How to Access Blocked Websites

There are many countries keeping censorship on social network sites and many other sites for their viewers. Most of the blocked or blacklisted sites in Saudi Arabia are about sex, religion, women, health, politics and pop culture. In China, websites that talk about sex, Tibet or Democracy are blocked in their country.

Social sites that are often blocked include Google News, Typepad, ebay, Blogger blogs, YouTube, Facebook, Bebo, Myspace, Orkut, MySpace, Pandora, Bebo, Photobucket, Yahoo! Messenger, AOL AIM, Flickr etc.

There are always legitimate reasons to bypass the internet filters and unblock websites. The following tricks will show how to access blocked websites.

1). To access blocked website, type the IP number instead of the URL or website name in the browser address bar. However, if blocking software maps the IP address to the web server, the website will be still remain blocked.

2). Use a URL redirection service like tinyurl.com or snipurl.com. These domain forwarding services sometimes work as the address in the URL box remain the redirect and do not change to the banned site.

3). Enter the URL or website name in Google or Yahoo search and then visit the cached copy of the page. To retrieve the page quickly from Google’s cache, click “Cached Text Only” while the browser is loading the page from cache.

4). There are anonymous websites are available on internet which are useful to blocked web pages from their servers and display them to you. As far as the service provider is concerned, you are viewing the page on the anonymous website and not the blocked site.

Example: www.hidemyass.com, www. myblack.com, www.120yearoldman.com etc

5). You can also access blocked or restricted websites by using Yahoo Babelfish or Google Translate language tools as a proxy server. But you just have to invoke the Google translate service with the language pair like English to Hindi or English to some other languages.

6: Browse the internet via proxy server software. Example: Your freedom, ultrasurf

Secure HTTP

Secure HTTP

Let us discuss about what is HTTP? It is protocol to transmit the user request to remote server to open a website or web pages on internet. Its abbreviation is “Hyper Text Transfer Protocol” (HTTP) commonly used in internet browsers to open a website in the browser window. Actually when you type a website name in the browser, the HTTP protocol transfer your website name to the remote server eventually to open the web pages on your computer screen. HTTP protocol request send to the remote server through port 80 and your web address is preceded by http://websitename.


How Secure is HTTP?

Speaking In technical terms now a days HTTP protocol is not secured especially when you are making financial transactions your data can be stolen while it is transmitted to a web server. So we can conclude that sites that are using HTTP protocol are vulnerable for data theft. So, we need a alternative for HTTP to transmit the data in secured way.


You are Secure with HTTPS

HTTPSecure means HTTPS basically combination of HTTP and SSL (Secure Sockets Layer) protocol allows the user to establish a secured encrypted connection between user and the website hosted remote server. HTTPS is commonly used by websites with sensitive transactions like online payments or banking transactions or personal data. Example FACEBOOK and TWITTER social networking sites are using HTTPS protocol to keep secure their user data. When you type the name of the website https://websitename appear automatically.

HTTP use port 80

HTTPS use port 443


Warning: Don’t do any online payments or money transactions with websites without HTTPS. First check the website whether it is giving encrypted security or not, then only you proceed for transactions.

Maintain your computer as virus free

There are many viruses and worms out there that could infect your computer. Some are harmless, but, they do have the capacity to do any number of nasty things, up to and including, erasing all data from your computer. However there are ways to keep viruses away from your PC. Here are the 12 tips to maintain a virus free computer.

1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.

2. USB thumb/pen drives are another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it, Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.

3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).

As we all know, internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

· Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.

· You can also use a pop-up blocker to automatically block those pop-ups.

4. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.

5. Install latest antivirus software and keep it updated regularly. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from viruses. Most of the antivirus supports the Auto-Protect feature that provides real-time security for your PC. Make sure that this feature is turned on.

6. Install a good Antispyware program that operates against Internet malware and spyware.

7. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening the attachment.

8. Do not use disks that other people gave you, even from your work place. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.

9. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.

10. While you download files from untrusted websites or sources such as torrents, warez etc. make sure that you run a virus scan before executing them.

11. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs.

Different types of Email Account Hacking

The Basic level Hacking is Email Account Hacking. Everyone like to do first email account hacking only. So here is the tutorial for budding hackers about email Hacking.
There are different types of Email Account Hacking techniques here I am giving some of them :

1. Social Engineering 
2. Phishing 
3. Brute Force Attack 
4. Keyloggers 
5. Guessing the Answer for the Security Question 

Social Engineering:
Social engineering takes advantage of the weakest link in any organization’s information an keep a trap to collect more secure information. Social engineering is physically “people hacking” technique and involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal gain. Social engineering is one of the toughest hacks to perpetrate because it takes great skill to come across as trustworthy to a stranger. It’s also by far the toughest hack to protect against because people are involved. Social Engineering is different from Physical Security exploits. In social engineering hackers will analyze about victim. Hackers will send mail to victim. The contents will be related to the victim.


Example:

• False support personnel claim that they need to install a patch or new version of software on a user’s computer, talk the user into downloading the software, and obtain remote control of the system. 
• False vendors claim to need to update the organization’s accounting package or phone system, ask for the administrator password, and obtain full access. 
• Phishing e-mails sent by external attackers gather user IDs and passwords of unsuspecting recipients. Hackers then use those passwords to gain access to bank accounts and more. A related attack exploits cross-site scripting on Web forms. 
• False employees notify the security desk that they have lost their keys to the computer room, receive a set of keys from security, and obtain unauthorized access to physical and electronic information. 

Phishing Web Page:
It is a fake webpage which looks similar to the original page of the website. Using this Fake Web Page we can easily get the Password of victims. The processes involved in creating Phishing webpage are:

• First Visit the Website which is associated with the email id. Copy the Source code. 
• Edit the Source code such that it will store the password for you. 
• Upload the Webpage to any free webhosting sites. 
• Try uploading the Fake web site through the proxy server. 
• Send the Fake Website login page link to victim. 

Brute Force Attack:
A famous and traditional attacking method is Brute Force Attack. In this method, the password will be found by trying all possible passwords with any program or software tools, which are available plenty on internet.


Keyloggers:
It is one of the spyware software program hides it self inside the system, When user type anything from his keyboard it will capture and send it to the remote user. This software program which will be attached with any software's or photos or images as hidden file and then send to victim through email. When victim open the file or click on picture or image then automatically keylogger program installed on victims computer, without his knowledge. Then it starts working in background without knowledge of victim and send the username, passwords, bank account details etc to remote user in regular intervals.


Guessing the Answer for Security Question:
Do you remember that the mail sites will ask for the security questions to retrieve the mail account? You can hack the mail account simply guessing the answer. If the victim is your friend, then it may very easy to hack. There are software tools and dictionaries are available on internet.

Phishing

This summary is not available. Please click here to view the post.

Make short your URL links

How to shorten URL’s?

When you are sharing information on social network sites specially TWITTER, where length of characters is a major problem. So we are forced to limit our characters while we send our tweets. We can shorten our message but sometimes very long web links are too difficult to make short. In this case we need to shorten our messages as well the website link (sometimes website links are too large), so there are many popular web sites providing internet users to shorten their website links or URL’s. These websites make your URL too short and it is easier to remember the URL. Shortening URL is the technique that allows users to access a particular webpage using its shortened web address instead of actual long web address.

How the shortened URL works?

URL shortening means that instead of typing the original long URL in the browser address bar, users now have to type its shortened version. The browser will send an HTTP request to the shortened URL server, which will then send back an HTTP redirect message to the user, redirecting the user to the actual website.


What about Firewall security?

Since the initial outgoing HTTP request from the user is going to the URL shortening website and not the actual website that the user trying to access, it means that such a technique can also be used to bypass the local firewall.


