SlideShare a Scribd company logo

Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt

Download as PPT, PDF
A
ajajkhan16

Unit-4 Cybercrimes-II Mobile and Wireless Devices

1 of 33
Download to read offline
Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt
Tools and Methods used in Cybercrime
Various tools used for the attack  Proxy severs and Anonymizers  Phishing  Password cracking  Keyloggers and spywares  Virus and Worms  Trojan horses and Backdoors
1. Proxy severs and Anonymizers  A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service.  A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.
Purpose of a proxy server  Improve Performance:  Filter Requests  Keep system behind the curtain  Used as IP address multiplexer  Its Cache memory can serve all users Attack on this: the attacker first connects to a proxy server- establishes connection with the target through existing connection with the proxy.
An Anonymizer  An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable.  It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet.  It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.  For example, large news outlets such as CNN target the viewers according to region and give different information to different populations
2. Phishing Phishing is a type of cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime.  Stealing personal and financial data  Also can infect systems with viruses  A method of online ID theft
How Phishing works? 1. Planning : use mass mailing and address collection techniques- spammers 2. Setup : E-Mail / webpage to collect data about the target 3. Attack : send a phony message to the target 4. Collection: record the information obtained 5. Identity theft and fraud: use information to commit fraud or illegal purchases
3. Password Cracking  password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.  A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking  help a user recover a forgotten password  to gain unauthorized access to a system,  or as a preventive measure by System Administrators to check for easily crackable passwords
Manual Password Cracking Algorithm  Find a valid user •Create a list of possible passwords •Rank the passwords from high probability to low •Key in each password •If the system allows you in - Success •Else try till success
examples of guessable passwords  Blank  Words like “passcode” ,”password”,“admin”  Series of letters “QWERTY”  User’ s name or login name  Name of the user’s friend/relative/pet  User’s birth place, DOB  Vehicle number, office number ..  Name of celebrity  Simple modification of one of the precedings, suffixing 1 …
Categories of password cracking attacks:  Online attacks  Offline attacks  Non-electronic attacks ◦ Social engineering ◦ Shoulder surfing
Online attacks  An attacker may create a script- automated program- to try each password  Most popular online attack;- man-in-the-middle attack or bucket-brigade attack  Used to obtain passwords for E-mail accounts on public websites like gmail, yahoomail  Also to get passwords for financial websites
Offline attacks  Are performed from a location other than the target where these passwords reside or are used  Require physical access to the computer and copying the password
Types of Password Attacks  Password Guessing ◦ Attackers can guess passwords locally or remotely using either a manual or automated approach  Dictionary attacks ◦ work on the assumption that most passwords consist of whole words, dates, or numbers taken from a dictionary.  Hybrid password ◦ assume that network administrators push users to make their passwords at least slightly different from a word that appears in a dictionary.
Weak passwords  The password contains less than eight characters  The password is a word found in a dictionary (English or foreign)  The password is a common usage word such as:  Names of family, pets, friends, co-workers, fantasy characters, etc.  Computer terms and names, commands, sites, companies, hardware, software.  The words "<Company Name>", "sanjose", "sanfran" or any derivation.  Birthdays and other personal information such as addresses and phone numbers.  Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.  Any of the above spelled backwards.  Any of the above preceded or followed by a digit (e.g., secret1,1secret
Strong Passwords  Contain both upper and lower case characters (e.g., a-z,A-Z)  Have digits and punctuation characters as well as letters e.g., 0-9, @#$%^&*()_+|~- =`{}[]:";'<>?,./)  Are at least eight alphanumeric characters long.  Are not a word in any language, slang, dialect, jargon, etc.  Are not based on personal information, names of family, etc.  Passwords should never be written down or stored on-line.  Try to create passwords that can be easily remembered.  One way to do this is create a password based on a song title, affirmation, or other phrase.  For example, the phrase might be: "This May Be One Way To Remember"  and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
