General information - Articles

What is SSL & How it works?

Tue, 30 Nov 2010 11:32:48 +0000

This is basic information which is provided for beginners just to tell about what is SSL and How does it work and why websites use.
OK lets start !

SSL (Secure Sockets Layer) is the most widely used and most standard security technology for establishing an encrypted link between a web server and a browser.If a link is encrypted, it uses HTTPS protocol.

Whats the difference of HTTP and HTTPS protocol?
In simple HTTP link is not encrypted and used for standard communication and HTTPS link is implemented using Secure Sockets Layer (SSL) which is encrypted and used for secure communication.
How HTTP and HTTPS work?
Assume that there exists two communication parties A (client) and B (server). Now A sends a message or password to B and a intruder (hacker) gets an unauthorized access in between.
Now lets study both the cases HTTP and HTTPS.
case-1:

From case-1 you got to know that if an intruder (hacker) gets an unauthorized access of an on going communication between A and B, A will lose his/her confidential message or password like "helloworld".

case-2:

From case-2 you got to know that if an intruder (hacker) gets an unauthorized access of an on going communication between A and B, A will not lose his/her confidential message or password like "helloworld" because the message or password is encrypted.So the hacker gets the encrypted password like "Xu587Tyus)".

How SSL works?
Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).

How to identify weather your connection is secure or not?
SSL is given with a key indicator to let the user know that they are currently protected by an SSL encrypted session - the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations. Otherwise there are chances of Phishing.

Hope this helps you! pls pass your comments.
SOURCE: Hover pc Hacks

All about Denial Service Attacks and the Securi...

Tue, 19 Oct 2010 09:01:16 +0000

Malicious hackers can threaten the security of your website by using several innovative but harmful methods. Some of these techniques are complex and only a highly technical person can understand them. One technique that these individuals often use is the denial of service attack (DoS attack) or distributed denial of service attack (DDoS.) Even if you have firewalls, some of these DoS attacks are too complex for most firewalls to handle.

What are DoS and DDoS attacks?

These are attacks, which may be orchestrated by a person or a group of people to disallow the access of a website or service to online users. This is caused by a dysfunction of the website or its security failure due to a DoS or DDoS attack. It is classified as an expert hacking technique and it is punishable by law.

How do hackers create DoS attacks? Here are some methods that can be used to compromise the security of your website, computer and operating system.

Influx of Massive request to the website

Massive traffic influx can “crash” a website. Saturating the website with simultaneous external requests will effectively stop genuine organic traffic from accessing the website. If it does not crash, such action will slow down the server or reset the computer. Unless the website has the capacity to handle such occurrences, then security is breached and it may take a while to resolve the damage. A site’s bandwidth or disk space simply cannot accommodate such numerous requests simultaneously.

Malfunction of routers

Hackers can also destroy your website through your routers .Familiarize yourself with what routers your website can work with efficiently. If you are a small website, you may want to use static routing. For bigger websites, you can utilize complex topologies to ensure appropriate security for your website. If you can identify the signatures, you can use the IPS based prevention where your IPS or Intrusion Prevention Systems can help you ward off these DoS attacks. However, if you do not have the signatures, then it would be useless.

Communication obstruction

Obstruction occurs between you and the users of your website, because your computer may be too slow to respond, upload or download files. Saturation of your processor could occur, and can completely crash your operating system. You can no longer connect to your website because of the infiltration of all of your security systems by DoS attacks.

Triggering codes or unauthorized instructions sequencing

This will “confuse” your security or operating system and can cause it to get bogged down. It could also reset your whole computer system and destroy all the files in your hard disk. Hackers are capable enough to create trigger codes for the destruction of your website. All of your diligent work and business opportunities can be destroyed by just one destructive code.

Peer to peer file sharing

When peer-to-peer file sharing is done like when watching international boxing bouts or tennis championships, the hacker can direct all peer-to-peer viewers to the target website. When thousands of online users connect to the target website, the tremendous amount of connections can harm your server, computer, and your online resources. If you are the target website then your security system is at a risk too.

Other methods used by professional hackers to harm a website include teardrop attacks, degradation attacks, nuke attacks, reflected, or distributed attacks, and permanent denial of service attacks. All of these attacks can be used in destroying your website’s security and preventing online users to access your website.

Sanctions for DoS and DDoS attacks

In the United Kingdom, these illegitimate hacking activities can mean a 10-year imprisonment. In the United States on the other hand, it is considered as a federal crime and is tried as such. Other countries have also adapted their own laws concerning DoS or DDoS attacks to ensure the security of websites, but there are still numerous problems to resolve, as hackers grow more and more intelligent and highly skilled in their malicious activities.

Security Advice To Protect Against SPAM

Mon, 04 Oct 2010 14:07:19 +0000

Spam is one of the most annoying things that you can encounter while using your email accounts. These unsolicited email messages are usually sent by dubious individuals or companies trying to sell something to you. In some cases, they can even be very dangerous since many hackers use spam messages when looking for potential victims. Spam emails are usually sent en masse to various mailing lists, news groups and individuals, with the intent of hacking into their systems. Many people may not realize it but chances are, every single person who has an email account has received at least one spam email message. While spam can be annoying or bothersome for individuals with personal email accounts, they can also hit companies and organizations and they can be used to break through their security as well.

Many spam emails messages also contain various forms of viruses, worms and other forms of malware that can harm a computer and compromise its security. This can be inconvenient for people who use computers at home, but it can have more pronounced negative effects in a company setting. This is because company computers are often connected to a network and if one terminal’s security is bypassed and it gets infected with malware, the chances of other computers in the network getting infected can go up as well.

There are many ways of controlling spam depending on how you use your emails accounts. Free email accounts like gmail and yahoo mail often have spam security filters that do an acceptable job at sorting out spam emails. Many email clients like outlook and apple mail also have built in features that can help with managing spam. However, if you need a more robust and powerful solution to controlling spam, then there are a lot of really good commercial security products available in the market today.

There are a number of different methods which can be used to block off spam; methods such as spam reporting, spam tracing, hiding your email from spammers, and spam blocking and filtering. All these methods are quite useful and will definitely lessen the amount of spam sent to your email. The following are short explanations on how these security techniques work.

Spam reporting
This can be done quite simply as most emails come with this feature automatically built in. One has to simply label the received email as spam and the email provider will automatically block it off.

Spam tracing
This is normally not necessary as there are much simpler ways to get rid of spam. This entails having to track down the sender and then reporting to your email provider.

Hiding email
The easiest way to avoid spam is to avoid posting your email around the Internet. It is not a good idea to leave behind your email in forums or leave them visible within social networking sites as spammers will gladly send emails to any address.

Blocking and filtering
Once spam is received, the email address of the sender can easily be blocked off and one would never have to worry about receiving email from them again as their email will be automatically filtered for your security.

