Guides - Articles

How to Improve Your Computer’s Security

Wed, 29 Sep 2010 07:43:40 +0000

These days, hackers are always on the lookout for vulnerable computer systems that they can exploit. This is one of the reasons why computer security is such a hot topic nowadays. Hackers do this for a number of reasons. Some do it for fun while most do it for profit. This is because many people store credit card information as well as other valuable information on their computers. Unscrupulous individuals take advantage of computers with weak security to gain access to this information for criminal purposes. Many companies and organizations have been the targets of countless hackers trying to steal information or take over computer resources. However, home users are also in a lot of danger. The good news is that there are many effective methods of beefing up your computer’s security. Here are some quick and easy tips to keep these cyber-criminals at bay.

Use your Firewalls

Most operating systems come with built-in firewalls that can be used to improve computer security. However, not many people know how to use their firewalls properly. A firewall with inadequate settings can easily be breached by hackers. This is one of the reasons why it is so important to learn how to configure your firewall with the correct security settings.

Learn about your Computer’s Entry Points

Entry points are very similar to doors that a hacker can use to gain access to your system. By learning about all of the entry points your computer has, you will be able to improve your computer’s security and prevent hacking attempts on your system. However, most computers have numerous entry points and it can be difficult to learn about them all. This is where security experts can help you. This is especially important if you run a small network in your business.

Increase your Awareness

Hacking is now an unfortunate part of the world we live in. This is one of the reasons why you should do all you can to learn about hacking and computer security measures. Even if you are not a tech-savvy person, you can still keep your computer safe by learning about the importance of security updates, program patches and anti-virus software. There are many easy-to-use tools available in the market today; all you need to do is learn which items you need and how to use them effectively.

Testing your Network’s Security

Performing an attack and penetration test is a very good way of analyzing the security of your network. This method is used to identify potential weak points in your computer network. Once you identify loopholes, you can then start implementing special measures to make your network harder to crack.

Use Passwords

This is one of the simplest and most effective ways of making your system more secure. Learn how to create strong passwords that are difficult to crack. This will make your system very difficult to hack and access. You should also make it a habit to change your passwords every two months or so. Well-made passwords make use of both numbers and letters to make it more difficult for uninvited guests to log onto your computer.

Monitor your Device Services

Your system uses many devices and services to work properly. However, some of these services pose a significant security threat to your system. You should disable services that you do not need to minimize the risk of someone breaking into your system.

Use Anti-Virus Software

There are many reliable anti-virus software packages in the market today. This is one of the best ways to improve your computer’s security from viruses, Trojan horses, worms, bots, and hackers.

Cross Site Scripting Version 1

Tue, 10 Aug 2010 08:03:09 +0000

Cross Site Scripting - Version: 1
Something that everyone should know | Something that everyone may not know
Author: Kshitij kumar
Email: krayknot@yahoo.com

As the name implies, Cross Site Scripting means a sort of Scripting that is done outside the scope of the website. For example: A website is providing a text box to input some text and a malicious user is entering some script(s) [ mostly Javascript ] inside that text box to execute those scripts on the server or anyway.
“Cross Site Scripting” abbreviated as “XSS” not “CSS” as “CSS” has already denoted for “Cascading Style Sheet”.

Website owners must know the serious consequences of XSS when exploited on a vulnerable web application. Site owners says that it cannot be used to steal sensitive data from their database. This is a common mistake. There are stories where it was claimed that XSS is not really a risk. and this is someting a challenge for the hackers and that hackers always willing to accept,
A practical example of XSS on a test site
The following example shows how XSS can be used to modify the functionality of a web page and to re-design the page as per the hackers will: [third party example]

Load the following link in your browser: http://testasp.acunetix.com/Search.asp, you will notice that the page is a simple page with an input field for running a search
Try to insert the following code into the search field, and notice how a login form will be displayed on the page:

Please login with the form below before proceeding:

Then simply hit the search button after inserting the code.
Through the XSS flaw on the page, it has been possible to create a FAKE login form which can gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously
A hacker can also inject this code by passing it around via the browser’s address bar as follows:

http://testasp.acune...3E%3C%2Fform%3E

It is the process of injecting JavaScript (mainly) and also HTML into a webpage for important feedback. This feedback may contain many things; one, most commonly being the user's cookie. A cookie is the variable that web-browsers use to store your login credentials. Without a cookie, you cannot "stay logged in" on your favorite websites. This is important because if somebody were to obtain your cookie, he/she could easily spoof your login information without any need of knowing your password. XSS is, in my opinion, the most common and dangerous exploit that exists on the internet today. It is dangerous because it is common (and useful), and it is common because it is most overlooked. Most WebPages today are user-interactive, which basically means that the website allows the user to interact with its content. Some of this interactivity may include search fields (most commonly), login forms, comment fields, feedback forms etc..