Is it Possible to use Shortened URL to bypass the network blocking?

Let us assume that www.facebbok.com is blocked by your network, then it is possible for the user to continue to access it by shortening the URL with the help of numerous URL shortening websites. Open those websites then type the www.facebook.com and get the shortened URL to www.facebook.com! Now instead of typing www.facebook.com you just type the shortened URL in the web browser then you will be accessing the actual website. The local firewall thinks that the user is trying to access the URL shortening website, but in reality, the user is using the technique to connect to a blocked www.facebook.com website.

Here are the URL shortening websites lists:

http://Bit.ly

http://goo.gl

http://tiny.cc

http://www.tinyurl.com


Now open any of the above website in your browser.

Type the URL or website address in the place.

Now you will get the shortened URL which you can use directly in the browser and access to the original website. That’s all…

Tracking SPAM mail senders location in YAHOO mail and Gmail

Now days SPAM mails becoming a problem to internet users, specially to newbie’s. Actually SPAM mail means a mail received from unknown source. Such mails are used by companies or individuals to promote their business or their websites.

Sometimes you may receive mail that you win a Prize amount of ONE MILLION dollars! Some thing like this they cheat you.

So, they collect emails from internet and then send SPAM mails to everybody. If it is useful for you no problem, if not you can block the mails permanently from your INBOX.

If you are disturbed with SPAM mails and if you want know how to track the location of the mail, so here are the steps to follow:

Open your SPAM email which you are thinking from unknown source.
Goto “Actions” and then select “View Full header”.
Then it displays the Mail Header and total details of the mail with IP Addresses

Select the Originating IP Address in the email header and COPY it
Open new tab in the browser and type www.find-ip-address.org then PASTE the IP Address in the “Lookup IP Address” text box area then click “Search”.

Then it displays the location of the IP Address, Country, Desktop Operating System Version and Browser type and Version etc.

Precautions:

• When you are receiving any mail from unknown source “Don’t Open” the mail or its attachments.
• Simply click on the check box next to the mail and select “SPAM” mail on the top bar.
• Go to “Settings” select SPAM filters and ADD this email address in the box and click OK.
• Next time you don’t receive the mail in INBOX but the mail directed to SPAM folder. 

Using Gmail:

To find out the origin of the mail follow the steps in GMAIL:
Open your SPAM email which you are thinking from unknown source.
On the right side corner of your mail you will find Reply arrow, next to that button you can find dropdown button, click on the dropdown button and select “Show Original”

Then it displays the mail header and total details with IP Addresses

Select the Originating IP Address in the email header and COPY it
Open new tab in the browser and type www.find-ip-address.org then PASTE the IP Address in the “Lookup IP Address” text box area then click “Search”.
Then it displays the location of the IP Address, Country, Desktop Operating System Version and Browser type and Version etc.

That’s all..

Enjoy safe internet surfing!

How to tell who has been logging in to your Account

This article describes the Login Activity feature from within the Yahoo! Account Manager that can show you what login activity your account has had over the past several days if you are suspicious that an unauthorized person may have broken into your account.

We know that there is much concern now as to how accounts, such as your Yahoo! account can be accessed by people not authorized to do so. Yahoo! is also concerned about this and has a new feature now that can give your key information about each login your Yahoo! account has had over the last several days. The feature is called "Login Activity" and here is how it works:

1.     Please go to the Yahoo! Account Info website ( http://account.yahoo.com ). 

Note: You may be asked to log in to your Yahoo! account.

2.     Towards the middle of the page under "Sign-in and Security," select View your recent login activity. You should now be able to see all the login activity for your account for the past few days.

3.     If you feel you need to go back further, then click View More towards the bottom of the page.

Once you get there, you'll see four columns:

·         Date/Time: This indicates the date and time the account was accessed.

·         Access Type: This is the method of access such as a browser (IE, Firefox, Chrome, etc..), a mobile device, or a Yahoo! product like Yahoo! Messenger.