On Zeus Botnet and Security

Mon, 27 Sep 2010 07:20:51 +0000

The zeus botnet is a dangerous and malicious application which is frequently used to target the security systems of banks and for hacking information and details from specifically-targeted users. Zeus is also known as zbot, PRG, gorhax, wsnpoem, and kneber. It is a Trojan horse which steals banking information through the use of keystroke logging and is spread mainly through the use of drive-by downloads and phishing ploys. It was first identified in July of 2006 when it was used as a means of breaking past the security of the United States Department of Transportation to steal information. It became more widespread 2 years later and a security company had discovered that hackers have been able to compromise the security of over 74,000 FTP accounts on different websites of several companies including the Bank of America, NASA, monster, and Amazon, to name a few.

The current zeus botnet is estimated to have compromised the security of millions of computers around the world. It is worth noting that as of October 2009, zeus has sent out over 1.5 million phishing messages through Facebook. It was on November 2009 that an English couple was arrested for allegedly using zeus as a hacking tool to steal personal data. There were also a total of over 9 million phishing emails sent supposedly through Verizon wireless. It is worth noting that zeus is still active and that there is a report which states that credit cards of over 15 unnamed US banks have had their security compromised. The most recent outbreak of zeus is now being called Kneber.

The zeus botnet is known to only target windows machines and computers, specifically those running on windows XP professional SP2. Reports state that there are currently no infections within computers that run on windows 7. Zeus is normally found within machines in corporate and government infrastructures, but personal home computers can be infected as well.
The zeus botnet can be used to bypass the security of online social networks, email accounts and financial services. Sites whose security has been seriously compromised are Facebook, Yahoo and Sonico, to name a few. It is known that focus has been placed on email and social networking sites, but zeus is now targeting the security of online banking sites as well.

It is not difficult to find zeus on the Internet. It can normally be found within underground hacking forums. There are even zeus builder toolkits which allow hackers all around the world to customize zeus and use its functions any way they want. The zeus botnet normally breaches a user’s security through spam emails which may seem to be from legitimate websites. These emails can contain links to various different downloads which will usually house a variant of zeus botnet. If the infected file is downloaded, zeus will automatically be installed within the computer. Common ways of tricking people to download an infected file while within social networking sites is to send users messages which claim that they must download an update patch or tool which is needed to run through the site more smoothly or such.

Once it is installed, zeus will wait until the user connects to the Internet and downloads a configuration file which will have a list of web banking websites to gather the user’s information. Once an infected computer is used to access a banking website, the zeus botnet will launch a keylogger function and save all the keystrokes of the user. Some variants of zeus will even have an agent within the web browser and may inject false fields within web forms which the common user will normally fill up, which leads to him to compromising his security even further. Zeus will then send this information to the hacker. One would be wise to periodically have virus scans in order to check whether or not their system is clean and make sure that the security is uncompromised.

Disable Wireless When Connected to LAN

Fri, 03 Sep 2010 08:26:54 +0000

Wireless today has become a standard interface in every laptop and in most cases it connects automatically to the nearest Access Point it discovers. Most organizations provide unsecured Wireless connectivity to public networks like the internet for their guests through local Wireless Access Points that works in stand alone mode and disconnected completely from organization LAN. However, when a company employee is using his laptop for connecting to the organization LAN the WiFi adapter of the laptop will automatically try to connect to the nearest wireless Access Point. In most cases the nearest wireless Access Point that the employee laptop will discover will be the organization unsecured wireless network. Now, the employee laptop will become the perfect bridge connection to the organization LAN for any potential intruder from the internet or from the local unsecured wireless network. Because of the duplicate connection the employee laptop will consume duplicate network resources and the employee can suffer from unstable network connectivity.

The above scenario is becoming a day by day issue as wireless networks become common standard in every laptop. Lan-Secure Wireless Auto Disable has the perfect solution to deal with the organization wireless management and security. The software will automatically disable WiFi adapters on computers that connected to the company network with LAN cable and re-enable WiFi when the LAN cable is disconnected from the computer.

How does it work?
Wireless Protector Software is installed on windows organization platform and all organization laptops need to be added to the protected computers list. The software will scan all protected laptops and using the network administrator username and password will create a service in each remote laptop. The service that installed on the remote laptops will try to communicate with Wireless Protector Software that installed on the organization LAN each time there is a change in the connectivity status of its network adapters. Upon receiving confirmation from the software the remote laptop will automatically disable the WiFi adapter if the laptop LAN cable is connected to the organization network and re-enable it back when the LAN cable is plugged out from the laptop. Wireless Protector Software will verify that the protection service is running on the remote laptops of the organization and collect protection events and WiFi activation status for each laptop.

How does it protect the organization?
A remote computer WiFi will be disabled only when receiving confirmation from Wireless Protector Software that installed on the organization LAN. That mechanism will assure that protected laptops WiFi adapter will be disabled only when it connected to the organization LAN and not in any place outside the organization. When connected to the organization LAN remote protected laptops will disable their WiFi adapter and the remote user will receive notification message about it. Trying to by passing this mechanism manually by the remote user will fail while the remote laptop is connected to the organization LAN. The software will notify the administrator about the protection status of each remote laptop and collect WiFi disabling events from the protected laptops. The software will assure that the organization LAN will be protected from unsecured wireless connections and from duplicate network connections.

Conclusion
Wireless networks are still the most convenient way for fast and easy communication while WiFi adapters became a standard in every laptop. However, keeping wireless networks accessible to public networks leave them unsecured and vulnerable to potential intruder’s attacks. Wireless Protector Software will protect the organization LAN from wireless networks vulnerabilities and still enable to use wireless communication freely and safely.

Computer Security Risks

Tue, 31 Aug 2010 07:30:56 +0000

Everybody who has a connection to the Internet is in danger of hacking. This is primarily due to certain security holes that are inherent in a large majority of computer systems today. Hackers can do many things to your computer. They can access and copy important and sensitive files and documents; they can modify or delete your files and folders; and they can even reformat your hard drives if they wanted to. This is why it is so important to improve the security on your computer. The scary thing is that accessing other people’s computers over the Internet is relatively easy and almost anyone can do it, given enough time and effort. The good news is that there are many steps and measures that you can take to make your computer difficult to hack.

Hacking is especially dangerous to people who use DSL or cable to connect to the Internet. This is due to the fact that these types of connections often use a static IP address that hackers can use to get into your system. Computers using dynamic IP addresses are more difficult to access because their IP addresses regularly change. There are many tools littering the Internet that unscrupulous individuals can use to hack into your computer without you knowing it. They leave no trace on your system and chances are that you will never realize that anyone actually hacked into your system until it is already too late.

You should go check out a diagnostic site that can give you an idea regarding the vulnerabilities in your system’s security. Just keep in mind to stick to the reputable diagnostic sites just to be safe. You will also have to take a closer look at your file sharing and printer sharing settings. Hackers can easily use these features to take control of your system.

