Desktop Phishing Tutorial - The Art of Phishing

Desktop phishing is another type of Phishing. In desktop phishing hackers change your Windows/System32/drivers/etc/hosts file, this file controls the internet browsing in your PC.This method is a bit advanced and if you are a newbie then I would recommend you to read the following posts first:

•  How to hack facebook password
•  4 ways to hack facebook password
•  Sniperspy keylogger For Mac OS Launched

Difference between phishing and desktop phishing is as follows.

In phishing

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.
2.Victim enters his credentials in fake login page that goes to attacker.
3. Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by
looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing

1. Attacker sends an executable file to victim and victim is supposed to double click on it. Attacker's job is done.
2. Victim types the domain name of orignal/genuine website and is taken to our fake login page.
But the domain name remains the same as typed by victim
and victim doesn't come to know.
3. Rest of the things are same as in normal phishing.


What is Hosts File ?

The hosts file is a text file containing domain names and IP address associated with them.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\, Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is the attack ?
 
I hope you have got an idea that how modification of this hosts file on victim's computer can be misused.
We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page.Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

Steps to perform attack 

1. Host phishing page on your computer.
Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.

Download the wamp or xampp.

• Copy your phishing page and paste it in the WWW directory in wamp, the default path is "C:\Wamp\WWW" 

• Run Wamp server on your pc

• Right click the wamp icon in the system tray and select Start all services, Visit your public IP address and you must see your phishing page

2.Modify Hosts file.
If you dont have physical access to victim's computer. Then copy your hosts file and paste anywhere.
Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case , when victim would visit gmail.com , he would be take to website hosted on IP 'xxx.xxx.xxx.xxx'.

Replace it with your public IP.
 
3. Compress hosts file such that when victim opens it, it automatically gets copied to default
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
 

The you can bind this file with any exe using a binder or directly give it to victim. He/she is supposed to click it
and you are done .

Limitation of attack
 
1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and
connect. To overcome this we need to purchase static IP from our ISP.
2. The browser may warn the victim that Digital Certificate of the website is not genuine.

If you are a beginner and want to learn Ethical Hacking then I would recommend you reading "A Beginners Guide To Ethical Hacking"

Countermeasures:-
 
Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in
web browser. Check the protocol whether it is "http" or "https" . https is secure,
For more information on https protocol see the following post:

• What is Secure Sockets Layer (SSL)?

Plus there is a piece of software called Macros which protects your hosts file

About the Author 

Aneesh M Maker is a student of University College of Engineering, Punjab, He has written several guest post on this blog, If you are interested in writing guest post read the guidelines here

Facebook Dislike Button - Beware, Scam Spreading

A new facebook scam message is spreading rapidly and has gone viral among the facebook users,  It looks like that Facebook has became most favorite play ground for spammers, After the Dad Catches Daughter on Webcam scam it seems like Facebook Dislike button has gone viral, Here is the screenshot of the Facebook dislike button scam message:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

 Now as you can see from the above screen shot the link "Activate Dislike Button" looks genuine and it appears to be where the Share button is placed. Once the victim clicks on the "Activate Dislike Button", He arrives on a page where it asks to paste a JavaScript on to his/her address bar. Once the victim does that, The same message get's posted on his/her wall.

How It Works?

As I told you above that the "Activate Dislike Button" appears where the "share" button is usually placed, This is all because of the javascript, The Javscript which the victim pastes in his/her address bar actually renames the "Share" button to "Activate Dislike Button" but the functionality of the button is same due to which the message get's posted on the victims wall.

Is it a Virus?

Yes it is, When I clicked on the "Activate Dislike Button" it brought me a to page where I was asked to paste the javascript, suddenly my Antivirus(AVG) popped up indicating the virus to be some kind of "Social Engineering(Security)type 1710" virus.

It looks to me as it's a part of russian malware, Which once executed properly will leak your email passwords like Facebook, Yahoo, hotmail, Ebay, Paypal etc to the hacker.