Random passwords  Secure Password Generator  Password Length:  Include Symbols:  ( e.g. @#$% )  Include Numbers:  ( e.g. 123456 )  Include Lowercase Characters:  ( e.g. abcdefgh )  Include Uppercase Characters:  ( e.g.ABCDEFGH )  Exclude Similar Characters:  ( e.g. i, l, 1, L, o, 0, O )  Exclude Ambiguous Characters:  ( { } [ ] ( ) / ' " ` ~ , ; : . < > )  Generate On The Client Side:  ( do NOT send across the Internet )  Auto-Select:  ( select the password automatically )  Save My Preference:  ( save all the settings above for later use )  Load My Settings Anywhere:  URL to load my settings on other computers quickly  Your New Password:  Remember your password:  Remember your password with the first letters of each word in this sentence.  To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, you should notice that:  1. Do not use the same password for multiple important accounts.  2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.  3. Do not use the names of your families, friends or pets in your passwords.  4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.  5. Do not use any dictionary word in your passwords.  6. Do not use something that can be cloned( but you can't change ) as your passwords, such as your fingerprints.  7. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be revealed easily.  8. Do not log in to important accounts on the computers of others, or when connected to a publicWi-Fi hotspot,Tor, freeVPN or web proxy.  9. Do not send sensitive information online via HTTP or FTP connections, because messages in these connections can be sniffed with very little effort.You should use encrypted connections such as HTTPS and SFTP whenever possible.  10.When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a privateVPN on your own server( home computer, dedicated server orVPS ) and connect to it.Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY.Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, he'll won't be able to steal your data and passwords from the encrypted streaming data.  11. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company's server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.  To check the strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your passwords to MD5 hashes on this MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is "0123456789A", using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it?You can perform the test yourself.  12. It's recommended to change your passwords every 10 weeks.  13. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.  14. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.  15.Turn on 2-step authentication whenever possible.  16. Do not store your critical passwords in the cloud.  17.Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.  18. Protect your computer with firewall and antivirus software, download software from reputable sites only, and verify the MD5 or SHA1 checksum of the installation package whenever possible.  19. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.  20. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it's necessary.  21. If you're a webmaster, do not store the users passwords in the database, you should store the salted hash values of passwords inste
4. keyloggers  Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.  It has uses in the study of human–computer interaction.  There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis.
Software-based keyloggers  Software-based keyloggers use the target computer’s operating system in various ways, including: imitating a virtual machine, acting as the keyboard driver (kernel- based), using the application programming interface to watch keyboard strokes (API-based), recording information submitted on web-based forms (Form Grabber based) or capturing network traffic associated with HTTP POST events to steal passwords (Packet analyzers).  Usually consists of two files DLL and EXE
Hardware keyloggers  installing a hardware circuit between the keyboard and the computer that logs keyboard stroke activity (keyboard hardware).  Target- ATMs
Acoustic keylogging  Acoustic keylogging monitors the sound created by each individual keystroke and uses the subtly different acoustic signature that each key emits to analyze and determine what the target computer’s user is typing.
AntiKeylogger  An anti-keylogger (or anti–keystroke logger) is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logger software on your computer.
Benefits of Antikeyloggers
Spywares  Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge
6.Trojan horses and Backdoors  A Trojan horse, or Trojan, in computing is generally a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm
Examples of threats by trojans  Erase, overwrite or corrupt data on a computer  Help to spread other malware such as viruses- dropper trojan  Deactivate or interface with antivirus and firewall programs  Allow remote access to your computer- remote access trojan  Upload and download files  Gather E-mail address and use for spam  Log keystrokes to steal information – pwds, CC numbers  Copy fake links to false websites  slowdown, restart or shutdown the system  Disable task manager  Disable the control panel
Backdoors  A backdoor in a computer system is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.  Also called a trapdoor.An undocumented way of gaining access to a program, online service or an entire computer system.  The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.
Functions of backdoors Allows an attacker to  create, delete, rename, copy or edit any file  Execute commands to change system settings  Alter the windows registry  Run, control and terminate applications  Install arbitrary software and parasites  Control computer hardware devices,  Shutdown or restart computer
Functions of backdoors  Steals sensitive personal information, valuable documents, passwords, login name…  Records keystrokes, captures screenshots  Sends gathered data to predefined E-mail addresses  Infects files, corrupts installed apps, damages entire system  Distributes infected files to remote computers  Installs hidden FTP server  Degrades internet connection and overall system performance  Decreases system security  Provides no uninstall feature, hides processes, files and other objects
Examples of Backdoor trojans  Back Orifice : for remote system administration  Bifrost : can infect Win95 through Vista, execute arbitrary code  SAP backdoors : infects SAP business objects  Onapsis Bizploit: Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment
How to protect from Trojan Horses and backdoors  Stay away from suspect websites/ links  Surf on the web cautiously : avoid P2P networks  Install antivirus/ Trojan remover software
Ad