Unfortunately, computers normally have thousands of other ports that can be used to bypass your system’s security. These ports are normally used to download files, surf the Internet or send emails. However, these ports can also be used as doors to access your files and folders. You can download port monitoring software to keep a closer eye on your active ports.

It is never a good idea to share a connection with people you don’t know. However, there are safe ways of splitting your Internet connection to multiple computers while still making it difficult for hackers to take over. There are many products that allow you to do this. All you have to do is visit any reputable computer store or website that sells these products and you’re good to go.

You should also make use of anti-virus software to beef up your computer’s security. There are hundreds of anti-virus software packages available today, but it is best to stick with reputable brands that have a good support system. Once you have purchased and installed the software, remember to update it regularly so your computer can take care of new viruses and other type of malware with relative ease.

Using a firewall is also one of the best ways to safeguard your system. Many operating systems like Microsoft Windows ship with their own firewalls. However, learning how to properly configure your firewall can be a very tricky affair. It is best to refer to online tutorials on how to configure your firewall.

An improperly-configured firewall can easily be breached by hackers. However, there are many settings and features that you can fiddle with to improve your system’s security. Hacking is now a part of our daily lives and it is best to be prepared in case you are targeted by these unscrupulous cyber-criminals.

Website Security Against Black Hat SEO and Hackers

Fri, 27 Aug 2010 08:44:50 +0000

The internet boom has opened more doors for people to reach a wider network via social media. Whether it’s about business or just finding a quicker means to communicate, the worldwide web has become a part of most people’s lives. However, the issue of personal security against hackers has been an alarming concern online.

The impetus behind these undesirable activities lies on a misguided, if not twisted take on search engine optimization. Search engine optimization or SEO per se, is not bad. The primary aim of SEO is to improve rankings of websites so that they would be more “crawlable” or easily accessible for search engines. A higher website ranking means more volume of traffic on your site and more traffic translates to higher website profitability through conversions of visitors into actual customers. But this aspect requires another discourse. For now let’s focus on some devious internet practices.

The negative connotation that has been associated with SEO can be attributed most of the time to black hat SEO practices. Black hat SEO includes, among other shady tactics, keyword stuffing, cloaked pages, link farming, spamdexing and blog comment spamming. The most commonly applied tactics is spamming or in laymen’s term, sending barrages of unwanted email without the consent of webpage or email account owners.

Unlike white hat SEO that relies mostly on favorable impressions on the social media community through quality contents, link building and other evocative methods, black hat SEO tends to be a security issue among online users. It is not that uncommon for personal emails to be flooded with spam mails that come with viruses. These types of viruses, most of the time, are designed to freely access personal online accounts. The idea is to spy on a user’s profile so that the spam mail sender can streamline a particular product to be promoted. Actually, it is like those privacy-invasion tactics employed on George Orwell’s dystopian landscape of a novel 1984. A digital and more adamant take on privacy invasion, that is.
Internet hacking these days is more advanced and organized. Apart from black hat SEO tactics, some also employ gray hat practices. Gray hat SEO, according to SEO experts is hard to define. They are not actually something that falls in between black hat and white hat. It is more about practices that are more beneficial than standard. One good example of gray hat SEO is link-buying or shopping links to establish high ranking. Still ill-defined, this practice is also prone to hacker-exploitation thus also a security risk when it goes out of hand.

To minimize these security risks, it is best to undertake preemptive measures such as email security protection schemes offered by authoritative sites. Hackers tend to attack vulnerable websites and accounts to promote services and products without the owner’s content. That is why, it is best to optimize your site to protect it from these harmful activities. Online users can also report these activities to Google and Yahoo. These search engines provide security measures against internet hacking and online security risks.

A basic knowledge on search engine optimization and how search engine operates is also a great help in detecting whether what is being promoted to you is white hat, black hat or gray hat SEO. There is no excuse in not grasping the basics of these things, especially in the age of information technology. The further advancement of the information super highway provides online user easy access on security risk management and essential knowledge on how to protect your account against online hackers. Employing preventive measures is the best way to keep your website or account safe and free from unmitigated online security risks.

Why an Anti-Virus Alone is not enough Protectio...

Wed, 25 Aug 2010 07:29:05 +0000

Most people already understand the importance of using anti-virus software to protect their computers from viruses. The increasing demand for anti-virus programs is chiefly caused by the increasing need to guard computers from today’s onslaught of risky computer viruses.

Actually, an anti-virus program could help people decrease the risks of infecting their computer’s programs and files. However, an anti-virus program alone is not enough protection from electronic viruses. Some viruses are already transmitted through emails and various websites, which could cause your computer to crash or have confidential information about their servers stolen.

If you want to decrease the possibility of experiencing this kind of problem, you should quit depending on your anti-virus alone. Different kinds of viruses and malwares could actually cause severe damage to your servers once you fail to acquire added protection for your computer’s system.

Here are some of the different threats that are commonly transmitted through electronic mail today.

Buffer overflows

Buffer overflows could infect your computer by controlling its executions and functions. An attacker could easily exploit a bug in your affected computer program and use this to control various executions in your computer. Some attackers could even cause your entire computer program to crash.

Trojans in electronic mails

Trojans that are transmitted through emails could actually do two different things to your computer. Some could cause a breach of security in your network and steal important information from your servers. Meanwhile, some Trojans could also cause damage to your computer’s program by activating a distributed attack in its server.

Since Trojan attacks usually require the need to be activated by the recipient itself, attackers usually disguise Trojan attacks in a number of different ways. Some keep their Trojan attacks as catchy email attachments in the form of jokes or videos that could encourage the victim to run the infected program.

HTML viruses or active content attacks

Attackers that use HTML viruses usually aim it towards those who constantly use web browsers. Some also use it for people who use HTML-enabled email accounts. These invasive attacks are usually created by using the special scripting features of HTML. After this, attackers execute codes into the computers of their victims in order to acquire private information about their victim’s server. Some attackers also use this kind of virus to cause a victim’s computer to display some website content.

Protecting your computer from powerful security threats

Now that you are already familiar with some of the most common viruses that most anti-virus programs are not able to detect, you can start thinking of additional ways to protect your computer from these security threats.

Since an anti-virus program is not enough to keep servers safe from viruses, some organizations have tried to install firewalls into their computer for added security. However, firewalls could only protect their Internet and prevent unauthorized users from accessing your computer’s network.

Firewalls do not have the capability to check the emails sent by those who are authorized to use your system. This makes you susceptible to attacks from email viruses that could still pass through a firewall security. Hence, an organization that uses a firewall and an anti-virus program is still prone to Trojan, HTML virus and buffer overflow attacks.

The best way to protect your network from these email-transmitted viruses is to check all the inbound and outbound emails created by your company before forwarding it to various users. You could also install an efficient anti-virus gateway on your mail server that could check all your email’s contents for viruses and security threats. You should look for programs that offer this kind of security against viruses and consider investing on that particular program.

If you want to keep your online business from identity thefts and profit losses due to system crashes caused by powerful viruses, you should always remember that an anti-virus and a firewall is not enough to secure your network. You should be willing to do everything it takes to protect yourself from these threats because they could cause tremendous losses to your online business or organization.

Today’s Hackers Versus Old-School Hackers

Tue, 17 Aug 2010 08:05:16 +0000

To some people, there is apparently a big difference between the old hackers and the new hackers. These so-called old school hackers point out that most of the newer generations of hackers do not deserve the title hacker and would rather refer to them as criminals or cyber-terrorists. The way these new hackers are generally portrayed in the media are young clever misfits, who would break into security systems without authorization just to cause havoc for fun. The old school hackers strongly resent this saying that these are hackers without ethics, who have no qualms about stealing passwords and software and sharing it with anybody they want.

Most of the old hackers have actually started working for computer security firms corporate software conglomerates. There are even some people like Jobs and Wozniak who have even allowed their company to patent their hardware and software.

The new hackers of the 90’s, as it seems, are not living up to what the old hackers expect of them. A good portion of old hackers go to great measures to define themselves apart from this new class of hackers. Although what most of these old hackers do not realize is that they are quite similar to the new generation of hackers. They are simply too stubborn to look into the reasons why the new hackers do this and they do not understand why these new hackers act the way they do.

According to some old hackers, there is a clear distinction between old and new hackers. The old hackers, as they say, were determined to create, while the new hackers determine to hinder and demolish, to cause havoc. They say that the old hackers enjoyed being in complete control over their computers while the new hackers enjoy the power they get through their computers over other people. They claim that they, the old hackers, sought to improve, while the second group sought to exploit. To simplify things: the old hackers believe they are computer geniuses and that the new hackers are computer terrorists.

Let’s take a look at what old hackers were like. Old hackers were very well known for getting around locks of both the electronic and physical variety. Is there really much difference between the old hackers who justified their actions because they felt that they should have free access to the IBM mainframe, to the new hackers who feel that they should not be denied free access to massive commercial databases without first getting an expensive account? The old hackers were also known for exploiting phone security and exploring different hacks to make free phone calls to unsuspecting places. The old hackers had resented the phone companies for their refusal to share their technical information about telephones. Old hackers believed they were liberating information which they thought should be freely available.

New hackers also believe that while computers can be used as tools to make everyone’s lives easier or as a tool to create beauty, they are also being used to limit freedom and autonomy— they use this to justify that control over computers is simply an act of self defence. Hacking for some hackers is more than just a mere game, or a method to get free stuff off the internet, for them it is a way of life.

There just might be a point in time where the old and new hackers will talk about how similar they really are instead of their difference. While it is true that there are some hackers out there, who do unethical and uncouth things, the old hackers should realise that they are a completely different breed of hackers who have nothing to do with the average ethical hacker with whom they share much similarities with.

Informazione generale

Mon, 09 Aug 2010 10:32:52 +0000

La comparsa del primo virus JPEG

Il 14 settembre Microsoft ha pubblicato il bollettino di sicurezza MS04-028 annunciando una vulnerabilità critica nel modo in cui certi componenti Windows gestiscono i file .JPEG; grazie a questo bug un attaccante può eseguire codice arbitrario su sistemi altrui. Un cracker potrebbe dunque inserire in un'immagine JPEG un codice eseguibile che verrebbe automaticamente avviato ad ogni apertura o visualizzazione del file sulle macchine prive di patch.

L'esecuzione automatica di questo codice può fornire all'attaccante gli stessi privilegi di accesso all'informazione attribuiti all'utente effettivo.
Lo sfruttamento remoto di questa vulnerabilità può comportare la realizzazione di pagine Web apposite, mentre un attacco tramite posta elettronica potrebbe essere effettuato inviando in allegato un file JPEG modificato.

Un ulteriore vettore di propagazione è nelle condivisioni di rete, dove è possibile inserire copie di file JPEG modificati: la vulnerabilità può essere attivata dall'utente semplicemente visualizzando l'anteprima della condivisione o spostando il cursore sul file JPEG. La comparsa di questo virus è particolarmente preoccupante dal momento che i file JPEG sono uno dei formati più comunemente usati per le immagini.

Prove concettuali di codice capace di sfruttare questa vulnerabilità sono apparse solo tre giorni dopo la pubblicazione del bollettino Microsoft.
Il 24 settembre è comparso anche un toolkit che permette di far leva su tutte le potenzialità di questa vulnerabilità, indicando l'esistenza di sforzi congiunti per massimizzare completamente il bug. Trend Micro identifica il toolkit come HTKL_JPGDOWN.A, che può essere utilizzato per generare file JPEG adatti a sfruttare la vulnerabilità.

Una volta lanciato, il toolkit apre un pannello con il titolo del programma ("JPEG Downloader by [ATmaCA]") e chiede quindi di specificare un URL che sarà scaricato dal file JPEG generato dal tool stesso.
L'utente non deve far altro che selezionare il pulsante "Make" per generare un file JPEG appositamente modificato.
Aggiunto da Well Layer; i cracker trovano terreno fertile in facebook, un'infinità di immagini di terze parti si diffonde con estrema rapidità.
Perché facebook non compie la scansione *JPEG. Infatti, gli utenti devono fare affidamento sui propri software anti-virus.

Teen Hackers – The New Face of Hacking

Tue, 03 Aug 2010 08:59:33 +0000

We live in a world where we are increasingly becoming more and more dependent on computers to accomplish even the simplest of tasks. It is fairly common these days to use computers for business, pleasure, shopping, and education. The computer, coupled with the Internet, has thousands of potential uses and people are embracing these technologies more and more as every day passes. As we increase our online presence, we should also pay closer attention to computer security. Nowadays, people store important information like account numbers and other financial details on their computers. This has brought about the rise of a new kind of threat: hackers. Hacking has been around ever since computer networks came into existence. However, the occurrence of teen hacking has steadily been increasing over the past years.

Kids today are born in a world dominated by the Internet and computers. These children are often referred to as digital natives. Compared to individuals who were born before the rise of the computer age, digital natives have a unique understanding of computers and how they work. This is one of the reasons why a large portion of the world’s hacking population are under 18. These juvenile security threats are becoming a very serious problem that we can no longer ignore. In fact, teen hackers instigated many of the world’s most serious computer security crimes. We have a teenager in New Zealand who managed to steal over $20 million from people’s bank accounts. Some of you may also recall the 17-year-old Boston teen who was responsible for compromising the security of thousands of computers in the United States. The list goes on and on as many of today’s youth are beginning a life of crime online.

There are many factors that have led to the rise of the teenage hacker. Many parents may not realize this, but outdated upbringing practices may have partially led to the rise in teenage computer security crimes. We are bringing up our children with values that are no longer compatible with today’s digital world. We teach them not to steal, not to commit violence and not to vandalize other people’s properties; but we forget that for many of these teens, the online world is just as real and tangible as the real world. In addition to the more traditional lessons that adults teach children, we should also be the ones to teach them how to behave properly in the online world. Maybe these teen hackers do not fully realize the implications of their crimes. It is up to their parents to make sure that they understand that stealing online is just as bad as stealing from the neighbourhood grocery store.