Virtox Virus Mis-belief

Some of websites I came across which were telling that it's a Virtox virus, but the truth is that there is no such virus known as "Virtox" and it might be made up by a person who started this scam

Low Antivrus Detection Rate


I used Virus total's URL scanner for analyzing it and I was really shocked to see the antivirus detection rate to be as low as 5/42, Here is the screenshot:

Warning

This whole testing process was performed in a virtual environment, Don't Attempt to try it on your own computer or you will result in infecting your self, If you think that you have been infected, Scan your system with a Good Antivirus.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

DAD CATCHES DAUGHTERS ON WEBCAM - Beware Facebook Viral Scam

As Facebook is one of the most widely used social networking website around, It is being hit by lots of viral scams, Today I just came across one of those viral scams when one of my friend on facebook shared a link on his wall, "[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI", The title of the link looked suspicious to me so i thought to figure out exactly what was going around.

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI[LINK]two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

When I clicked on it, I was redirected to a page where I was asked to click a button to play the video, The moment I saw it I noticed that it was a flash file and was not a real video.

This was just to fool the users and making them download the adobe flash plugin in order to play the video, Once I clicked on the button "Download Codec", A file named Freecodec.exe started to download, which made me think if it's a keylogger or a trojan but the file happened to be clean according to the "No virus thanks 32 Scanner".

Ultimately I was redirected to a webpage which was promoting a tool called Profile Stylez and the Freecodec.exe was the installation file for the Profile Stylez tool.

After viewing the source code of the page I found the following line of code which was responsible for spreading the link to your facebook wall, Any one with the basic knowledge of Html and IFrame would certainly know what this code is exactly doing, Here we actually discover a vulnerability in like.php code which abuses users trust for viral spreading of the links.

<iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=www.blackinfopages.com%2Fi?4dcef0f134a10&amp;send=true&amp;layout=standard&amp;width=450&amp;show_faces=true&amp;action=like&amp;colorscheme=light&amp;font&amp;height=80" style="border: none; height: 80px; overflow: hidden; width: 450px;"></iframe>

Lastly I scanned the file Freecodec.exe on http://www.virustotal.com as I was a bit unsatisfied Novirusthanks due to my experience in past and guess what Symantec antivirus and VBA32 recognized it as a Trojan.Dropper.

Master Plan

So according to me the master plan was actually promote the tool and at the same time install malware in to victims computer and control their computers at the same time.

Security Measures

• Avoid clicking on those posts titles which have words such as "OMG, WOW, DAMN" they are most likely to do the same thing
• Always install any kind of Plugins and codecs from the official website, You might be installing malware along with the plugin.
• Always scan a file with an online virus scanner such as virustotal before running it on your own computer.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.

If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

Learn Website Hacking And Security With DVWA Tools

Lots of readers often ask me How can I be good at website hacking and web application security, The thing is that even if you have an idea of how some popular website application attack work but still you need a safe environment to practice what you have learned because you are not allowed to access any website even for testing purposes unless and until you are not authorized to do that, This is where Damn vulnerable web app(DVWA) comes into play
Basically Damn vulnerable web app(DVWA) PHP/MySQL web app which is Damn vulnerable, DVWA web app allows you to learn and practice web application attacks in a safe environment, It's latest version is DVWA 1.7.

Web Hacking and Security related articles on RHA

• Flood a website with denial of service attack
• Common methods to hack a website
• Website Hacking with Directory Transversal attacks

Vulnerabilities

• SQL Injection
• XSS (Cross Site Scripting)
• LFI (Local File Inclusion)
• RFI (Remote File Inclusion)
• Command Execution
• Upload Script
• Login Brute Force
• Blind SQL Injection 

And much more.

Official warning

It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

Installation Guide

You can download DVWA 1.0.4 here, below I am posting a video which will tell you step by step how to install DVWA tools on your computer and practice website Hacking

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok 

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

How To Secure Your Wordpress Blogs?

Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break a website, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website.
 As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure:

Secure WP-Admin By IP

Let suppose if someone can get the ability(username & Password) to enter into your website WP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.

Order deny,allow
Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX


Protect WP-Config.php File

WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of your website.

Access .htaccess file is located at the root your WordPress installation open it and paste the following code.

order allow,deny
deny from all



Hide WordPress Version Number

You must hide the version of your wordpress because an attacker may find the available exploit by searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it.

This tag is in the header.php file that displays your current version of wordpress

Copy and paste the code in the functions.php file of your theme and than you are done.


remove_action('wp_head', 'wp_generator');

Remove Error Message From Login Screen 

This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code.

add_filter('login_errors',create_function('$a', \"return null;\"));


Some Other Security Tips

Use your mind because mind is an essential part to secure yourself on the jungle of web.

• Create strong passwords that are not easily be guess or crack.

