Live Map Shows Thousands of Cyber Attacks as They Happen
Sony got nuked, said
one security expert. But it’s hardly the only attack aimed at a major
corporation. Tens of thousands of cyber-attacks are launched every second – a
majority of which are directed at the United States – but few have the impact
that can force a Hollywood studio to cancel a film.
“There’s really no
other word for it,” said Kurt Stammberger, a security expert and vice president
for marketing at Norse, a cyber-security firm specializing in live attack
intelligence. “What’s happening at Sony is really the nightmare scenario for
every organization.”
The Northern
California-based company, which provides live intelligence data to companies
such as HP, has an interactive map of cyber-attacks on its website where users
can watch the action as its happening.
“It’s a little bit like
the weather – it comes and goes in storms and bursts,” said Stammberger.
Except, unlike the
weather, the attacks, represented by streaks of colored lines, is only one
tenth of one percent of all cyber-attacks. The whole map would be covered if it
were to show every attack, so a random sample is all that’s shown.
Norse is able to come
up with this data by placing more than eight million bait computers, or what
they call “honeypots,” in 167 different data centers and 47 different countries
where they’re attacked by hackers who think the bait machines hold credit card
numbers or other sensitive information.
While the continuous
barrage of cyber-attacks makes for an engaging map that looks more like a
hacker version of the board game Risk, it highlights how pervasive cybercrime
and cyber-attacks are in this day and age when megabytes if not gigabytes of
our own personal information and financial records are stored and collected in
servers where we can’t attest to its level of protection.
Thankfully, it’s not
just defense for the good guys. See the mysterious node object on the map in
the ocean just southwest of Africa? It’s not a ship or even an island full of
hackers unleashing attacks. The node represents attacks launched on the
offensive by the U.S. government, placed in the ocean to shield the location of
where the attack is originating.
Trojans, Viruses and Worms
Introduction:
Computers
have become mandatory to run a successful businesses. It is not enough to have
isolated computers systems; they need to be networked to facilitate
communication with external businesses. This exposes them to the outside world
and cybercrime. Cybercrime is using computers to commit fraudulent acts such as
fraud, privacy invasion, stealing corporate/personal data etc. Cybercrimes cost
many organizations millions of dollars every year. Businesses need to protect themselves
against such attacks.
How can they protect themselves?
In this article, we will introduce you to ethical
hacking.
Topics covered:
·
Common hacking terminologies
·
What is cybercrime?
·
Types of cybercrime
·
What is ethical hacking?
·
Why ethical hacking?
·
Legality of ethical hacking
·
Summary
What is hacking?
There are many
definitions of hacking. In this article, we will define hacking as identifying
weakness in computer systems and/or networks and exploiting the weaknesses to
gain access. An example of hacking is using by passing the login algorithm to
gain access to a system. A hacker is a person who finds and exploits weakness
in computer systems and/or networks to gain access. Hackers are usually skilled
computer programmers with knowledge of computer security. Before we go any
further, let’s look at some of the most commonly used terminologies in the
world of hacking.
Types of Hackers
Hackers are classified
according to the intent of their actions. The following list classifies hackers
according to their intent.
What is Cybercrime?
Cybercrime is the use of
computers and networks to perform illegal activities such as spreading computer
viruses, online bullying, performing unauthorized electronic fund transfers
etc. Most cybercrimes are committed through the internet. Some cyber crimes can
also be carried out using mobile phones via SMS and online chatting
applications.
Type of Cybercrime:
The following list presents the common types of cyber crimes:
Computer fraud:
Intentional deception for personal gain via the use of computer systems.
Privacy violation:
Exposing personal information such as email addresses, phone number, account
details etc. on social media, websites etc.
Identity Theft:
Stealing personal information from somebody and impersonating that person.
Sharing copyrighted files/information:
This involves distributing copyright protected files such as eBooks and
computer programs etc.
Electronic funds transfer:
This involves gaining an un-authorized access to bank computer networks and
making illegal fund transfers.
Electronic money laundering: This
involves the use of computer to launder money.
ATM Fraud: This
involves intercepting ATM card details such as account number and PIN numbers.
These details are then used to withdraw funds from the intercepted accounts.
Denial of Service Attacks:
This involves the use of computers in multiple locations to attack servers with
a view of shutting them down.
Spam: Sending
unauthorized emails. These emails usually contain advertisements.
What is ethical hacking?
Ethical hacking is
identifying weakness in computer systems and/or computer networks and coming
with counter measures that protect the weaknesses. Ethical hackers must abide
by the following rules. Get written permission from the owner of the computer
system and/or computer network before hacking. Protect the privacy of the
organization been hacked. Transparently report all the identified weaknesses in
the computer system to the organization. Inform hardware and software vendors
of the identified weaknesses.
Why ethical hacking?
Information is one of
the most valuable assets of an organization. Keeping information secure can
protect an organization’s image and save an organization a lot of money. Hacking
can lead to loss of business for organizations that deal in finance such as
PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would
otherwise lead to loss of business.