Many teen hackers use their skills to get free stuff online. This is a clear indication that they simply do not consider what they are doing as a bad thing. They engage in software piracy, download illegal audio and video files online and steal account names and passwords to gain access to membership sites. In their eyes, they are just getting things that should be free in the first place. Their parents do not fully comprehend what is going on online, so they are not in a very good position to teach their children what is right and what is wrong. Parents should make it their responsibility to educate themselves about online security laws and ethics so they are better prepared to teach new values to their digitally native children. This can be a very difficult task, but it can be well worth the effort. These are just a few of the things that you can do to protect your children from turning into full-fledged cyber-criminals.

Computer Security – Mac vs Windows vs Linux

Thu, 29 Jul 2010 12:29:51 +0000

Computer security is something that most computer users take for granted. However, it is a very important aspect of using computers and it is also something that you cannot ignore. These days, more and more people use computers in their daily lives. They use them to work, play and shop. Online shopping is a very common thing these days, and people often store valuable information like credit card numbers in their computer hard drives. This is the reason why there are unscrupulous individuals who will try to break into your system. The three most popular operating systems today include Windows, Mac OSX and Linux. These three operating systems enable people to run their programs and use their computers more efficiently. However, each operating system handles security in a different manner. Here are some of the pros and cons for each system.

Windows
Windows is the most popular operating system in the world. It is used by hundreds to millions of people to help them with their computer-related tasks. Because Windows is so common, there are more programs and software available for Windows than any other operating system. This also means that there are more viruses and other types of malware made to attack Windows systems. Among the top three operating systems, Windows happens to be the least secure. There are many available updates and software available to make the system more secure, but these measures can cost a lot of money. However, Windows is easy to learn and easy to use. There are also a lot of free security software programs available. Unfortunately, free software programs are usually not as effective as their proprietary counterparts.

Mac OSX
OSX is the second most popular operating system in the market. According to recent surveys, the OSX is used by around 10% of the computer consumer market. Unlike the Windows OS, Mac OSX does not get any viruses. However, there are also a number of malwares made for attacking Macs, but these harmful programs can easily be countered if a user is careful when dealing with unknown programs. Malware on the OSX usually exploits weaknesses in the browser software to get into the system. These harmful programs can easily be removed by deleting the suspect file. Free security patches are also regularly released, making the system more secure. In addition to that, Mac computers can also be used to run Windows. However, installing Windows on a Mac system means that you will be exposing yourself to the security weaknesses inherent in the Windows OS. The main problem with Mac computers is the price. These units can be very expensive and the prices might be beyond the reach of the average computer consumer. If you come from a Windows background, it might also take you some time before you can adjust to using OSX.

Linux
Linux is an open source operating system. This means that Linux operating systems are a lot cheaper than other operating systems. In fact, some versions of Linux can be downloaded and used free of charge. According to recent surveys, Linux is used by less than 1% of the computer consumer market. This is more stable and more secure than Windows. Linux has many features that are similar to Unix, a kernel that also forms the foundation of the Mac OSX. Since Linux only enjoys a very small share of the market, malware makers often tend to overlook Linux, making it a lot less prone to malware attacks. It is also open source, which means that thousands of people are working everyday to fix weaknesses and loopholes in the system. However, Linux operating systems can be very difficult to use for the average computer user. This is the main reason why only a handful of people use this operating system.

HTTP Status codes

Fri, 16 Jul 2010 12:41:39 +0000

The following list contains the HTTP status codes as long as a short description associated with each of them.

100 Continue
101 Switching protocols
200 OK
201 Created
202 Accepted
203 Non-Authorative information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Req.
408 Request Time-Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Large
415 Unsupported Media Type
500 Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Time-Out
505 HTTP Version not Supported

Note that the first digit of each status code reveals the type of response which can fall into 5 categories:

• 1xx Informational
Request received, continuing process.

• 2xx Success
The action was successfully received, understood, and accepted.

• 3xx Redirection
The client must take additional action to complete the request.

• 4xx Client Error
The request contains bad syntax or cannot be fulfilled.

• 5xx Server Error
The server failed to fulfil an apparently valid request.

For more information on Hypertext Transfer Protocol -- HTTP/1.1 please refer to RFC2616

The effect of spyware on unaware users

Fri, 16 Jul 2010 12:31:54 +0000

Author: wishes to remain anonymous

What's more scary than the unknown... by nature, human beings fear and despise what they cannot explain, some try to surpass it by getting informed, others just prefer to sit in the dark and let that chance pass by them, therefore never transcending the fear of what they "Can't and/or don't want to understand"...

With the current "crescendo" voice about spyware affecting users directly and stealthily, it's a fact that user awareness doesn't follow this trend, what we try to look at in this paper is the effect that this particular form of fear has on the basic user mind...

Recently I’ve been confronted with people not wanting to browse the web just because they are afraid of "losing their identity" or being almost "cloned" by someone else somewhere in the other side of the world, this fear increases when one has to use a shared computer or even access a bank account online.

From a psychological point of view we can see that this is a big issue for whoever is un-aware of the real dangers of spyware and it is therefore crucial for the normal user to understand today's new types of danger.

Protection is not only about installing some kind of script or program to keep you free from spyware just because you heard that spyware is bad and it is going to leech information out of you, it is also about being aware of what the application is doing behind scenes and what it is preventing spyware from doing, once again, the solution turns into awareness and understanding...

According to a report conducted by Pew Internet & American Life:
Link: http://www.pewintern...ort_display.asp

Quoting:
"Nine out of ten internet users say they have adjusted their online behaviour out of fear of falling victim to software intrusions.
Spyware and the threat of unwanted programs being secretly loaded onto computers are becoming serious threats online. Tens of millions of Americans have been affected in the past year by software intrusions and many more have begun to take precautions by changing the way they use the internet.

Overall, 91% of internet users say they have made at least one change in their online behaviour to avoid unwanted software programs.

Among the changes:
• 81% of internet users say they have stopped opening email attachments unless they are sure these documents are safe.
• 48% of internet users say they have stopped visiting particular Web sites that they fear might deposit unwanted programs on their computers.
• 25% of internet users say they have stopped downloading music or video files from peer-to-peer networks to avoid getting unwanted software programs on their computers.
• 18% of internet users say they have started using a different Web browser to avoid software intrusions.

After hearing descriptions of “spyware” and “adware,” 43% of internet users, or about 59 million American adults, say they have had one of these programs on their home computer. This is probably a conservative estimate since this survey may have been the first time that respondents had heard definitions of the programs. In addition, there are significant gaps between people’s perceptions and the reality of what is on their computers and there is a very strong likelihood that a big portion of those who have had computer problems have been victimized by spyware or more aggressive computer viruses without their knowing the cause of their problems. For instance, in October 2004, the Online Safety Study by AOL and the National Cyber Security Alliance reported that 53% of respondents said they had spyware or adware on their computers, but a scan revealed that 80% of respondents actually had such programs installed.