XSS attacks can be termed as such attacks that bypass the system checks and act themselves as a part of the system. This mainly happens due to the non-sanitizing structure of HTML that has the capability to take any command [ in the proper tags ] and to display it on the user end. One single hole in the website that allows to enter scripts can harm anything in the website, that can be any page content, cookie(s), link(s) or even the Page redirection statements on the client side.

The malicious user can use mostly the Javascript to target any website. But XSS is not limited to Javascript only it may be JAVA, VBScript, Flash or any other web supported scripting language.

Most of the big brands in the website colony has became the prey of XSS like Yahoo, Google, Orkut and Facebook with the loss of huge revenue. Now they have controlled the threat but not cent percent. Each and everyday more than 50% of the new websites are targeting for the XSS attacks due to their weak security and validation structure.

There is no standard way of injecting XSS into any website. Even it is not necessary to have the XSS code inside the , and the returning page contained and alert box that read "1", the field is also vulnerable to XSS Injection.

2. HTTP Response Splitting
This has something to do with the headers that your browser uses to communicate to the server with. If the webpage allows you to modify them via post or get vars, and reflects the information back, you can easily modify these headers to your needs in order to cross-site script the page. Most commonly, the header's that are XSS'able are the User-Agent: headers. Most pages don't sanitize the user agent when reflecting back the user's browser properties (most commonly on a 404 page.)

Previously the attacks were limited to the HTML only. for eg: I have to display my name in Bold and in Red Color and the website in which my profile is, not allows Text Formatting then i can add my name in tags like MyName and then i will save this string and if the website is simply displaying my name then this string will be treating as a part of HTML of the same page and the name will appear Bold and Red every time as the string “MyName” is saved in the database.

You're passing a user's first name around from one page to another and then are displaying that querystring value on the page with a Response.Write, here you are increase the chances of XSS.

For Example:
http://whatzit.com/w...spx?fName=Lumpy
Now you want some changes:
Response.Write(\\"Hello \\" + Request.QueryString(\\"fName\\"));
When you run this code you get the following output:
Hello Lumpy
Here's some more that would produce the "Hello Lumpy" output:
http://whatzit.com/w...spx?fName=Lumpy
But here is something dangerous!
http://whatzit.com/w...rm1.aspx?fName=
now, the browser will popup a nice little box telling you "beotch"!
Any code you execute in JavaScript can be piped into your site using the Cross Site Scripting vulnerability.
Check out this..
http://whatzit.com/w...x?fName= language='javascript'>window.navigate('http://mrPron');
Now, Check out this next line...
Mole Hair Removal

I send someone a valid link to a URL, maybe they do make it to the site, but they also get something else... the nasty little JavaScript in the link.

But now a day(s) due to advent of new technologies like AJAX, DOM model(s), the situation is somewhat grave. How?
A malicious user finds some information in a social networking website as follows:

- Span tag (if available) or tag information of the “Sign Out” button, say the id of the tag of Sign out is “spSIgnOut”.
- a page where the user can enter text or Scraps.
- all the input controls on the page [including hidden controls by using the Source of the Web page ].
- all the input controls of which information saves in the database on postback.

Here to understand we assume that the website is not optimized for XSS attacks.

Now the malicious user enters a script in one of the text box inside

After entering this command, the malicious user saves the scrap. Now on the opening of the same scrap the html link of the sign out link will have been changed. And this is inside the database, it will happen again and again. And by this way the malicious user would have been changed the HTML by XSS.

You can now imagine how dangerous the XSS is.

You can use some measures to avoid this like:
1. Enocoding and Decoding of Tags if present in any input
2. Disabling scripts
3. Matching the Response and Request data on each postback.

But can the traditional methods can stop the XSS threats??
I think NO because here are some other methods to inject XSS like:

'';!--"=&{()}

and,

and,

and,

and,

and,

exp/*

and,
many other ways even i dont know

So enjoy the article and in next Version 2 , I will share some more about the “XSS”

Au rvoir!!

Using Google As A Powerful Hacking Tool

Fri, 06 Aug 2010 09:16:38 +0000

Google is a very powerful search engine. It is the most used search engine and is also the most visited website on the entire Internet. If one knows how Google works, then exploiting its capability as a tool for hacking will not be that difficult. What Google does is that it tries to index everything on the Internet. The same way a diligent librarian will take note of all the books within the library and what kind of content is found within these books; except instead of a library we have the entire Internet, and instead of a librarian we have the gigantic and powerful company known as Google.