Legality of ethical
hacking
Ethical hacking is legal
if the hacker abides by the rules stipulated in the above section on the
definition of ethical hacking. The International Council of E-Commerce
Consultants (EC-Council) provides a certification program that tests individual’s
skills. Those who pass the examination are awarded with certificates. The
certificates are supposed to be renewed after some time.
Summary
Hacking is identifying
and exploiting weaknesses in computer systems and/or computer networks. Cybercrime
is committing crime with the aid of computers and information technology
infrastructure. Ethical hacking is about improving the security of computer systems
and/or computer networks. Ethical hacking is legal.
Hacking Tips
First of all, when learning hacking tips, learn the difference between hacking and cracking. Hacking is an unauthorized use, or attempts to go around the security systems of an information system or network while cracking is similar to hacking; only it is done with bad intentions. Hacking may revolve around security improvement and educational purposes. Read on to follow basic hacking tips and tricks.
There are thousands of different codes and programs used by hackers to look into computers or their networks. Once a skilled hacker knows how a system works, he can code his own program to exploit it and has power over the organization.
Useful hacking tips for beginners :
Go for passwords:
Begin with to simple algorithms to create combinations of letters, numbers and symbols and use this trial and error method for hacking passwords. The hacker needs to make educated guesses and use a dictionary attack to generate every possible combination for the password.
Log keystrokes:
The hacker can use some programs designed to review every keystroke a computer user makes, that can help in revealing the person’s identity.
Leave a virus:
Another of the hacking tips for beginners is to create simple viruses and send them out via email, instant messages to potential victims.
Spy on e-mail:
Hackers can also develop codes that lets them interrupt and read e-mail messages.
Make zombie computers:
This computer is used by the hackers to place DDoS attacks or send spams. If an innocent user clicks on the link, he opens up a connection between his computer and the hacker's.
Gain entry through the backdoor:
This is quite similar to hacking passwords. Many hackers develop codes and programs that look for defenseless pathways into network systems and enter the network without the use of any password.
How Firewalls Work
If you have been using Internet on a regular basis or working in a large company and surf the Internet while you are at work, you must have surely come across the term firewall.
You might have also heard of people saying “firewalls protect their computer from web attacks and hackers” or “a certain website has been blocked by firewall in their work place”. If you have ever wondered to know what exactly is this firewall and how it works.
How Firewalls Work?
You might have also heard of people saying “firewalls protect their computer from web attacks and hackers” or “a certain website has been blocked by firewall in their work place”. If you have ever wondered to know what exactly is this firewall and how it works.
Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while denying others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.
Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules that are most suitable under normal circumstances so that, the user need not worry much about configuring the firewall.
Personal firewalls are easy to install and use and hence preferred by end-users for use on their personal computers. However, large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs.
For example, a company may set up different firewall rules for FTP servers, Telnet servers and Web servers. In addition, the company can even control how the employees connect to the Internet by blocking access to certain websites or restricting the transfer of files to other networks. Thus, in addition to security, a firewall can give the company a tremendous control over how people use the network.
Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:
Packet Filtering: In this method, packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. If the packet manages to make it through these filters then it is allowed to reach the destination; otherwise it is discarded.
Stateful Inspection: This is a newer method that doesn’t analyze the contents of the packets. Instead, it compares certain key aspects of each packet to a database of trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a reasonable match, then the packets are allowed to travel further. Otherwise they are discarded.
Firewall Configuration:
Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:
IP addresses: In any case, if an IP address outside the network is said to be unfavorable, then it is possible to set filter to block all the traffic to and from that IP address. For example, if a certain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall.
Domain names: Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.
Ports/Protocols: Every service running on a server is made available to the Internet using numbered ports, one for each service. In simple words, ports can be compared to virtual doors of the server through which services are made available.
For example, if a server is running a Web (HTTP) service then it will be typically available on port 80. In order to avail this service, the client needs to connect to the server via port 80. Similarly, different services such as Telnet (Port 23), FTP (port 21) and SMTP (port 25) services may be running on the server.
If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.
Specific words or phrases: A firewall can be configured to filter one or more specific words or phrases so that, both the incoming and outgoing packets are scanned for the words in the filter.
For example, you may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.
Hardware vs. Software Firewall:
Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority. The software firewalls on the other hand are less expensive and hence preferred in home computers and laptops.
Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.
Why Firewall?
Firewalls provide security over a number of online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules.
However, major threats such as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the damage to the server. Even though firewall is not a complete answer to online threats, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent.
What is Denial of Service (DoS) Attack?
If you are working in the field of computer networks or an enthusiast in the field of network security, you are sure to have come across the term “Denial of Service attack” which is simply referred to as “DoS attack”. Today, this is one of the most common types of network attacks carried out on the Internet. In this post, I will try to explain DoS attack, its variants and methods involved to carry out the same in an easily understandable manner.
What is a DOS Attack?