Recommended

Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
Klaus Drosch
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
Patel Mit
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
zeus7856
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
William Mann
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
STO STRATEGY
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
cougarcps
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
Gamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptxGamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptx
yg5ptrdvbg
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101
Kojac801
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Protect your website
Protect your websiteProtect your website
Protect your website
Muthu Natarajan
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
leahg118
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
John Dorner
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014
B2BPlanner Ltd.
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
PixelCrayons
 
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptxSYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
ajajkhan16
 
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
ajajkhan16
 
Ad

More Related Content

Similar to Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt (20)

Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
STO STRATEGY
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
cougarcps
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
Gamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptxGamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptx
yg5ptrdvbg
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101
Kojac801
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Protect your website
Protect your websiteProtect your website
Protect your website
Muthu Natarajan
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
leahg118
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
John Dorner
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014
B2BPlanner Ltd.
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
PixelCrayons
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
STO STRATEGY
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
cougarcps
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
Matthew Bricker
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
Gamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptxGamifying Ethical hacking for education.pptx
Gamifying Ethical hacking for education.pptx
yg5ptrdvbg
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101
Kojac801
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Protect your website
Protect your websiteProtect your website
Protect your website
Muthu Natarajan
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
leahg118
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
John Dorner
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014
B2BPlanner Ltd.
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
PixelCrayons
 

More from ajajkhan16 (20)

SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptxSYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
ajajkhan16
 
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
ajajkhan16
 
mini project Presentation and details of the online plateforms.pptx
mini project Presentation and details of the online plateforms.pptxmini project Presentation and details of the online plateforms.pptx
mini project Presentation and details of the online plateforms.pptx
ajajkhan16
 
first ppt online shopping website and all.pptx
first ppt online shopping website and all.pptxfirst ppt online shopping website and all.pptx
first ppt online shopping website and all.pptx
ajajkhan16
 
Presentation - Smart Vigilance System.pptx
Presentation - Smart Vigilance System.pptxPresentation - Smart Vigilance System.pptx
Presentation - Smart Vigilance System.pptx
ajajkhan16
 
loundry app and its advantages Final ppt.pptx
loundry app and its advantages Final ppt.pptxloundry app and its advantages Final ppt.pptx
loundry app and its advantages Final ppt.pptx
ajajkhan16
 
hill cipher with example and solving .pdf
hill cipher with example and solving .pdfhill cipher with example and solving .pdf
hill cipher with example and solving .pdf
ajajkhan16
 
data ebncryption standard with example.pptx
data ebncryption standard with example.pptxdata ebncryption standard with example.pptx
data ebncryption standard with example.pptx
ajajkhan16
 
block cipher and its principle and charateristics.pptx
block cipher and its principle and charateristics.pptxblock cipher and its principle and charateristics.pptx
block cipher and its principle and charateristics.pptx
ajajkhan16
 
searchengineAND ALL ppt-171025105119.pdf
searchengineAND ALL ppt-171025105119.pdfsearchengineAND ALL ppt-171025105119.pdf
searchengineAND ALL ppt-171025105119.pdf
ajajkhan16
 
CRAWLER,INDEX,RANKING AND ITS WORKING.pptx
CRAWLER,INDEX,RANKING AND ITS WORKING.pptxCRAWLER,INDEX,RANKING AND ITS WORKING.pptx
CRAWLER,INDEX,RANKING AND ITS WORKING.pptx
ajajkhan16
 
