Saturday 10 August 2013

Best Internet Security Free Tools

1. HTTPS Everywhere

To secure your data and online communication you can use the HTTPS everywhere browser extension with either Chrome or Firefox HTTPS which protects against eavesdropping attacks during downloads and account creation.







2. LASTPASS

The LastPass team believes your online experience can be easier, faster and safer. Collectively we lose more than 10,300 hours per year retrieving lost passwords, making new ones or talking to call center representatives about them. And it gets much worse if a password is stolen and misused. We go online to connect with people, explore, shop and learn. We certainly don't go online to fuss with passwords or risk our privacy, personal or financial information. Designed by web enthusiasts and skilled application developers, LastPass was created to make the online experience easier and safer for everyone.





















See this url https://lastpass.com/

3. LongUrl

 It is useful for clearing web clutter, short links also come with the possibility of leading you to a risky, dangerous site. Use the web tool "Long URL" to revert your shortened links back to their original forms. Like using Twitter you have seen short links that can be dangerous.























See this url http://longurl.org/

4. NoScript

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality.


















See this url http://noscript.net/

5. Trusteer Rapport

It is the award winning anti-malware and encryption tool that will block any third parties from stealing your information and also keep you from entering your data into fraud sites as your bank.





















6. Hotspot Shield 

It is the tool which secure your IP addresses from hackers by protecting your browsing in public access spots like coffee shops,airports,hotels etc

















Enjoy!!!!
















Posted by at No comments:

Friday 9 August 2013

All About Tabnabbing and How it Done


Tabnabbing is computer exploits and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn�t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser. Source Wikipedia.




The Tabnabbing attack method is used when a victim has multiple tabs open, when the user clicks the link, the victim will be presented with a �Please wait while the page loads�.


In this attack, the main aim of the attacker is to redirect the browser to its fake login page where the victim can input his/her credentials.



How it is done:

Step 1: Load your Backtrack machine and the open the terminal and 
Type:  cd /pentest/exploits/set/   HIT ENTER










Step 2. type: ./set HIT ENTER























This will open Social Engineering toolkit. The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.
The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 9 months since its release,�Metasploit: The Penetrations Testers Guide�written by TrustedSec�s founder as well as Devon Kearns, Jim O�Gorman, and Mati Aharoni.

You can also download Social Engineering Toolkit for Windows.

Step 3. Now type: 1 and HIT ENTER which is social engineering.



Step 4.> Now type: 2 and HIT ENTER which is website attack vendors



Step 5.> type 4 and HIT ENTER which is tabnabbing attack method.




















Step 6.> type: 2 and HIT ENTER which is site cloner
 Enter your IP and HIT ENTER and also type the url you want to clone.In this I am cloning gmail.com and  hit enter and again hit enter.
















You can see now the tabnabbing attack is enabled now.

So now the last step is to open your browser and type the IP address which was set by you in the url bar and HIT ENTER.















This will redirect to the fake page which has been cloned. Whenever the victim types the username and password in it, it automatically redirects and the credentials will get to us.



































Enjoy!!!!

Posted by at No comments:

Wednesday 7 August 2013

All About Email Harvesting and How we can Harvest Emails

Email harvesting is the process of obtaining email addresses list. Usually it is used for sending bulk emails and also used for spamming. It is also the information gathering technique to collect information about the email id like phone numbers,addresses etc. . An automated process where a Bot is used to search Web pages for email addresses. The e-mail addresses are collected into a database that can be used by spammers to send unsolicited e-mail.

Usually in this case the attacker tries to send fake emails with the help of harvested emails which he had got.

For eg: The attacker harvests a corporate website for emails and  gets the email lists like jon@gmail.com,ram@gmail.com,jenifer@gmail.com who  working in ABC company .Now the attacker can send fake using the using these emails in the ABC company to gather information for further purposes etc.  

Note: This post is only for educational purpose, the author of this website will not be responsible for any misuse. 





How can we Harvest emails: So lets begin,

In this post I am using Email harvesting technique on IIT Bombay http://www.iitb.ac.in/





Step 1> Load on your Backtrack Machine,open terminal and type msfconsole and Hit enter .






















Step 2> Type  search collector and hit enter.



Step 3> Now we are collecting emails, Type:

Use auxiliary/gather/search_email_colector





Step 4> Now Type: Show options and hit enter 
This is used to view your current settings .











Step 5> Now Type: set domain iitb.ac.in






If you want the output file in the txt format 

Type: set outfile ABC.txt , this will store all the email addresses in the ABC file

Step 6> Now the last step is to exploit 
Type: exploit and hit enter




















So we get the emails, now attacker can use these emails for spamming and also can use these emails for information gathering.



Posted by at No comments:

Friday 2 August 2013

What is an ATM Card Skimming and PIN Capturing? Beware???

ATM Card Skimming is a method used by criminals to capture data from the magnetic stripe on the back of an ATM card. The devices used are smaller than a deck of cards and are often fastened in close proximity to or over the top of an ATM�s factory-installed card reader.
Pin Capturing refers to a method of strategically attaching cameras and various other imaging devices to ATMs; in order to fraudulently capture the ATM user�s PIN.



Where Card Skimming or Pin Capturing device is spotted on an ATM:

























What do Skimming Devices Look Like?
























Here we have another example of the skimming device being piggybacked onto the card reader























Here is the another example of a skimming device installed within this piece of ATM Machine.























Removal of a skimming device from card reader slot, the device was fitted over the card reader's throat::::























What do Pin Capturing Devices Look Like::???

There is piece fitted to the speaker area directly above the screen-can you see this additional piece--






















Can you spot a PIN capturing device?
You can clearly see the pinhole camera installed on the bottom side, capturing an image of the keypad and subsequently, the customers PIN.























Facts on Skimming Devices:
  • Skimming devices are normally attached to ATMs during quiet periods, E.g. Early morning / late evening.
  •  Length of time skimming devices are attached can vary, but normally no 
  • Longer than 24 hours.
  • Success skimming requires both a card skimmer (card reader) & camera 
  • (PIN capturing device) to be fitted to the ATM in order to steal card data
How To Protect Yourself From these kind of Skimmers:

  • Always use your hand to shield your PIN when entering it.
  • Report any unusual appearance immediately to the Police or the nearest CBA branch.
  • Inspect the ATM & all areas .
  • Check if the Security guard is there or not.
Posted by at No comments:
Subscribe to: Posts (Atom)