Hacking of Social Media Accounts

Desktop Phishing
Desktop Phishing is more advanced method form of phishing attack. In a simple Phishing Attack, attacker convinces the victim to click on a link which contains a fake login page, the victim then enters his credentials such as user names and password in the fake login page that goes to the attacker etc...

In Desktop Phishing, attacker just replaces some text in the hosts file which is located in Windows directory of our victims computer. The attacker does this by sending a executable or a batch file and convinces the victim to click it, Now whenever the victim visits the real website like paypal.com He is redirected to the attackers phishing page But the domain name (paypal.com) remains the same as typed by the victim and the victim doesn't come to know that it is a fake page, thus this type of phishing attack has very good success rate.

Tab-Napping
Tab Napping is quite new hacking trick through which you can't directly hack accounts. But if you use phishing methods combined with tab napping, then you can hack accounts. Actually Tab-Napping is a script which you put into a site/blog and when the user visits your website/blog and reads your articles, plays games or watches videos, then the user goes to other tab in browser which contain other websites like YouTube, Google etc. and comes back to your website then your website will be redirected him to the phishing page and telling them to login with Facebook/Gmail/yahoo account to continue. When the user enters his login information he will be back to your page and user password will be send to you.

Website Cloning
To this method we will need Backtrack 5 platform. In this method we will clone the login page of a website using Backtrack abilities and stealing the user's logins.

Dangerous Smartphone Mistakes

There are two types of dangerous smartphone behavior that stand out, carrying an iPhone into a hot tub with a beer in your hand is one type, while the other is leaving a smartphone and the data on it unprotected from loss or theft.

Despite advances in software and hardware many iPhone and Android owners don’t take the simplest steps to protect the data on their smartphone from theft.

Read on to find out if you are guilty of these 10 dangerous smartphone mistakes and how you can fix them.

Protect Your Bubble is one of the top smartphone insurance options we found last year and they’ve rounded up data on dangerous smartphone behavior. The list below and the infographic shows the Top 10 dangerous smartphone mistakes users make.

1. No password
2. Saving banking login information
3. Taking, sending and saving nude photos
4. Clicking on risky links
5. Posting photos while on vacation
6. Posting photos with location settings turned on.
7. Giving out personal information to random callers
8. Using it without a case
9. Connecting to unsecure WiFi networks
10. No smartphone insurance or warranty

It’s not surprising that a smartphone insurance company lists this as one of the options, but these are all valid items that users should be aware of and take steps to be safe. Check out the infographic to see more about the behaviors and read on to learn how to use your smartphone safer.

Cloud Data and Six Security Issues

Analysts recommend that enterprises should first develop a data security plan that addresses six security issues. Failure to do so, they say, could add cost and complexity to the adoption of cloud computing without addressing the fundamental issues of data privacy and long-term security and resiliency.

1. Breach notification and data residency

Not all data requires equal protection, so businesses should categorize data intended for cloud storage and identify any compliance requirements in relation to data breach notification or if data may not be stored in other jurisdictions.

2. Data management at rest

Businesses should ask specific questions to determine the cloud service provider’s (CSP's) data storage life cycle and security policy. Businesses should find out if:

2.1 Multitenant storage is being used, and if it is, find out what separation mechanism is being used between tenants.

2.2 Mechanisms such as tagging are used to prevent data being replicated to specific countries or regions.

2.3 Storage used for archive and backup is encrypted and if the key management strategy include a strong identity and access management policy to restrict access within certain jurisdictions.

3. Data protection in motion

As a minimum requirement, Gartner recommends that businesses ensure that the CSP will support secure communication protocols such as SSL/TLS for browser access or VPN-based connections for system access for protected access to their services.

The research note says that businesses always encrypt sensitive data in motion to the cloud, but if data is unencrypted while in use or storage, it will be incumbent on the enterprise to mitigate against data breaches.

4. Encryption key management

Enterprises should always aim to manage the encryption keys, but if they are managed by a

cloud encryption provider, Gartner says they must ensure access management controls are in place that will satisfy breach notification requirements and data residency.

If keys are managed by the CSP, then businesses should require hardware-based key management systems within a tightly defined and managed set of key management processes.

When keys are managed or available in the cloud, Gartner says it is imperative that the vendor provides tight control and monitoring of potential snapshots of live workloads to prevent the risk of analysing

the memory contents to obtain the key.

5. Access controls

The enterprise should demand that the encryption provider offer adequate user access and administrative controls, stronger authentication alternatives such as two-factor authentication, management of access permissions, and separation of administrative duties such as security, network and maintenance. Businesses should also require:

5.1 Logging of all user and administrator access to cloud resources, and provide these logs to the enterprise in a format suitable for log management or security information and event management systems.

5.2 The CSP to restrict access to sensitive system management tools that might "snapshot" a live workload, perform data migration, or back up and recover data.

5.3 That images captured by migration or snapshotting tools are treated with the same security as other sensitive enterprise data.

6. Longterm resiliency the encryption system

Gartner recommends that businesses understand the impact on applications and database indexing, searching and sorting. They should pay specific attention to advanced searching capabilities, such as substring matching functions and wildcarding such as "contains" or "ends with".