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptxSTACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
ajajkhan16
 
RQP reverse query processing it's application 2011.pptx
RQP reverse query processing it's application 2011.pptxRQP reverse query processing it's application 2011.pptx
RQP reverse query processing it's application 2011.pptx
ajajkhan16
 
search engine and crawler index ranking .pptx
search engine and crawler index ranking .pptxsearch engine and crawler index ranking .pptx
search engine and crawler index ranking .pptx
ajajkhan16
 
NoSQL 5 2_graph Database Edited - Updated.pptx.pptx
NoSQL 5 2_graph Database Edited - Updated.pptx.pptxNoSQL 5 2_graph Database Edited - Updated.pptx.pptx
NoSQL 5 2_graph Database Edited - Updated.pptx.pptx
ajajkhan16
 
Programming in python and introduction.ppt
Programming in python and introduction.pptProgramming in python and introduction.ppt
Programming in python and introduction.ppt
ajajkhan16
 
STORMPresentation and all about storm_FINAL.pdf
STORMPresentation and all about storm_FINAL.pdfSTORMPresentation and all about storm_FINAL.pdf
STORMPresentation and all about storm_FINAL.pdf
ajajkhan16
 
39.-Introduction-to-Sparkspark and all-1.pdf
39.-Introduction-to-Sparkspark and all-1.pdf39.-Introduction-to-Sparkspark and all-1.pdf
39.-Introduction-to-Sparkspark and all-1.pdf
ajajkhan16
 
21-RDF and triplestores in NOSql database.pptx
21-RDF and triplestores in NOSql database.pptx21-RDF and triplestores in NOSql database.pptx
21-RDF and triplestores in NOSql database.pptx
ajajkhan16
 
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdfComputer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
ajajkhan16
 
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptxSYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
SYMMETRIC CYPHER MODELS WITH SUITABLE DIAGRAM.pptx
ajajkhan16
 
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
6. PRESENTATION REAL TIME OBJECT DETECTION.pptx
ajajkhan16
 
mini project Presentation and details of the online plateforms.pptx
mini project Presentation and details of the online plateforms.pptxmini project Presentation and details of the online plateforms.pptx
mini project Presentation and details of the online plateforms.pptx
ajajkhan16
 
first ppt online shopping website and all.pptx
first ppt online shopping website and all.pptxfirst ppt online shopping website and all.pptx
first ppt online shopping website and all.pptx
ajajkhan16
 
Presentation - Smart Vigilance System.pptx
Presentation - Smart Vigilance System.pptxPresentation - Smart Vigilance System.pptx
Presentation - Smart Vigilance System.pptx
ajajkhan16
 
loundry app and its advantages Final ppt.pptx
loundry app and its advantages Final ppt.pptxloundry app and its advantages Final ppt.pptx
loundry app and its advantages Final ppt.pptx
ajajkhan16
 
hill cipher with example and solving .pdf
hill cipher with example and solving .pdfhill cipher with example and solving .pdf
hill cipher with example and solving .pdf
ajajkhan16
 
data ebncryption standard with example.pptx
data ebncryption standard with example.pptxdata ebncryption standard with example.pptx
data ebncryption standard with example.pptx
ajajkhan16
 
block cipher and its principle and charateristics.pptx
block cipher and its principle and charateristics.pptxblock cipher and its principle and charateristics.pptx
block cipher and its principle and charateristics.pptx
ajajkhan16
 
searchengineAND ALL ppt-171025105119.pdf
searchengineAND ALL ppt-171025105119.pdfsearchengineAND ALL ppt-171025105119.pdf
searchengineAND ALL ppt-171025105119.pdf
ajajkhan16
 
CRAWLER,INDEX,RANKING AND ITS WORKING.pptx
CRAWLER,INDEX,RANKING AND ITS WORKING.pptxCRAWLER,INDEX,RANKING AND ITS WORKING.pptx
CRAWLER,INDEX,RANKING AND ITS WORKING.pptx
ajajkhan16
 
