Social Icons

Showing posts with label hacker. Show all posts
Showing posts with label hacker. Show all posts

Wednesday, August 14, 2013

Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.


3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

Saturday, June 01, 2013

Your passwords can be cracked easily if less then 16 Characters now!!!!

1.    When the IT security big bang of Do's and Don'ts started some years back it was widely advertised to the Cyber masses to keep their respective passwords any thing more then 8 characters with a mix and match of capitals and smalls with special characters...then this was increased to 10 and last heard it was 15...and was told that 15 character password which is not dictionary based will take years and is actually uncrackable...

2.  As recent as 4 days back,a team of 3(your read it rite it's three) hackers has been able to crack more than 14,800 supposedly random passwords from a list of 16,449 by simply brute forcing!!!!

Image courtesy : http://www.buzzquake.com/tag/brute-force-attacks/
3.   In December it was unveiled by Jeremi Gosney, the founder and CEO of Stricture Consulting Group, that a 25-computer cluster can cracks passwords by making 350 billion guesses per second. It can try every possible word in less than six hours to get plain text passwords from lists of hashed passwords...the word of significance is that you do not need high end machines and east-west architecture to build this kind of IT infra...it is simply a cluster of machines processing power...

4.   The general user in the cyber space like you and me have actually no control over which hashing process websites use and therefore remain at the mercy of an algorithm all would invariably be clueless about...so if you are concerned about security and your email id and password which is the key for so many transactions in your routine life.long passwords are the best defense....and not simply long it has to be a mix match of numerics,capitals,smalls and special characters!!!.

5.  All the best to all of us...keep surfing but avoid drowning!!!! :-)Thanks http://thehackernews.com

Saturday, October 16, 2010

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:
  • Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
  • Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
  • Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
  • Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”
3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

Saturday, September 18, 2010

ZERO DAY EXPLOIT : ???

1. While reading an article on Browser Forensics,came across this term "0-day" exploit....whats it all about?

2. A zero day exploit is a malevolent computer attack that takes capitalizes on a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is made. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.This occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

3. Zero day exploits may involve viruses, trojan horses, worms or other malicious code that can be run within a software program. While most programs do not allow unauthorized code to be executed, hackers can sometimes create files that will cause a program to perform functions unintended by the developer. Programs like Web browsers and media players are often targeted by hackers because they can receive files from the Internet and have access to system functions.While most zero day exploits may not cause serious damage to your system, some may be able to corrupt or delete files. Because the security hole is made known the same day the attack is released, zero day exploits are difficult to prevent, even if you have antivirus software installed on your computer. Therefore, it is always good to keep a backup of your data in a safe place so that no hacker attack can cause you to lose your data.

Powered By Blogger