Although most do not know the source of their woes, tens of millions have experienced computer problems in the past year that are consistent with problems caused by spyware or viruses:
• 52% of home internet users say their computer has slowed down or is not running as fast as it used to.
• 51% of home internet users say their computer started freezing up or crashing, requiring them to shut down or reset.
• 25% of home internet users say a new program appeared on their computer that they didn’t install or new icons suddenly appeared on their desktop.
• 18% of home internet users say their internet home page changed without them resetting it."

Spyware is...?
"Spyware is computer software that collects personal information about users without their informed consent."
Quoted from wikipedia

Regarding spyware classification, how it is used and who it is used by, can be divided into two main categories:

1. Focused on stealing info:
In this section we can say "hackers" are the perpetrators; their spyware usage is intended to gather, track and steal confidential/sensitive data that they shouldn't be allowed to have access to normally;

2. Focused on gathering usage habits info:
Advertising agencies are the main subjects on this section; their spyware usage is intended for tracking and collecting user usage habits on the web so they can target their adverts to something that the user can find interesting...

Spyware is not...?
Spyware is not a trojan;
Spyware is not a virus;
Spyware won't kill you, though it can get you killed if you're hiding from someone;
Spyware is not a computer game about spies.

How does spyware work then?
Spyware comes in the form of something you really want, that can be a cash prize, a free expensive gift, everything you can be interested in.. .Although nowadays spyware creators are starting to embed the spyware in HTML by hiding code in the page currently being loaded, there is still a good chunk of spyware that is dependant of user action and unawareness, that means clicking popups, opening infected e-mails etc... The list grows day by day...
What both types of spyware (either using habits tracking or information stealing) do is collecting all the relevant data they can and then send it back to the creator entity. Being able to collect the data is dependant on several masquerading and stealth techniques which main goal is to trick the user of the spyware origin and pretending that it comes from a liable source. We focus on some of techniques below:

• As an offer of enhancing a feature:
Who doesn't want to be in the top of the food chain, to be the best of the best...? it's always cool to show your friends that your browser makes cool searches for you using a toolbar that auto completes your searches or that queries 5 or more big search engines at the same time...isn't it? Well I’m sure it isn't really funny when you later have to spend some hours having to back up what you can in order to reinstall your windowze back again... is it worth it just for a little feature that usually doesn't work at all?

• Embedded inside software installations:
One of the easiest ways to get your computer full of spyware is using software from an unreliable source, a huge amount of software, especially P2P programs come bundled with cool features, being one of them exactly what you don't want...Spyware! Why this? Ever wondered how many people use P2P nowadays... now look at it in a general concept, what do those people usually want to download from P2P? That’s right, music, movies, etc... Free stuff, well if you're looking for free stuff which you usually would have to pay for, you would probably want a free version of a payable P2P too right? Now imagine how simple it is for someone to provide you with a "free" software that it is not "free" at all from spyware...

• As anti-spyware tools:
So, you have spyware on your computer, that means you either didn't install tools to prevent it or got greedy for those "£1.000.000.000" they offered you and realize you need an anti-spyware, so why not install one that comes bundled with the spyware itself already? This type of offer is becoming more and more used by infectors, users usually come into despair to clean their computers after getting infected and become sometimes too mentally blinded to understand what they are installing on their computer...

One for you... one for me... both happy...
With spyware expansion, there has been a very lucrative market focused on preventive technologies growing everyday.
Just to give the reader some examples, here follows a short list of free and commercial anti-spyware tools:

Ad-Aware SE - Lavasoft
Spybot-Search & Destroy - Patrick Kolla
Spy Sweeper - Webroot
Anti-spyware - Trend Micro
CounterSpy - Sunbelt

What can I do about it?
If you're a company manager, make your personnel aware of what spyware is and what spyware is not...you can do this by showing them a live demo of what spyware can do and the main sources from where spyware comes from, show them how going to a simple website can lead you to almost having to format your Windowze computer to get it sorted out... but at the same time, make a balance between what it does, what it doesn't and how to prevent it.
If you're a "normal user", be aware that there will always be spyware in your life, you can't hide from it but you can prevent it, being aware of what it is, is halfway to being protected, the other half can be covered by using a good program to help you get rid of what you can't avoid and also by your abilities to escape it...
It can be said that in this field preventive technologies are still falling behind the attacking methodologies though the gap between prevention and infection getting shorter for the infection side, as for total irradiation of this thread, is not even something worth of thinking at this point due to its current widespread status and power.

How to Increase Your Computer’s Security Agains...

Thu, 15 Jul 2010 10:55:19 +0000

Botnets are a collection/grid of robots or software that are designed to run automatically. Although botnets are usually used by software that deals with distributed computing, botnets can also be used and are often talked about in the context of hacking and other malicious acts. This has become an alarming trend in computer security and many people are looking for ways to safeguard their computers against botnet attacks. Bots are usually distributed by using existing vulnerabilities and loopholes that are inherent in any computer system. Some users can also be tricked into downloading malicious botnet files. This is one of the reasons why educating yourself about basic computer security is very important.

Computers are actually infected by what is referred to as a bot and become what is often referred as a zombie. If your computer is infected by a bot, then your entire system has been compromised. A bot herder or in more technical terms, a botmaster, which is a person who controls botnets, now has control over your system through the botnets that the bot in your computer is a part of. A botmaster can issue a command to his or her botnets and computers that have been infected will respond to it and act accordingly.

Bots are difficult to spot. In fact, this is almost impossible for the average user to notice its existence since bots only run in the background without giving away their presence. Bots are usually well made and it is difficult to even spot the infection process. Most people hardly have any idea that their computers are infected with bots until the moment that they are attacked.

There are certain steps that you can take to increase your computer’s security against malicious botnet attacks. You can install commercial/free firewall programs or physical firewalls that are somewhat effective at stopping botnet attacks. A good firewall can also prevent your computer from becoming part of botnets in the first place. This is especially important for people who are not very savvy when it comes to computer security.

You should also use different passwords for each program that you use. This will make it more difficult for bots to infect your system. It can also help if you use passwords that are more than six characters long. You should also be diligent in installing software patches. Programmers are constantly making new patches to cover up existing vulnerabilities in the software programs that they produce. By constantly downloading and installing new security patches, you are making your system more secure from botnet attacks.

You should also install a reliable anti-virus program in your system. This can help in stopping viruses and bots from infecting it. This will help you beef up the security of your computer and your hard drive. Be diligent in downloading new anti-virus updates to keep your security protocols up-to-date. You should also keep all of your software components up-to-date. This will make it more difficult for botmasters to take advantage of any vulnerability in your system.

Most anti-virus programs from big companies like Trend Micro, McAfee and Symantec all have extra anti-bot net features that help in making your system more secure. The best way to fight against botnet attacks is to prevent them from happening in the first place. This is the main reason why security should be an important consideration for users. People who make bots and viruses often come up of new ways of taking advantage of inherent weaknesses and vulnerabilities in computer software. This cat and mouse game has been going on between hackers and security experts for years and it will likely continue for as long as computers remain a very important tool in today’s high-tech world.

The Five Most Dangerous Internet Security Myths

Mon, 05 Jul 2010 08:10:35 +0000

Eric Larkin in PC World reports that we need to get rid of myths about the internet in order to stay safe online.

Myth #1:
Maladjusted teens vandalize your computer.

Reality #1:
Gone are the days when teenagers looked for 15 minutes of fame. Organized crime is the culprit. They want money. Online black marketers place malware on computers to make money. They take over PCs to send spam, steal logins and credit card information, or hack game accounts. They use stolen webmail accounts to request transfers from contact lists and raid online games to sell the items or the in-game currency for real money. Financial fraud by cyber-criminals have cost consumers and businesses billions of dollars.

Myth #2:
All you need is a good antivirus program.

Reality #2:
Wrong. A good antivirus program will help a good deal, but antivirus companies are locked in a constant battle with cyber-criminals who make every effort to stay one step ahead of antivirus software. Yes, many times the security software can prevent the attacks, but other times there are holes in the software and the criminals get the upper hand. You need more security software than just a good antivirus program to protect you from cyber-crime.

Myth #3:
You're fine if you are just careful where you surf.

Reality #3:
This way of thinking is outdated. Years ago you could tell if a site was dangerous just by looking at it, and if you were careful with your emails, you could go without antivirus software. Not anymore. Now personal pages and big-name company sites are hacked by cybercriminals using flaws in the security software to install malware. You would have to be an expert to recognize a hacked page or an email that was attacked. Besides antivirus software, you need antispyware, antirootkit, and a bidirectional firewall along with a team of techs to protect you from cyber-criminals.

Myth #4:
"If it ain't broke don't fix it" requires knowing when something is broken.

Reality #4:
These days there are malicious hidden processes, threats, files, or registry keys and you need advanced anti-rootkit technology to remove them.

Myth #5:
The worse myth. We're all doomed. Stay offline.

Reality #5:
Yes, you can get hacked, but if you know the risks and prepare adequately you can enjoy what the Web has to offer. By following these simple steps, you can be protected from cybercriminals.

* Install antivirus+antispyware, antirootkit, and a bidirectional firewall onto your computer.

* Make sure your computer has daily security updates, automatic upgrades to new software, and full security software support.

* Have your computer monitored daily for malware and have malicious codes stopped before they can harm your computer.

* Get protection for emails and attachments.

* Have your own team of techs to keep your computer clean and running well.

Don't fall hostage to cybercriminals. Don't accept the worst myth that the crooks own the internet and that the only good option is to use the internet as little as possible.

Log onto my informational blog http://www.crimeandjustice4all.com to learn about a Managed Internet Security Service and how it can protect you, your family, and your business from cybercrime. I am Miriam Bobroff, President and CEO of Bubby's Business, Inc. an international marketing and distribution company that offers education and cutting edge solutions to the problem of Cybercrime. I have always helped people to improve the quality of their lives and I now include a Managed Internet Security Service into my business that helps people fight the war on Cybercrime and keeps them safe and secure from cybercriminals.

For more information, log onto http://www.crimeandjustice4all.com or you can reach me at 888-809-3798 or email me at crimeandjustice4all@gmail.com.

Article Source: http://EzineArticles...=Miriam_Bobroff

What a Website Knows About You

Mon, 05 Jul 2010 08:05:39 +0000

Most websites prominently display some for of privacy policy that describes what kind of information the site collects about its visitors and what it does with that information. This makes perfect sense when you supply your name and/or email address and/or other pertinent personal information to the site, such as when you're creating an account or making a purchase. But what does a website know about you if you don't register with it? To understand this you need to know a bit about how web browsers and web servers interact.

A web server is the software application that hosts a website. Your web browser communicates with the web server to fetch the HTML pages, images, videos, etc. that make up the website. This communication is done using a "protocol" (a set of commands) called HTTP, which is short for "Hypertext Transfer Protocol".

An interesting feature about HTTP is that it's mostly a plain text protocol. In other words, the commands are human-readable words and phrases. Here, for example, is the simplest HTTP command for fetching a single web page from a web server:

GET /index.html HTTP/0.9

This command says "Please GET the page '/index.html' and, by the way, I only understand version 0.9 of HTTP".

The web server would typically respond with a status code, some extra information, and the contents of the page in question.

A web browser normally sends additional information along with the request for a specific page. This information is sent to the web server using headers, which are name-value pairs. A modern browser would send headers like these:

GET /index.html HTTP/1.1

Host: http://www.yahoo.com

Referer: http://www.google.co...=best+directory

Accept-Language: en-US, en, fr-CA, fr

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15 GTB5

These headers tell the web server:

* That the visitor was directed to the website from a google.com search (the "Referer" header -- yes, it's misspelled, that's the way it is in the protocol and it can't be changed) for the term "best directory".

* That the visitor reads English and French (the "Accept-Language" header).

* That the visitor is using the Firefox browser (the "User-Agent" header).

When combined with the IP address of your computer (which the web server gets directly from the network connection the browser makes), this information can tell the webmaster a lot about the visitors that are browsing the site. None of it is personally identifiable information, but it's definitely useful. Webmasters can even tell which part of the world you're coming from based on your computer's IP address.

You can control how much of this information makes it to the web server. If you use the Firefox browser, for example, there are add-ons (extensions) that let you disable or otherwise mask these headers.

For the most part, though, these headers are actually useful for the webmaster and there's no need to block most of them. The only ones that should concern you are the cookies (markers) that web servers can insert into an HTTP conversation. Cookies have their use, but they're also a privacy concern when misused by website owners. Luckily, a good cookie blocker is all you need to fix that problem.

Eric Giguere is a well-known software developer and the author of several books. You can use his free HTTP Header Viewer tool to see the information your browser is sending to the websites you visit.

And if you have an interest in mobility, be sure to check out SQL Anywhere, the leading mobile database software.

Article Source: http://EzineArticles...rt=Eric_Giguere

Computer Forensics - When You Doubt Your Employee

Mon, 05 Jul 2010 08:00:23 +0000

In this high-tech world, communication is done 99.999% via electronic gadgetry, which means computers. From personal to corporate communications, from simple messages between employees to complicated ciphers of industrial espionage or financial crime, computers are the vehicles. Thus the best place to find evidence of employee misdemeanor in almost all aspects is to check his computer hard disk. Whether it is a refurbished computer, a used computer or a new computer, traces of what he did using the machine may be analyzed to establish whether he committed malfeasance or not. This field of post facto computer analysis is called computer forensics.