• Secure your own side(your computer) from different malware.

• Make regular backup of your blog.

• Update your wordpress to latest version

• Use SSH instead of FTP

• Avoid using your account on public places

• You must be ware on different attacks to secure yourself.

About The Author

This post is written by an Irfan Shaeel An Ethical hacker and Penetration tester, Irfan blogs At his blog Ehacking.net

Finding A Spoofed Website With A Javascript

Lots of people think that Javascript is an inferior language but Javascript is an extremly powerful language and those people who think the other way they either don't know how to use it or are not familiar with it's capabilities, With javascript you can do lots of cool things such as edit any page, make an image fly etc, but it is a waste of time to spend your time on making images fly with javascripts or editing a page.
Anyways coming to the main topic, did you know that javascript can be used to detect if a page is a spoofed website or phishing website or a legit one, well if you don't know just paste the following code in to the address bar and a pop up will appear telling you whether the website is original or not
Here is the Javascript code:

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");

Beware - New Hotmail Account Scam Alert

Every day I hear people complaining that their hotmail account is hacked, Now as I have told couple of times before in my previous posts related to email hacking that there are only two foolproof methods i.e. Phishing and keylogging which are mostly used to hack email accounts.
Today I received an email in my hotmail inbox the email looked as it was from "Windows Live Team" and the subject of the email was "Hotmail Account Alert"

Here is the screen shot of how the email looked like:

"Dear Account Owner


Due to the congestion in all Windows Live Account we are removing all unused Account, Windows Live would be shutting down all unused and unconfirmed Account, You are hereby ask to confirm your Account by filling out your Login Information below after clicking the reply button. Your Accounts will be suspended within 48 hours for security reasons if you refuse to reply this message.


* Username:
* Password:
* Date of Birth:
* Country Or Territory:


After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience.


Sincerely,
The Windows Live Team"

If any one of you have received these kinds of emails, The email is 100% Fake and it is not from a Windows Live team and is a attempt to hack your hotmail or any other password, Hotmail and windows live team employees will never ask for Password,

It's quite impressive to see that Hackers now a days instead of using complicated methods such as Phishing and Keylogging are using social engineering to get the work done, because now a days lots of modern browsers have Phishing filter by default so these types of attacks get detected easily and hackers do not want to waste their time in making the servers Fully Un detectable(FUD), instead they are using a simple social engineering attack which does require any softwares and other resources.

Have you ever received these kinds of email scams? 

Securing Your Network From Hackers With HoneyPots?

First thing any hacker would do to compromise any network is gathering information passively and seeking vulnerable services as well as ports. And this is where Honeypots play a role of fake vulnerability in network.
Honeypots are fake theoretically, but not practically. They are real vulnerabilities in Network intentionally kept open & designed to gather information about the possible attack / attacker.

How Honeypots Work?

This fake vulnerability attracts any hacker towards it & he would try to compromise it. The Honeypot will itself stores the data regarding how hacker is trying to break it, what tools he might be using, his intentions, keystrokes and many such things.

This information is useful to network security administrator in many ways. Generally the attack is not done in one shot. Hackers try some initial attacks. And based on its results he hacks into major network flaws after some days.

So Honeypots help security people to secure the networks from the information they have gathered from initial attack. They are called as honey pots only because they are made available in network of vulnerabilities like Honey Comb.

Are Honeypots Vulnerable itself?

Sure they are. There are lot of smart ass hackers – who if anyhow come to know that they are dealing with Honeypots, They can totally screw things up.

Because, they are actually dealing with the system file in the network. So they are already inside it without any breakdown. If they can compromise this fake vulnerability Honeypot i.e. that they can surely break in to the system in less time.

Vulnerability is a vulnerable after all & Honeypots too. But there are very rare chances for attacker to identify it & needs great experience. So, planting Honeypot into any network architecture would be a more secure scenario for any host or network.

About The Author

Amol wagh is a tech blogger and an Ethical hacker, He writes at his blog Hackersengima, If you are interested in writing a guest post on your blog kindly read the guidelines here

Detect FireSheep on your Network with Blacksheep

Recently I wrote about Firesheep a firefox plugin in my post Firesheep makes Facebook Hacking easy which uses a sidejacking or session Hijacking attack to acess a Facebook account on a Wifi network, In this tutorial I will tell about an awesome Firefox addon which can be used to detect firesheep on your network to keep it safe, The addon I am talking about is known as "Blacksheep" its code is almost similar to the one for firesheep but the only difference is that it is used for security purposes

If some one is using Firesheep on your network you can detect it easily with blacksheep, It pops an image like below if some one is using a firesheep on your network

Note:Blacksheep wont protect sidejacking or session hijacking done by firesheep it can just detect if some one is using firesheep on your network


How to install and use blacksheep?

