to use third party systems or even our own systems may be compromised (of which we may not be aware of). So how do we defeat a keylogger?


Method

Let’s assume your password is “savemefromkeyloggers”. So when you type the password you need to ensure that you type the above password in a different obfuscated scheme. I am explaining this through an example.

Step 1:  Type “veme”

Step 2: Use your mouse pointer to bring the cursor just before “veme” and type “sa”. So what you see is “saveme” but the keylogger log would read as “vemesa”

Step 3: Use your mouse pointer to bring the cursor just after “saveme” and type “ggers”. So what you see is “savemeggers” but the keylogger log would read as “vemesaggers”

Step 4: Use your mouse pointer to bring cursor before “ggers” and type “fromkeylo”. So what you see is “savemefromkeyloggers” but the keylogger log would read as “vemesaggersfromkeylo”

Important Note: Do not use the “arrow keys” to move the cursor. Use the mouse to click at the right place so that the password key strokes are jumbled up and the keylogger owner would not be able to understand your real password.
So you can create your own method to jumble up/obfuscate your “credit card number”, “CSV”, “passwords” or anything that is critical. It is a good practice to always use the same pattern to obfuscate the same data since it would make it more difficult for anybody to decode the real password from a single sample of obfuscated password. It becomes easier to decode when there is a sample of several obfuscated forms of the same password.

Disclaimer: This method do not protect against the advanced crimeawares which use techniques like “Form Grabbing” etc. The good news is that most of the commonly available cheap keyloggers are not all equipped with the same.

Read more

How to Trace Hackers

If you spend a lot of time connected to the Internet, it is only a matter of time before a hacker attempts to gain access to your computer. Proper security and firewalls are usually all that is needed to prevent them from gaining entry, but computer owners who are less focused on system security may have a hacker slipping through their open ports. If you should find yourself in the unfortunate position of dealing with a hacker, just remember that it is entirely possible to identify and track the hacker so his cyber crimes can be reported to the proper authorities.
Instructions:

1. Open the DOS prompt on your computer. The way you get to the DOS prompt depends on what version of Windows you are using. If you are using Windows 95 or Windows 98, click "Start." then click "Programs" and end by clicking "MS-DOS." If you are using Windows NT, Windows 2000 or Windows XP, you will arrive at the DOS prompt differently. In this case, you will click "Start," then click "Run," then type either "cmd" or "command." Windows Vista is the simplest of all, since you only have to click "Start," then type "cmd."

2. Type the following command into the DOS prompt (without quotation marks): "netstat --a." This will open a routine known as Netstat, which will quickly identify all connections into and out of your computer. Typing "netstat --a" will produce a string of information that identifies your IP address, the port your computer is using for the connection, the "foreign address" of the machine you are connected to, the port that machine is using, and also the status of the connection.

3. Identify what other Netstat commands are available to you. Type "netstat ?", without the question marks. This should show you what commands are available in your version of Netstat. Typical commands include --a, -e, -n, -p proto, -r and --s. You can also combine multiple commands at once, as you will do in the following step.

4. Combine two commands to refine your search. First, use the command that identifies all connections and listening ports, which is usually "-a." Second, find the command that lists the information in numerical form, which is usually "-n." Type the command into the DOS prompt as "netstat --an." Note that you may need to change the "a" or "n" to something else, if they are identified differently in your version of Netstat.

5. Search for additional Internet activity. You should only have one connection, using one port. If a hacker has gained access to your system, an additional port will be in use. Running the command from the previous step will allow you to see what IP address the hacker is using, the hacker's hostname and the port number he is connecting through. It is possible to shut down the port and block the IP address, but for the moment, let's trace down who is gaining access to the computer and track what they are doing.

6. Run a trace route on the information you have obtained about the hacker. This affords you an idea of where the individual is located and what ISP he is using to connect to the Internet. Run the trace route by returning to the DOS prompt and typing "tracert ip address/hostname." Remove the quotation marks and replace "ip address" and "hostname" with the relevant information that was gathered in the previous step. Trace route will then trace the path of the connection, including any servers the connect must pass through before reaching you.

7. Print out the information about the intrusion, then use your firewall to block the port and IP address used by the hacker. Send a copy of the information to your local police department, the police department in the location that trace route identified for the hacker, the ISP the hacker uses and to the US Department of Justice's cybercrime website. (Follow the link in Resources.) These organizations may want to have a technician generate a detailed computer log of the intrusion and any past intrusions, so do not delete any log files from your computer.

Read more

How To Defeat The Attempts Of A Black Hat Hacker

In order to survive in the World Wide Web, there are certain things that we need to know in order to endure. The first one is that each computer user is responsible for his machine and the data that it contains. It doesn't matter if a transnational spends hundreds of millions of dollars in IT security if an absent-minded employee downloads and installs unauthorized software or falls into the email scheme of black hat hackers.

Basic Knowledge :

So, the first thing that we need to know is that computers, and networks, are like houses. If they don't have the windows and doors properly secured, anyone can enter. There are thousands of hackers in the internet looking for computers with unsecured entrances. Even worse, they have programs making the search for them. If you consider that there are hundreds of millions of computers in the world, then it is highly probable that an important percentage of them aren't properly secured.

Firewall :

In order to secure our "house", we need to have a firewall installed and properly configured. A firewall is like a lock that assures that all the entrances to your computer are properly closed, so no one from the outside can access it..

Anti Virus Software :

Another useful piece of software is the antivirus. Antivirus have been around since the first personal computers since viruses have always existed. Unfortunately, the internet has generated a demographic explosion and now they wander, freely, through the net. There are several software packages in the market, so test the ones with which you feel more comfortable and stay with the one that is more convenient for you.

Regular Updates :

The next step is to update your operating system, especially if it is Windows XP. Ninety percent of the worldwide operating system market is owned by Microsoft. For that reason, it is the preferred choice for crackers in the entire world. They are constantly looking for ways to bypass the security of this operating system, looking for weaknesses of all kind (even in something as innocent as the Media Player). In order to stop them, maintain your operating system updated.

Education in Security Techniques :

Finally, if you are inside a company, assure yourself that the users are trained. They must be able to detect if they are being victims of cracker scam. It can be through the internet messaging system, an email or even an innocent looking PowerPoint attachment sent by a friend. People are the last line of defense against black hat hacking.

Over time, black hat techniques have become more advanced and complex. Although there are computer software programs that can help a cracker in many ways, it is still a profession that requires a knack for computer software and hardware. So, as you may have noticed, black hat hackers will never disappear, which means that we need to have our computers, and our networks, prepared.

Read more