Every computer records all keystrokes performed in the machine, since it must respond to them as instructions. This record is normally stored in the disk in various locations though most may be automatically deleted as part of the operating system methodologies. But analysis of computer disks normally reveals traces of these, especially the deleted items that have not yet been overwritten by new information. Deletion of information in any program simply means the computer will not access it, but it does not go away unless overwritten, and may be 'read' by specialized gadgets to reveal what was thought to be already eliminated.

There are two general reasons for computer forensics: when an employee is suspected of misbehavior in keeping company information confidential during his tenure; and if an employee is thought of under performance, not devoting his full time to his work. In the first instance, the computer may be confidentially examined after the employee has left without anyone being the wiser; but in the second instance, periodic computer inspection is the only way to identify goldbricking employees without adversely affecting employee morale. Otherwise, spying on the employee will be the alternative, either via electronic gadgets or actual spies.

Information obtainable by forensics gadgets include:

1. Files or parts of files that have been deleted but not overwritten. As stated above, the magnetic arrangement for the information stays as is unless rearranged by new keystrokes.

2. List of deleted file titles even without the files. This may indicate the use of unsanctioned or unofficial applications.

3. Websites visited, at any browser setting, even if deleted from browser history. Normally recorded in hidden files or unused disk space and readable in whole or remnants.

4. Opened or downloaded Internet information or graphics. Same with the preceding.

5. Non-standard applications or software used.

6. Residual information in the temporary files, saved or not. Usually the most recent work.

7. Hidden information or those protected by passwords. The applications used can crack the passwords or go beyond them.

Corporate studies indicate that about 20% of employee computer time at work is devoted to activities not directly connected to the work, and this is grossly unfair to the employer. Employee monitoring is thus a way of ensuring correct employee conduct, but there is also such a thing as employee morale and right to privacy. The trick is getting and keeping a balance between the two rights, and computer forensics is simply a way to do it.

Connor Sullivan been searching online for a refurbished computer that his son can take to college. He purchased a used computer to use in his office.

Article Source: http://EzineArticles...nnor_R_Sullivan

What is Computer Forensics?

Mon, 05 Jul 2010 07:54:26 +0000

When an unauthorized incident occurs against your network, such as an attacker breaking though your network's defenses, an appropriate response is required. The response to the intrusion includes using forensic science to properly respond to the event.

Forensic science, or forensics, is the application of science to problems that are of interest to the legal profession and deals mainly with the recovery and analysis of evidence. Computer forensics attempts to retrieve information that can be used in pursuit of the attacker or criminal.

Computer forensics is also called digital forensics because its uses techniques to identify, collect, examine and preserve information or evidence, which is magnetically stored or encoded.

When your team responds to a criminal event that requires an examination using computer forensics, there are generally four basic steps that are followed.

1. Secure the crime scene
2. Collect and preserve evidence
3. Establish a chain of custody
4. Examine evidence

The first step in reacting to a computer forensics incident is for the first responders to secure the crime scene. The response team should document the physical surroundings of the computer or electronic device that is suspected of containing digital evidence. This includes photographing the area from different angles before anything is touched and labeling cables connected to the computer.

Additionally, the team should interview anyone who had access to the computer and take custody of the entire computer along with the keyboard, external memory devices, and peripherals.

Since digital evidence is easily altered or destroyed, only properly trained computer evidence specialists should process computer evidence in order to ensure that integrity is maintained and the data obtained can withstand scrutiny in a court of law.

The computer forensics team should capture any data that may be lost when the computer is turned off including:

* RAM contents
* Current network connections
* Logon sessions
* Network configurations
* Open files

After the volatile data is preserved the team should create a mirror image backup of the hard drive. A mirror image backup, or bit-stream backup, is an evidence-grade backup that is admissible in court and must be done in a controlled manner by trained professional.

Establishing the chain of custody documents who had access to the evidence and when. Serial numbers should be recorded and the evidence should be kept under strict control at all times.

Finally, after the mirror image is created and the original system is secured, then the mirror image is examined to reveal evidence.

All data should be investigated for clues including:

* Word processing documents
* Spreadsheets
* Emails
* Caches
* Cookies
* Metadata
* Database entries

Additional sources of hidden clues may come from RAM Slack or Drive Slack. When Windows computers use memory to process data information that has been created, viewed, modified, downloaded, or copied it may still be available.

The author is a computer security professional with experience protecting small business and home networks. He also teaches the basics of computer network security at 365 Computer Security Training where he blogs regularly and creates video training and educational materials related to information security. Learn more at http://www.365Comput...ityTraining.com

Article Source: http://EzineArticles...rt=Michael_Linn

Information Assurance Degree - Learn How to Tra...

Mon, 05 Jul 2010 07:42:13 +0000

Information assurance is the process of protecting information from misuse by people inside or outside a business, corporation or other organization. This misuse may come from a hacker or corporate spy, but it can also be the work of a current or former employee who might want to sabotage a database. It is the responsibility of the information assurance professional to construct a system designed to stop this from taking place.

Because there is no system that is perfectly secure, it is also the responsibility of the information assurance professional to help formulate a system of checks and quality control that allows an organization to track down the perpetrators. Technology is forever changing, and with any online transaction there is always the risk of a security violation. So, the job of information assurance is forever vigilant.

The information professional must be knowledgeable in several aspects of computer technology. Especially in network design. Some networks are local, to be used only within the organization itself. Other networks are very broad-ranging, used by customers across the country or around the world. With this in mind, the network has to be designed to accomplish the aims of the organization while protecting core information.

Information assurance professionals must also be knowledgeable in intrusion detection and control Intrusion detection is not a security system in itself. Instead, it inspects all inbound and outbound network activity to trace suspicious patterns that could indicate someone is attempting to compromise a computer system.

Data can be compromised by human error, system crashes, software bugs or viruses, and even natural disasters such floods or fires; information is valuable and must be recovered whenever possible. This can be accomplished through backup systems or other specifically-designed software products. The information assurance specialist is involved with all these technical aspects, but they are also involved in the organizational operation of creating a security policy for the organization and ensuring that people within the organization adhere to it. They are obliged to be familiar with national and state laws that regulate privacy concerns and electronic trade.

The current demand for specialists with information assurance skills means graduates with a bachelor's degree in computer science and experience can find employment. Broad knowledge of computer hardware and software is important, however, information assurance jobs typically demand knowledge above and beyond a general computer background.

Some programs offer certificates in the specialty, which is helpful. However, more schools are offering programs at the master's degree level. Programs that offer a master's degree usually call for students who have fulfilled an undergraduate degree in computer science or something comparable. Norwich University, which is a Military Academy are currently offering an online degree to achieve a Master of Science in Information Assurance.

As an author for Mini Garden Flags and Mini Garden Flag, Joy reviews mini garden flags and decorative garden flags online.

Article Source: http://EzineArticles...Joy_C._Harrison