If a private key is compromised by the man-in-the middle attacker he can decrypt the messages using the private key. The worst part is if he has recorded the previous conversations he can break that also using this private key. This can be prevented by the Forward-Secrecy technique. Continue reading “Tech Terminology Demystified – ‘Forward-Secrecy’”
Wireless session hijacking using Droidsheep
It is similar to Firesheep or Faceniff, one-click session hijacking using your android smartphone or tablet computer. Continue reading “Wireless session hijacking using Droidsheep”
Web security threats to a business
Businesses are exposed to various web security threats. Here we list some of the major threats that every organisation should be wary of and take pre-emptive steps to protect end users. Continue reading “Web security threats to a business”
Saved passwords in browsers; Are they secure?
Many famous browsers like Google chrome, FF (Firefox), etc provide the option to “remember password “option for its users to save the password. Continue reading “Saved passwords in browsers; Are they secure?”
Underground call-centre for identity theft uncovered by security researchers
Fraud is a business too and as can be seen from this article, cybercriminals are now outsourcing work to underground call centers to obtain information using social engineering skills.
Continue reading “Underground call-centre for identity theft uncovered by security researchers”
Tech Terminology Demystified – Duqu Trojan
Duqu is a Remote Access Trojan designed to steal data from computers it infects.
Duqu seems to have been designed to steal information from vendors of industrial control systems. It is an intelligence gathering agent.
Continue reading “Tech Terminology Demystified – Duqu Trojan”
Click Jacking – Hijacking the Click
Click jacking is used by an attacker to collect information from user’s clicks. The attacker can do any type of things by launching this type of attack for example taking control of users microphone, webcam, adjusting the user’s computer settings, sending the user to Web sites that might have malicious code. Continue reading “Click Jacking – Hijacking the Click”
Can our Power Supply / Other Utility Systems be hacked?
Federal authorities are investigating a hack that resulted in the burnout of a water pump at the Curran-Gardner Township Public Water District in Illinois.
A hacker apparently exploited a supervisory control and data acquisition (SCADA) system that managed the water pump and set the pump to continually turn on and off. Only after the pump failed, earlier this month, did plant operators discover that their systems had been exploited, apparently in September. The attack appeared to have been launched from a server based in Russia.
Continue reading “Can our Power Supply / Other Utility Systems be hacked?”
Are you inclined to do online shopping?
We are living in the digital age, where we can reap the benefits of online shopping. This boon of online shopping is exposed to tremendous risks, despite being quick and most convenient mode of purchase. The globally accepted view is that the holiday season comes ahead in advance year after year. This increase in online traffic is eagerly awaited by the hackers who are gearing up to swipe credit cards and personal information to commit fraud and identify theft. The online users are targeted and exploited by the cyber criminals by initializing online shopping scams, fraudulent emails. E-card and phishing schemes and more. There are 10 wise tips to safeguard personal information, while shopping online and to prevent threats pose by hackers.
Internet Banking & Mobile Banking users beware – ZITMO & SPITMO is here !!
Typically a strong online banking authentication relies on generating a Transaction Authorisation number, sending it to the registered mobile number of the internet banking user, and the user will then have to enter the random generated authorisation code into the mobile banking site for the transaction to get authorised. Beware — danger is lurking in this scenario also.
ZITMO (Zeus-In-The-Mobile) is a trojan designed to intercept and redirect the incoming SMS including the transaction authorisation codes that come into the infectd mobiles. Another similar trojan is SPITMO (SpyEye-In-The-Mobile) with nearly the same functionality as ZITMO except for some change in how it works.
Continue reading “Internet Banking & Mobile Banking users beware – ZITMO & SPITMO is here !!”