Here is a video which shows how to use Blacksheep to detect firesheep on your network:

An overview of Intrusion Detection System

An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network.
An intrusion detection system has a number of sensors that is used to detect unwanted or unexpected flow of network traffic, the major sensors as follows:

• A sensor monitor log files
• A sensor monitor TCP ingoing or outgoing connections

How Intrusion Detection System Works?

Intrusion detection system works by collecting information and then examining it. IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.

o An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked.
o We can mainly categorize an IDS into two type:

1. NIDS (Network Intrusion Detection Systems).
2. HIDS (Host Intrusion Detection Systems)

There is still a question, why we use IDS if there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, where as the IDS is deployed to monitor traffic in vital segments in the network, generating alerts when an intrusion is detected.

A firewall has got holes to let things through, without it you wouldn't be able to access the Internet or send or receive emails, there are different ways to bypass or cheat a firewall.
Snort is an excellent open source Network Intrusion Detection System, OSSEC is an Open Source Host-based Intrusion Detection System.

Below is an an overview of the basic architecture as well as practical examples of how to customize Open Source Host-based Intrusion Detection System to manage logging from your infrastructure and applications.




About The Author 

This is a guest post written by Irfan Shakeel. The author is an Ethical Hacker and Internet searcher and blogs at http://www.beautyofthebaud.co.cc/

Hide Keyloggers and Trojans with Binders

You would have probably heard that never run a .exe file if you are not confirmed about the authenticity of the person who send you that particular file, The reason why you might have heard that because Trojans, Keylogger, Spywares and Adwares use .exe format by default


So what do you think are you completely safe that you run untrusted MP3,JPEG files?

The answer is no, Its because you never know that virus has came with which format, It can take any format, It could be in JPEG, It could be in MP3 and it could be in almost any Format, So in this article I will tell you how hackers hide Keyloggers,Trojans and other harmful viruses in other files

 What is a Binder?

 A Binder is a software used to bind or combine to or more files under one name and extension, The files to be binded can have any extension or icon, Its all up to you and you have the choice to select the name, icon and various attributes of binded file, The Binded files can be even worse when they are crypted, because Bintext would not be able to find it and at the same time it could also bypass antivirus detection then you are almost guaranteed to be infected


Popular Binders

Here are some of the popular binders used by hackers to hide keyloggers and Trojans:

Simple Binder

Simple binder is one of my favorite binders of all time, I give thumbs up to the maker "Nathan", Its so easy to use and even a script kiddie can easily use it to bind keylogger or backdoors with other files


Weekend Binder

Weekend Binder can be used to bind two or more files under one extension and icon, If the binded file contains an application, the application also runs along with the actual binded files .


How to detect Crypted Binded files?

As I told you before that if a trojan or keylogger is binded with a file and it's crypted in order to bypass antivirus detection then its very difficult to detect it, However there is a great piece of software called resource hacker which is really effective when it comes to keylogger protection, It detects whether the file is binded or not.

What is Secure Sockets Layer (SSL)?

You might have heard some times that not to give your password or credit card information or any other sensitive information on public computers or on Msn, yahoo etc chats.The reason why you might have heard that the Hackers have some ways to you would have probably heard that hackers have a way to steal your your credit card numbers , passwords etc.
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information

Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.

Cryptography


If two users want to have a secure communication they can also use cryptography to accomplish it

For example:

TFDVSF=Encrypted Text

SECURE= Decrypted Text

You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is "1", What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video



So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data

Standard Communication VS Secure communication

Suppose there exists two communication parties A (client) and B (server)

Standard communication(HTTP)


When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say "Password" it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.This scenario is illustrated using the following figure

Secure communication(HTTPS)

In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.This scenario is illustrated using the following figure

How is HTTPS implemented?

A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.

Which websites need SSL Certificate?

The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate

How to identify a Secure Connection?

In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.

If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.

How To Create Strong Passwords?

As you know that passwords are the only form of security available now a days, Its really important for one to create a strong passwords,
Keeping a weak passwords can make you vulnerable to attacks such as Brute force, Dictionary attacks, Rainbow Tables etc.
So in this article I will tell you to create a strong password so you can secure your account from getting hacked

What makes a strong password?

A password can be considered strong if it contains following things:

• It needs to contain special characters such as @#$%^&
• It must be at least 8 characters long.
• It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary,(This will prevent you from getting hacked by a Dictionary Attack)
• a variation of capitalization and small letters

Alternatively there is a website named www.strongpasswordgenerator.com which automatically generates a strong password for you, The website allows you to choose a password length and also gives you hints through which you can easily memorize the password

Hope you liked the post ! Pass the comments

Mac Security Software - Secure Mac OS

The area of Mac security software is fairly broad to Mac users. The primary aspects of security software for the Mac are antivirus programs, patches and updates for the Mac OS X, and updates from commonly used applications such as web browser Safari, Adobe Shockwave, and Google Chrome.

In general, Mac users should be kept up-to-date on security fixes for all of the listed primary items above. Applying fixes will be automatic in the case of a program like Google Chrome while the Adobe Shockwave product will inform you of updates so long as you are connected to the Internet.
Security vulnerabilities can reach in to Mac email applications as well to where you have what are known as botnets putting out spam email messages using your Mac. That is why you want an antivirus program that is robust and will provide you with security monitoring for emails as well as your hard disk and web site usage. Along with that, it is important to stay current on the latest Mac OS X fixes that apply to your operating system. Checking with Apple's website to ensure your current with security fixes is a good way to confirm the facts. There are also web blogs particular to Mac users that will indicate the latest Mac security software issues and fixes for widely-used products such as Safari.

Antivirus programs are plentiful for the latest Mac OS X versions in use. It becomes harder to find support for antivirus software on older Mac OS X versions. Be aware of end-of-life software so that you are not caught short when it comes to security. The latest trojan horse viruses that are attacking Mac users are also a good thing to be aware of even if you have solid antivirus program software.

Computer security is a big issue and is constantly playing catch up to those who exploit operating systems flaws, browser code weaknesses, and application program security flaws. Security flaws also exist in such ancillary programs the Mac uses such as Java. Java is used heavily for web-based communications and applications. Exploitations of Java can lead to corruption of your local system hard disk and data files.

To avoid suffering the maladies of a compromised Mac computer system, always stay on top of the latest Mac security software fixes and visit trusted web sites while quickly aborting any unfamiliar web site to you that you were referred to or found wherein you see a lot of pop up advertising and free software checks of your Mac hard disk or statements about your Mac may be infected.

For those Mac users that also run a Windows volume or partition, it is wise to have an equally running antivirus program on the Windows side. There are viruses that will go between both the Windows and Mac sides of your Mac computer. In fact, MS Office products that use visual basic along with macro commands are notorious for impacts from malware and trojans.

The use of a robust antivirus program that will monitor both your Windows and Mac volumes, folders and files is that way to go.

How to protect your computer from keyloggers?

Keyloggers have been a major problem today as once they get installed in your computer the hacker can get almost any information, I have written couple of posts on keylogging and reviewed some of the best keyloggers available now a days
The program which are specially used to detect and protect your computers from keyloggers are Antiloggers, I have tested lots of Antiloggers and found Zemana Antilogger only which is capable of detecting almost every keylogger.
Normally a keylogger is detected by a good antivirus or Antispyware program, but hackers use some methods such as crypting, hexing, binding etc through which the keylogger can easily Antivirus as well as Antispyware program

Zemana AntiLogger now covers pretty much every aspect of Windows including registry modification and dll injection prevention and protects Windows from other spyware-related techniques with Anti-Keylogger, Anti-SreeenLogger, Anti-WebLogger and Anti-ClipboardLogger tools of its own. Another useful feature this apps has is while-list approach (in contrast to Anti-Virus blacklist approach) meaning it automatically recognizes "safe" programs and does not treat them as "suspects"

For more information on this program and download details visit the following link
Zemana Antilogger Download

Here are some of the articles I have written on keylogging from the past:

Sniperspy Keylogger for Mac OS Launched
How to use sniperspy to hack passwords
Hack Facebook password using Winspy keylogger
Remote Password spying softwares
Abobo keylogger for Mac OS
All spy keylogger - The complete review