·         Event type – This shows exactly how the login took place.

·         Location/ IP Address - This is actually a pull-down menu that allows you to select how you wish the physical location to be displayed. (Location is selected as the default.)

·         Location - Indicates the Country and State of the computer you logged in from.

·         IP Address - Indicates the Internet Protocol Address of the computer you logged in from.

These may be the signs that your account has been compromised:

·         You normally access from just one or two computers, but you see multiple geographic locations.

·         The Access Type column shows your account was accessed from a mobile device, but you never use mobile to access your account.

If you see anything here that looks suspicious to you, we recommend that you change your account password. It is the easiest way to prevent suspicious activity.

You can also create a Yahoo! sign-in seal to prevent such illegal activity such as spam and phishing.

Different types of Email Account Hacking

The Basic level Hacking is Email Account Hacking. Everyone like to do first email account hacking only. So here is the tutorial for budding hackers about email Hacking.
There are different types of Email Account Hacking techniques here I am giving some of them :

• Social Engineering 
• Phishing 
• Brute Force Attack 
• Keylogger 
• Guessing the Answer for the Security Question 

Social Engineering:
Social engineering takes advantage of the weakest link in any organization’s information an keep a trap to collect more secure information. Social engineering is physically “people hacking” technique and involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes great skill to come across as trustworthy to a stranger. It’s also by far the toughest hack to protect against because people are involved.
Social Engineering is different from Physical Security exploits. In social engineering hackers will analyze about victim. Hackers will send mail to victim. The contents will be related to the victim.

Example:
✓ False support personnel claim that they need to install a patch or new version of software on a user’s computer, talk the user into downloading the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting package or phone system, ask for the administrator password, and obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords of unsuspecting recipients. Hackers then use those passwords to gain access to bank accounts and more. A related attack exploits cross-site scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys to the computer room, receive a set of keys from security, and obtain unauthorized access to physical and electronic information.

Phishing Web Page:
It is a fake webpage which looks similar to the original page of the website. Using this Fake Web Page we can easily get the Password of victims. The processes involved in creating Phishing webpage are:
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites.

Try uploading the Fake web site through the proxy server.

Brute Force Attack:
A famous and traditional attacking method is Brute Force Attack. In this method, the password will be found by trying all possible passwords with any program or software tools, which are available plenty on internet.

Keyloggers:
It is one of the spyware software program hides it self inside the system, When user type anything from his keyboard it will capture and send it to the remote user. This software program which will be attached with any softwares or photos or images as hidden file and then send to victim through email. When victim open the file or click on picture or image then automatically keylogger program installed on victims computer, without his knowledge. Then it starts working in background without knowledge of victim and send the username, passwords, bank account details etc to remote user in regular intervals.

Guessing the Answer for Security Question: 
Do you remember that the mail sites will ask for the security questions to retrieve the mail account? You can hack the mail account simply guessing the answer. If the victim is your friend, then it may very easy to hack. There are software tools and dictionaries are available on internet.

Understanding Hidden Threats: Corrupted Software Files

What types of files can attackers corrupt?

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a website. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses. However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including
Interfering with your computer's ability to process information by consuming memory or bandwidth
Installing, altering, or deleting files on your computer
Giving the attacker access to your computer
Using your computer to attack other computers

How can you protect yourself?

Use and maintain anti-virus software: Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Use caution with email attachments: Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first. Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads and opens attachments, check your settings to see if you can disable this feature.

Be wary of downloadable files on websites: Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a website certificate. If you do download a file from a website, consider saving it to your computer and manually scanning it for viruses before opening it.

Keep software up to date: Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

Take advantage of security settings: Check the security settings of your email client and your web browser. Apply the highest level of security available that still gives you the functionality you need.

Staying Safe on Social Network Sites

What are social networking sites?
Social networking sites Facebook etc, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.

Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest.

What security implications do these sites present?
Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because

· the internet provides a sense of anonymity
· the lack of physical interaction provides a false sense of security
· they tailor the information for their friends to read, forgetting that others may see it
· they want to offer insights to impress potential friends or associates

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer or sharing your information without your knowledge.

How can you protect yourself?
Limit the amount of Personal Information you Post: Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.

Remember that the internet is a public resource: Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.

Be wary of strangers: The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
Be skeptical: Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action. 

Evaluate your settings: Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people. There is still a risk that private information could be exposed despite these restrictions, so don't post anything that you wouldn't want the public to see. Sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate. 

Be wary of third-party Applications: Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable. Avoid applications that seem suspicious, and modify your settings to limit the amount of information the applications can access. 

Use Strong Passwords: Protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.
Check privacy policies: Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join. 

Keep software, particularly your web browser, up to date: Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. 

Use and maintain anti-virus software: Anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Secure Your Personal Passwords & email accounts

We are constantly using passwords on a daily basis. From accessing emails, to listening to our music, to checking our account balance, we may not think about it but passwords are a huge part of our lives. Hackers, however, do think about this. In fact, the password is becoming one of the easiest ways to break into a personal information system. We may think that passwords protect us from hackers. Unfortunately, though, no password is safe. The only thing a password can do for us is to limit exposure to immediate and easy access.

It is essential to change passwords and account names frequently to keep your account safe. It's also important to work to design a password system that will shield you from some of the easiest methods of attack. Here are some tips to create a password that is as secure as possible.

Set up bogus security answers
Security answers are meant to add an extra level of protection against hackers. The only problem is that this information is very easily found with a simple Google search. Common form security questions relate to your birthday, your friends' names, your hometown, your pet's name, or you first car. It's easy enough for anyone with sophisticated search skills to track this information down. The best way to add extra coverage here is to choose bogus answers to the questions. Instead of answering "San Francisco" as your hometown, answer with "June Bug" or a less-easily crackable combination of letters and numbers.

Have extra passcodes sent to your mobile
If a hacker has already gained access to your phone account, this one will not be too helpful, but you may as well add as many defenses as possible when it comes to your private information. There are many sites that allow you to have a passcode sent to your personal cell if the site is entered from an unknown computer. Setting up these road blocks can help a little in preventing a hack.

Never use the same user name or password twice
This is where you can get yourself into the most trouble, and is the absolute first thing to take care of as far as web security. Once a hacker is into one account, they can often find all the information they need to get into any other personal account they desire. And, if you use the same password and account name for several different accounts, you are automatically letting hackers right through the door.

Make your password as long as possible
Basically, the longer the password, the harder it is to crack. Many of us try to keep them down to the minimum requirements so they are easier to remember, but that just makes them more susceptible to a break in. Instead, use the maximum allowable amount of characters, and mix them up frequently.

Stop using easy number/letter replacements
Using combinations of letters and numbers is essential, but not when you're using number only as an easy representation of a letter. Easy substitutions, like 'pa55w0rd' or 'w3ird,' are programmed to automatically be scanned by hacking software.

Never use full words
Full words simply will not cut it if you want to have a remotely safe password. Scanners can check for every word in the dictionary in minutes, so it will take hardly any time to sniff out a full word. And don't fool yourself into thinking a full word with numbers behind it will be any more safe. Number combinations are just as easy.

Use all characters available

When you create your password, make sure to use every type of character you have at your disposal. Use both lower case and upper case alphabets, numbers, and as many special characters as you can. This makes it extremely difficult for software to try every possible combination.

How to find the origin of cyber attack?

This article based on data from 1500 cyber attacks against organizations all over the world. This article lists the most frequent characteristics of attack, enabling cyber experts to identify the actors threatening organizations around the world and to improve its defense shield against these attackers in future.

It also describe the attack techniques used by Chinese military groups, called as “Comment Crew”, that were linked in the past with attacks against the US government.

In this report there are seven main clues for identification of an attacker who stands behind the cyber attacks:

Characters of the Phishing type malware code disclose sometimes the country of origin, where the malware code was created. So, for instance, Fire Eye researchers found that many malware codes include the characters GB2312, the source of which is the Mandarin language keyboard, namely China.

Malware operating code often includes expressions with local context, like slang or common insults, indicating the source country of the code writer.

Similarly to code characters, indicating a keyboard in a certain language, also fonts can indicate sometimes the malware source. So, for instance, FireEye researchers found that the source of malware code hidden in a document written in Cyrilic letters is in Korea, due to the font with which the infected document was written.

In certain cases, in order not to be blocked by a Black List, the attackers pay in order to penetrate the target computer from a certain domain. In many cases, DNS registration leads directly to the country of origin of the attacker. Also false DNS listings can help in locating the attacker, who sometimes reuses information enabling to link between the attacks and to identify the attacker.

Quite often, the attacker does not use his/her native language in the malware code. Typing errors and bad translations can help in identification of the country of origin of the attacker. So, for instance, identification of translation by using translation sites for certain words or expressions may help in identification of the native language of the attacker.

Remote Administration Tools are a kind of malware enabling the attacker to control, in real time, the computer of the target of a cyber attack. Seemingly, it is difficult to identify by them the attackers, but the many possibilities of customization of these tools may lead to identification of settings that are specific to an attacker, helping in his identification.

Attackers have their own habits, like attacker focusing on a certain target, with the same CnC servers, in the same industries, etc. These recurring techniques can expose the target, the access and the location of the attacker.

How do Anti virus programs detect virus in computers?

Many of us wonder how our Antivirus software scans for virus, worm, trojan. When we scan a computer or folder or local drive for virus what actually happens during the virus scan period?

What are techniques applied to trace the virus existence in computer?

There are five (5) techniques used by anti virus program to detect virus:
1. Signature Based Scan.
2. Heuristic Based Scan.
3. Threat Sense Technology.
4. Artificial Intelligence.
5. Proactive Defense.

Signature Based Scan:
Traditionally, Antivirus solutions have relied strongly on signature-based scanning, also referred to as “scan string-based technologies”. Signature based scanning anti virus program searches within given files for the presence of certain strings (also only in certain regions). If these predefined strings are found, then antivirus report “A Threat has been detected”.

According to Mcafee Lab, hundreds of viruses are released every day on internet, so it’s gigantic task to catch all those viruses. So, anti virus research labs will be working round the clock in tracking of new viruses and then designing new patches to anti virus program so, in this way anti virus program detect the latest unknown viruses and threats.

Heuristic Based Scan:
The first heuristic engines were introduced to detect DOS viruses in 1989. Heuristic is an adjective for methods that help in problem solving. In this scanning, anti virus program searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus.

Threat Sense Technology:
Earlier when a virus was found in computer then it was detected by antivirus experts after many days. By that period of time virus had done enough damage to millions of computers around the world. Now a days anti virus experts designed Threat Sense Technology, this technology monitoring the computer activities when a certain files does suspicious activity in computer, anti virus program keep eye on that file. Next, when you update your anti virus these files are send to anti virus labs of that anti virus that you are using. The security experts then analyze the file, if it is a virus or malicious code then they make it’s signatures and updates the anti virus program. So in this way virus can be caught by anti virus program within very short period of time.

Artificial Intelligence:
These programs monitor you computer activities. If any dangerous or specious activity occurred by a file, then anti virus program inform the user and give some options to user to perform certain actions. Now user of that computer has to take decision whether it is a virus file or something useful file. If user takes wrong decision then the software which is reported by anti virus get corrupted and antivirus quarantined.

Proactive Defense:
There is another technology in anti virus program is “Proactive Defense”. When any program or process in computer gets executed, then “Proactive Defense” tells the user about the activity of the program and asks user whether to allow it or to block the program or process execution.

Secure your Wi-Fi connection on Smart Phones and Tablets

Now a days eavesdropping became a big threat to Wi-Fi networks because most public Wi-Fi hotspots are not encrypted. Means anyone within the range can eavesdrop on what you send and receive. This is same scenario applies when using a laptop on a hotspot, or your computers at home on your own wireless router if it isn't encrypted with WEP, WPA, or WPA2 security.

Eavesdropping on Wi-Fi connections needs some software tools, that are freely available on internet. For example, programs such as Firesheep and SniffPass simply listen for and show login credentials to unsecured sites or services, like social networking sites and Web-based or POP3/IMAP email accounts. There are programs like EffeTech, HTTPSniffer can even capture and reassemble the web pages you are viewing and files you transfer. Though eavesdroppers can even capture data from your online banking transaction, if the site it is not secured. The same goes with other services, for instance, if you check your email through the browser or a client app on the device and if it is secured with SSL then you need not to worry.

Combating threats:
The first line of defense to combat Wi-Fi eavesdroppers is to make sure any sensitive website you login to or service you setup on the phone (like email), is secured with SSL encryption.

If a website connection is secured and its address starts with https:// in the address bar. And also you should see a padlock or other indicator showing SSL encryption is in use somewhere on the browser screen (usually in the lower right hand corner).

If you use the device's email client rather than a website to check your email, open your account settings and make sure SSL encryption is set for both the incoming (POP3 or IMAP) and outgoing (SMTP) servers.

We can not say all Wi-Fi hotspots are unsecured. But some larger hotspot networks use WPA/WPA2-Enterprise security with 802.1X authentication to protect you from snoopers. When you are using encrypted connections like these you don't have to worry about local eavesdroppers. Keep in mind this is not the case if the hotspot is secured with WEP or WPA/WPA2-Personal (PSK) as other people on the network can still capture and decode your traffic.

Use the data plan instead using of Wi-Fi:
One way to mitigate Wi-Fi security issues is to limit your usage of hotspots, specially when you are out side in the public places like Cinema Theaters, Airports use a 3G or 4G (if you can get it) cell data connection instead. Though it's slower, most cell service providers encrypt the traffic between cell towers and your device.

Use a VPN for full security:
If you're really concerned about your mobile Internet security, consider using a virtual private network (VPN) on both your Wi-Fi and cell data connections. When connected to a VPN, all your Internet traffic travels through an encrypted tunnel, guarding it from local eavesdroppers. It protects your data traffic and passwords. In addition to encryption, VPNs can also give you secure remote access to files and network resources at work or home, like remote desktop services.

Indian Government new policy on Cyber Security creates 5 lakh jobs

Recently Indian Government brought a new Cyber Security policy to curb with Cyber Security threats from within and out side country. Due to this decision our country needs 5 lakh Cyber Security Professionals by 2015 according to NASSCOM chief.

Kamlesh Bajaj, CEO of The Data Security Council of India (DSCI), a Nasscom body that frames guidelines related to data security and data privacy for corporates, said 'Security will fuel the growth of businesses. Trust is critical to build customer confidence and trust comes only through safety. Global clients are increasingly demanding high-level compliance to data security, privacy and cyber security regulations."

Quoting a Gartner report in its letter, UGC said, "The country's information security market is expected to grow by 18% to reach Rs 1,415 crore in 2013 on the back of increased spending by companies to secure their information assets. Despite a continuing economic slowdown that has been putting pressure on IT budgets around the world, cyber security spending globally would continue on an upward trajectory, reaching $86 billion in 2016, up from $60 billion in 2012."

Akash Agarwal, country manager, EC-Council India, a US-based firm that trains and certifies in the cyber security domain said, "Every organization across verticals will require cyber security professionals. Therefore, the estimate of 5 lakh looks very conservative for a strong internet economy like India. The actual requirement for cyber security professionals would be in multiples."