Denial of Service or DoS attack is a type of network attack designed to flood the target network or machine with a large amount of useless traffic so as to overload it and eventually bring it down to its knees. The main intention behind DoS attack is to make the services running on the target machine (such as a website) temporarily unavailable to its intended users. DoS attacks are usually carried out on web servers that host vital services such as banking, e-commerce or credit card processing.
A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network. The working of a DDoS attack is shown in the following diagram:
Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.
Protection Against DoS/DDoS Attacks:
DoS attacks can easily be handled by blacklisting the target IP (or range of IPs) that are found to be making too many requests/connections (in an unnatural way) to the server. However, DDoS attacks are complicated as the incoming requests seem more natural and distributed. In this case it is hard to find the difference between the genuine and malicious traffic. Taking an action at the firewall level to blacklist suspected IPs may result in false positives and therefore may affect the genuine traffic as well.
Methods Involved in DoS Attack:
The following are some of the commonly employed methods in carrying out a DoS attack:
- SYN Flood Attack
- Ping Flood Attack (Ping of Death)
- Teardrop Attack
- Peer-to-Peer Attacks
How to make a Shutdown Timer in Windows
There are so many
software available that can make your PC shut down at any pre-defined
time. But have you ever wonder you can
make your PC shut down timer easily without downloading any software. You may
laugh on it as it seems so simple trick but many people still needs it. So,
here I am going to tell you two simple methods to make a PC shutdown timer.
Method 1:
This method is very simple.
You can do this by creating a shortcut file and then enter the location of
shutdown timer. Here are the steps to follow:
Right click on your
desktop and choose “New=>shortcuts”.
In the box that says
“Type the location of the shortcut”, type in ‘shutdown -s -t 3600′ without the
quotation marks and click next. (Here 3600 are the amount of seconds before
your computer shuts down.)
Make up a name for the
shortcut and you’re done.
TO ABORT this:
Once you start shutdown timer,
you will need to create another shortcut as you created earlier but this time
you will have to provide another address.
To make an abort key to
stop the shutdown timer just create another shortcut and make the ‘location of
the shortcut to ‘shutdown -a without the quotes.
Method
2:
The above method is not
so much helpful when you want your PC to shut down on a specific time. Suppose
you want to listen songs at night and you want it to stop automatically at
11:59 PM. You can simply do this by following method
·
Click on Start-> Run or Press Win+R
·
Enter the code: at 23:59 shutdown -s
·
Make sure that you enter time in 24 hour
format.
TO ABORT this:
To abort this timer, follow the same process but this
time use shutdown -a code in run.
TOP 10 MYSTERIOUS WEB BROWSERS FOR WINDOWS
Top 10 mysterious web browsers for windows. Users who
use Windows operating system are more aware of well-known web browsers, like
Google Chrome, Internet Explorer, Mozilla Firefox, Opera etc. But there are
many other browsers are available in the market with unique features
BLACKHAWK BROWSER
BlackHawk is a user-friendly web browser with special
cookie handling feature, combines the running speed of Chrome with the useful
functionality of Firefox. BlackHawk provides exceptional cookie handling.
NETGROOVE BROWSER
NetGroove is a graceful, fast and tabbed web browser
can be access directly from your flash drive without install it, works on the
Internet Explorer Engine.
BEAMRISE BROWSER
It is a social web browser provides amazing
animations, graphic bookmarks and even free texts given by Android, joins
chatting and browsing with each other, facilitates you to chat using your
friendly social networks and video chat via the browser itself.
WYZO BROWSER
Wyzo is basically the Media Browser because it
enhances the online media skill of a user, supports all well-known and common
add-ons for Mozilla-based browsers. It permits users to download torrents in a
single click.
BROWZAR BROWSER
Browzar web browser privacy is awesome for cloud and
banking applications; it does not save browsing History, Cookies, Temp files,
Passwords, Cache etc. After closing work and browser nothing get saves in the
history.
QT WEB BROWSER
It is a fast and lightest open source web browser
with secure unique user interface, based on Nokia’s QT framework and Apple’s
Webkit.
EPIC BROWSER
A web browser powered by Mozilla. It provides Indians
latest films and songs, live cricket scores, news from multiple sources such as
regional and Hindi language sources. It provides safe surfing; while surfing no
one can track what you have browsed using it.
U BROWSER
U web browser developed by Conduit. It is a free easy
to use Chromium-based web browser with many social tools good for those who
want to be social. U browser makes easy connection between you, web, friend and
even mobile devices.
DOOBLE BROWSER
Dooble was released in September 2009; an open source
web browser works on multiple platforms, goals to offer better secrecy and
usability. Currently, it is supporting Windows, OS X, Linux and FreeBSD. Dooble
with many features supports built-in download manager and third party plugins
too.
COOWON BROWSER
Google Chrome based browser particularly made for
gamers because using it we can automate our tasks, Record and Play by one mouse
click, avail the Gamepad that controls the game speed during pay time.