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptxSTACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
STACK 20 INTERVIEW QUESTIONS and answers for interview.pptx
ajajkhan16
 
RQP reverse query processing it's application 2011.pptx
RQP reverse query processing it's application 2011.pptxRQP reverse query processing it's application 2011.pptx
RQP reverse query processing it's application 2011.pptx
ajajkhan16
 
search engine and crawler index ranking .pptx
search engine and crawler index ranking .pptxsearch engine and crawler index ranking .pptx
search engine and crawler index ranking .pptx
ajajkhan16
 
NoSQL 5 2_graph Database Edited - Updated.pptx.pptx
NoSQL 5 2_graph Database Edited - Updated.pptx.pptxNoSQL 5 2_graph Database Edited - Updated.pptx.pptx
NoSQL 5 2_graph Database Edited - Updated.pptx.pptx
ajajkhan16
 
Programming in python and introduction.ppt
Programming in python and introduction.pptProgramming in python and introduction.ppt
Programming in python and introduction.ppt
ajajkhan16
 
STORMPresentation and all about storm_FINAL.pdf
STORMPresentation and all about storm_FINAL.pdfSTORMPresentation and all about storm_FINAL.pdf
STORMPresentation and all about storm_FINAL.pdf
ajajkhan16
 
39.-Introduction-to-Sparkspark and all-1.pdf
39.-Introduction-to-Sparkspark and all-1.pdf39.-Introduction-to-Sparkspark and all-1.pdf
39.-Introduction-to-Sparkspark and all-1.pdf
ajajkhan16
 
21-RDF and triplestores in NOSql database.pptx
21-RDF and triplestores in NOSql database.pptx21-RDF and triplestores in NOSql database.pptx
21-RDF and triplestores in NOSql database.pptx
ajajkhan16
 
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdfComputer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
Computer-Operator-and-Programming-Assistant-COPA-Learn-Tech-Anywhere-1.pdf
ajajkhan16
 
Ad

Recently uploaded (20)

Compiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptxCompiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptx
RushaliDeshmukh2
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
fluke dealers in bangalore..............
fluke dealers in bangalore..............fluke dealers in bangalore..............
fluke dealers in bangalore..............
Haresh Vaswani
 
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
inmishra17121973
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Compiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptxCompiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptx
RushaliDeshmukh2
 
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G..."Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
"Feed Water Heaters in Thermal Power Plants: Types, Working, and Efficiency G...
Infopitaara
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Smart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineeringSmart Storage Solutions.pptx for production engineering
Smart Storage Solutions.pptx for production engineering
rushikeshnavghare94
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
DATA-DRIVEN SHOULDER INVERSE KINEMATICS YoungBeom Kim1 , Byung-Ha Park1 , Kwa...
charlesdick1345
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
fluke dealers in bangalore..............
fluke dealers in bangalore..............fluke dealers in bangalore..............
fluke dealers in bangalore..............
Haresh Vaswani
 
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
211421893-M-Tech-CIVIL-Structural-Engineering-pdf.pdf
inmishra17121973
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Ad

Unit-4 Cybercrimes-II Mobile and Wireless Devices.ppt

  • 2. Tools and Methods used in Cybercrime
  • 3. Various tools used for the attack  Proxy severs and Anonymizers  Phishing  Password cracking  Keyloggers and spywares  Virus and Worms  Trojan horses and Backdoors
  • 4. 1. Proxy severs and Anonymizers  A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service.  A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.
  • 5. Purpose of a proxy server  Improve Performance:  Filter Requests  Keep system behind the curtain  Used as IP address multiplexer  Its Cache memory can serve all users Attack on this: the attacker first connects to a proxy server- establishes connection with the target through existing connection with the proxy.
  • 6. An Anonymizer  An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable.  It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet.  It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.  For example, large news outlets such as CNN target the viewers according to region and give different information to different populations
  • 7. 2. Phishing Phishing is a type of cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime.  Stealing personal and financial data  Also can infect systems with viruses  A method of online ID theft
  • 8. How Phishing works? 1. Planning : use mass mailing and address collection techniques- spammers 2. Setup : E-Mail / webpage to collect data about the target 3. Attack : send a phony message to the target 4. Collection: record the information obtained 5. Identity theft and fraud: use information to commit fraud or illegal purchases
  • 9. 3. Password Cracking  password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.  A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
  • 10. The purpose of password cracking  help a user recover a forgotten password  to gain unauthorized access to a system,  or as a preventive measure by System Administrators to check for easily crackable passwords
  • 11. Manual Password Cracking Algorithm  Find a valid user •Create a list of possible passwords •Rank the passwords from high probability to low •Key in each password •If the system allows you in - Success •Else try till success
  • 12. examples of guessable passwords  Blank  Words like “passcode” ,”password”,“admin”  Series of letters “QWERTY”  User’ s name or login name  Name of the user’s friend/relative/pet  User’s birth place, DOB  Vehicle number, office number ..  Name of celebrity  Simple modification of one of the precedings, suffixing 1 …
  • 13. Categories of password cracking attacks:  Online attacks  Offline attacks  Non-electronic attacks ◦ Social engineering ◦ Shoulder surfing
  • 14. Online attacks  An attacker may create a script- automated program- to try each password  Most popular online attack;- man-in-the-middle attack or bucket-brigade attack  Used to obtain passwords for E-mail accounts on public websites like gmail, yahoomail  Also to get passwords for financial websites
  • 15. Offline attacks  Are performed from a location other than the target where these passwords reside or are used  Require physical access to the computer and copying the password
  • 16. Types of Password Attacks  Password Guessing ◦ Attackers can guess passwords locally or remotely using either a manual or automated approach  Dictionary attacks ◦ work on the assumption that most passwords consist of whole words, dates, or numbers taken from a dictionary.  Hybrid password ◦ assume that network administrators push users to make their passwords at least slightly different from a word that appears in a dictionary.
  • 17. Weak passwords  The password contains less than eight characters  The password is a word found in a dictionary (English or foreign)  The password is a common usage word such as:  Names of family, pets, friends, co-workers, fantasy characters, etc.  Computer terms and names, commands, sites, companies, hardware, software.  The words "<Company Name>", "sanjose", "sanfran" or any derivation.  Birthdays and other personal information such as addresses and phone numbers.  Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.  Any of the above spelled backwards.  Any of the above preceded or followed by a digit (e.g., secret1,1secret
  • 18. Strong Passwords  Contain both upper and lower case characters (e.g., a-z,A-Z)  Have digits and punctuation characters as well as letters e.g., 0-9, @#$%^&*()_+|~- =`{}[]:";'<>?,./)  Are at least eight alphanumeric characters long.  Are not a word in any language, slang, dialect, jargon, etc.  Are not based on personal information, names of family, etc.  Passwords should never be written down or stored on-line.  Try to create passwords that can be easily remembered.  One way to do this is create a password based on a song title, affirmation, or other phrase.  For example, the phrase might be: "This May Be One Way To Remember"  and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
  • 19. Random passwords  Secure Password Generator  Password Length:  Include Symbols:  ( e.g. @#$% )  Include Numbers:  ( e.g. 123456 )  Include Lowercase Characters:  ( e.g. abcdefgh )  Include Uppercase Characters:  ( e.g.ABCDEFGH )  Exclude Similar Characters:  ( e.g. i, l, 1, L, o, 0, O )  Exclude Ambiguous Characters:  ( { } [ ] ( ) / ' " ` ~ , ; : . < > )  Generate On The Client Side:  ( do NOT send across the Internet )  Auto-Select:  ( select the password automatically )  Save My Preference:  ( save all the settings above for later use )  Load My Settings Anywhere:  URL to load my settings on other computers quickly  Your New Password:  Remember your password:  Remember your password with the first letters of each word in this sentence.  To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, you should notice that:  1. Do not use the same password for multiple important accounts.  2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.  3. Do not use the names of your families, friends or pets in your passwords.  4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.  5. Do not use any dictionary word in your passwords.  6. Do not use something that can be cloned( but you can't change ) as your passwords, such as your fingerprints.  7. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be revealed easily.  8. Do not log in to important accounts on the computers of others, or when connected to a publicWi-Fi hotspot,Tor, freeVPN or web proxy.  9. Do not send sensitive information online via HTTP or FTP connections, because messages in these connections can be sniffed with very little effort.You should use encrypted connections such as HTTPS and SFTP whenever possible.  10.When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a privateVPN on your own server( home computer, dedicated server orVPS ) and connect to it.Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY.Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, he'll won't be able to steal your data and passwords from the encrypted streaming data.  11. How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company's server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.  To check the strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your passwords to MD5 hashes on this MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is "0123456789A", using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it?You can perform the test yourself.  12. It's recommended to change your passwords every 10 weeks.  13. It's recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.  14. Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.  15.Turn on 2-step authentication whenever possible.  16. Do not store your critical passwords in the cloud.  17.Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not a phishing site before entering your password.  18. Protect your computer with firewall and antivirus software, download software from reputable sites only, and verify the MD5 or SHA1 checksum of the installation package whenever possible.  19. Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.  20. If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it's necessary.  21. If you're a webmaster, do not store the users passwords in the database, you should store the salted hash values of passwords inste
  • 20. 4. keyloggers  Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.  It has uses in the study of human–computer interaction.  There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis.
  • 21. Software-based keyloggers  Software-based keyloggers use the target computer’s operating system in various ways, including: imitating a virtual machine, acting as the keyboard driver (kernel- based), using the application programming interface to watch keyboard strokes (API-based), recording information submitted on web-based forms (Form Grabber based) or capturing network traffic associated with HTTP POST events to steal passwords (Packet analyzers).  Usually consists of two files DLL and EXE
  • 22. Hardware keyloggers  installing a hardware circuit between the keyboard and the computer that logs keyboard stroke activity (keyboard hardware).  Target- ATMs
  • 23. Acoustic keylogging  Acoustic keylogging monitors the sound created by each individual keystroke and uses the subtly different acoustic signature that each key emits to analyze and determine what the target computer’s user is typing.
  • 24. AntiKeylogger  An anti-keylogger (or anti–keystroke logger) is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logger software on your computer.
  • 26. Spywares  Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge
  • 27. 6.Trojan horses and Backdoors  A Trojan horse, or Trojan, in computing is generally a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm
  • 28. Examples of threats by trojans  Erase, overwrite or corrupt data on a computer  Help to spread other malware such as viruses- dropper trojan  Deactivate or interface with antivirus and firewall programs  Allow remote access to your computer- remote access trojan  Upload and download files  Gather E-mail address and use for spam  Log keystrokes to steal information – pwds, CC numbers  Copy fake links to false websites  slowdown, restart or shutdown the system  Disable task manager  Disable the control panel
  • 29. Backdoors  A backdoor in a computer system is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.  Also called a trapdoor.An undocumented way of gaining access to a program, online service or an entire computer system.  The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.
  • 30. Functions of backdoors Allows an attacker to  create, delete, rename, copy or edit any file  Execute commands to change system settings  Alter the windows registry  Run, control and terminate applications  Install arbitrary software and parasites  Control computer hardware devices,  Shutdown or restart computer
  • 31. Functions of backdoors  Steals sensitive personal information, valuable documents, passwords, login name…  Records keystrokes, captures screenshots  Sends gathered data to predefined E-mail addresses  Infects files, corrupts installed apps, damages entire system  Distributes infected files to remote computers  Installs hidden FTP server  Degrades internet connection and overall system performance  Decreases system security  Provides no uninstall feature, hides processes, files and other objects
  • 32. Examples of Backdoor trojans  Back Orifice : for remote system administration  Bifrost : can infect Win95 through Vista, execute arbitrary code  SAP backdoors : infects SAP business objects  Onapsis Bizploit: Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment
  • 33. How to protect from Trojan Horses and backdoors  Stay away from suspect websites/ links  Surf on the web cautiously : avoid P2P networks  Install antivirus/ Trojan remover software