Google does such a good job of indexing the Internet that by typing down a specific input, one could access content from a site which one would normally not be able to access, at least not for free— which leads to security for most sites to be terribly compromised. Google can even determine the relevance of a site making finding quality content even easier—again making security against hacking increasingly difficult. Hackers can freely use Google as a tool for hacking into websites, bypassing their security, and getting any of their content for free with relative ease.

Files found on the Internet are saved just as files on one’s computer are saved. These files are organized into folders to make them easier to access and to use. As one would have a folder for music or documents on their computer, so do websites as well. To access the contents of these websites, one can simply type down a command in the Google search bar in order for the folder with the desired content to appear in the search results. As an example try typing down in a Google search box:

intitle:"index of" +"index of" +size +name +description +modified

When one types that down and clicks on enter, they will see the search results for all the un-protected directories that Google has found. Now let’s discuss exactly what each of those commands mean:

intitle:”index of” – this will make Google only search for webpages with the term “index of” in title of their webpage. The term “intitle:” is known as an operator. So whenever one has intitle:”index of” in their search box, Google will only search for pages with “index of” within its title.
+”index of” – this will make Google show only pages that have “index of” on its page. What the “+” means is that whatever succeeds the “+” must be found within the pages in the search results.

E.g. if one were to type in Google “banana + automobile” Google would provide all the pages which have the term banana and also the term automobile. But if were to type in Google “banana automobile” then the results would be pages with banana and automobile will show up in the results.

Here are a few things to remember:

Whatever one puts inside quotation marks will make Google search for that exact phrase.
Whenever one adds a “+” will make certain that the following term is in the results pages.
Whenever one adds a “-“ will make certain that the following term will not show up in the results.
There are no spaces between “+” or “-“ between the terms.

Now that we understand how to customize our searches, we should now be able to use this to our advantage when looking for files such as games, music, or whatever kind of software we feel like. Let us say we are looking for an mp3. All we have to do is type down in the search box:

intitle:"index of" +"index of" +size +name +description +modified +mp3

Simply by adding “+mp3” we can make sure that all the results will have the term mp3 within them. Now let’s look for something more specific. Let’s try looking for songs by deep purple. We simply type down:

intitle:"index of" +"index of" +size +name +description +modified +mp3 deep purple.

Now Google will show results of songs in an mp3 format by deep purple that are ready for an easy download.
Knowing how Google works, one can experiment with many different file types to find exactly what they are looking for—for free.

How to Protect Your Business from Social Networ...

Mon, 26 Jul 2010 11:09:33 +0000

Different kinds of online businesses have already recognized the potential of social networking sites as powerful marketing tools. These sites actually serve as a perfect way to promote your business, reach a wider audience and meet potential clients and buyers. A social networking account would also allow you to establish a corporate profile that could be easily viewed by your prospective business partners and clients.

However, even though creating an account in social networking sites could help you promote your online business, establishing accounts in such sites could also pose possible security threats. You have to be very careful with all the information you share in your page because this could pose dangerous security risks to your company. Even though you could anonymously post things in your profile in your home without needing to make any kind of physical contact with other people, you would still experience grave security threats if you are not cautious with the information you disclose.

Here are things you can do in order to keep yourself safe from common social networking risks.

Choose the information you share

The first thing you should do is to be careful with the things you post in your profile page, wall or any electronic form that could keep you exposed to unwanted visitors or other malicious threats. Some of the most important things you should never post in your website include names of people associated with your business, their phone numbers, addresses, and even their birthdates. Disclosing these details in various social networking sites could actually make you a potential victim of identity theft and of other security threats.

If ever you want to talk to some of your new contacts, you should privately contact them instead of chatting with them. It would be more advisable to disclose business-related information over the phone.

Be careful with what you post

Before typing anything into your wall or profile page, you should think carefully about what you are planning to say. Never type negative things that involve insults, obscenities and even outrageous claims that could be used against your company’s name in the future.

You should always remain professional while posting pictures and videos in social networking sites. Your profile picture could actually say a lot about the company you work for.

Maximize privacy policies

Many social networking sites such as Facebook, Twitter and MySpace have already developed privacy policies in order to protect their members. Check your privacy settings and change it according to the amount of privacy you would like to experience. In these settings, you could choose the different people who could view your posts. You could even limit the visibility of your posts to some of your trusted contacts and friends.

You should also check their privacy guidelines and determine whether you agree with their terms and conditions or not. If you do not like their privacy guidelines, you should probably stop yourself from joining their websites.

Be careful when dealing with people online

Another important thing you could do in order to protect yourself from social networking security risks is to start being careful whenever you communicate with people online. Before disclosing important information to someone you have not personally met before, you should first do a background check and determine whether they are telling the truth about their identities or not.

Utilize the particular set of business tools that you use for screening applicants and confirming the identities of your prospective business partners in order to verify their identities. Always check a person’s credibility before revealing business-related or financial information about yourself or your company.

These are the best things you could do in order to protect yourself from serious social networking security threats. Once you have done the proper things to maintain the anonymity of your online business, you would never need to worry about identity thefts and other malicious security threats.

Run a Background Check on Someone For Free

Mon, 05 Jul 2010 07:56:24 +0000

A background check on someone for free is where you are able to look up and put together any criminal background history which is available. This can include useful information such as credit history, employment records, personal contact details, court records and much more. These background checks are mostly requested by potential employers usually hiring in high risk jobs such as teaching, security or hospitals. In the past, these types of background checks were once only able to be run by government agencies who would charge a fee for the service... but not anymore.

Now, more and more services are available right here on the internet which allows anybody to run background checks on someone for free without the hassle of going through a second agency or third person. So whether you are a private employer or a big business you no longer have to pay and wait to find out about somebody you are willing to hire. You can have all of the information that you need right in front of you within a matter of minutes!

These background checking facilities are being provided by private organizations on the internet which uses public records online to search through and find information such as criminal backgrounds and more. These public records can be anything from online credit reports to things such as networking sites and shopping sites. All you have to do is type in the name of the person you wish to run a free background check on and then sit back and wait. For a more detailed response, try adding more information such as a date of birth and an address and you can even search by social security number if you have access to such information.

In order to find the best website for your needs, run a quick and easy comparison on any search engine so that you can find the website which suits you. Look for information available and search methods. This can include the different ways in which you can run background searches, look out for details you can type in such as names, addresses and more. You should also compare with other background checking websites to find out where it finds its information and whether or not it is reliable and up to date. Remember, it is easy to run a background check on somebody so why risk not doing it? Cover yourself and the other person by running background checks on someone for free today.

If you would like to see a VIDEO on how to do a background check on someone for free, than please CLICK HERE.

Article Source: http://EzineArticles...rt=Mike_Hickmon

Ways of Extracting Gold From Printed Circuit Bo...

Mon, 05 Jul 2010 07:45:48 +0000

There are various methods to remove these minute traces of gold from printed circuit boards, processors, and other peripherals. First requirement is milling of the PCB to expose the gold in the chips. Various methods can be used to break or mill the printed circuit board. The easiest and cheapest way of extracting gold from Printed Circuit Boards would be to mechanically cut off the tops of the microchips and carry out forging to melt all the metal that is present inside the chip. Gold has a higher molecular weight which makes it denser and heavier than other metals. Hence, any of the traditional methods of separation such as skimming, draining lighter metals or settling tank for heavier metals can be used.

There's another method for extracting gold from printed circuit boards in which, the Printed circuit board scrap is treated with one part concentrated nitric acid and two parts water at 70-80°C for 1 hour, which dissolves the base metals. As a result, it liberates the chips from the PCB.

Note: We will refer printed circuit boards as PCB in short hereafter.

Coming back to the process, after solid and liquid components are separated, the chips along with some metallic residue and Ti02 precipitate are mechanically crushed. This liberates the base and gold metal present within the protective plastic or ceramic chip.

The base metals in this pulverized product are further dissolved by leaching with the same composition of nitric acid and water. The remaining solid residues, crushed chips and resin and solid particles of gold are treated with aqua regia by leaching process at varying and suitable times and temperatures. Gold is then precipitated from the leaching product with ferrous sulphate.

There are plethora of options to extract gold from processors, PCBs, and other similar things. For extracting gold from printed circuit boards even in minute quantities, you may require a large number of PCBs. A metric ton would approximately have 80 to 1600 grams of gold. With evolving technology and development in PCB design, the amount of gold used for fabrication and creation of components is reduced. Moreover, before extraction you need to figure out the potential earnings involved with the amount of gold available on these PCBs, so that the cost of retrieving the gold does not exceed the cost of the gold obtained.

More so, there are many more things to be considered, before you try anything of this sort, and try to gain handsome profits out of all your hard work. Hence, before extracting Gold from Printed Circuit Boards, you need to do an economic assessment on the value of the recoverable gold to make the process worthwhile.

Various chemicals have the ability to remove and refine gold such as sodium cyanide and sodium meta nitro benzene sulphonate. Sodium cyanide is the cheapest available unless you can find calcium cyanide. However, the overall methodology is fairly complex in comparison to the other conventional ways. There are other ways of even using chemicals for Extracting Gold from Printed Circuit Boards. Looking for the Cheapest Way of Extracting Gold from Printed Circuit Boards - follow the link in resource box.

You can find more information on extracting gold from PCBs, and many more ways of Extracting Gold from Processors

Article Source: http://EzineArticles...expert=Om_Thoke

Login:
Password: