Tampilkan postingan dengan label security tips. Tampilkan semua postingan
Tampilkan postingan dengan label security tips. Tampilkan semua postingan

Senin, 20 Juni 2016

HOW TO SPOOF YOUR MAC ADDRESS (ANONYMITY) 2016


HOW TO SPOOF YOUR MAC ADDRESS (ANONYMITY)

SPOOFING YOUR MAC ADDRESS (ANONYMITY), how to spoof your mac address, spoofing your mac address,spoof your mac address, change your mac address.

MAC (Media Access Control) is a number that identifies your network adapter or adapters for connecting to the internet. To remain exceptionally anonymous you must change your MAC IP address. By changing your macintosh address you can:
  • Staying Anonymous 
  • Bypass Mac Filters 
  • Mac Authentication 
spoof your mac address, how to spoof your mac address, trick to spoof your mac address, how to change your mac address.

#1 Staying Anonymous :


The first and the chief thing by ridiculing your macintosh location is with the end goal of namelessness. Your macintosh location can be seen by any individual on your neighborhood (LAN) or besides in the event that you are associated with a WiFi system any individual can see your macintosh address by simply running a basic sweep either from windows or Linux. A basic sample of this is to simply utilize the order from Linux as

airodump-ng (mon0 = your wifi interface) 



The BSSID's recorded over allude's to the macintosh addresses for different systems accessible in your reach. By simply running a straightforward sweep we discover the different BSSID's accessible. Programmers may attempted to misuse your system in the event that they figured out your macintosh address and can utilize the web as being "you" That's the reason you have to change your MAC address.

#2 Bypassing MAC Filters :


If you ever need to unite with an open WiFi system with the end goal of staying unknown however things didn't turned out really well, may be the WiFi proprietor is utilizing a MAC channel. Macintosh channel implies just permitting those clients to interface which have a particular MAC address. By changing your MAC location to that particular location which is joined you can associate with a system yet first by de validating the present client.

#3 MAC Authentication : 


Some ISP (Internet Service Provide) might just permit you to interface with a MAC address in the event that you have a particular location. So changing your location dependably helps for this situation.

HOW TO CHANGE YOUR MAC ADDRESS

1. Smac ( For Windows) :- It is an effective MAC changer that has been around for a considerable length of time. It is anything but difficult to use with any equipment. You should be a "specialist" to utilize this. It totally parodies your Mac address. Rather than utilizing Smac there are numerous product's accessible which you can use to change your PC's macintosh location thus on stay unknown on the web.

You can download it by clicking Here



2. Macintosh Changer (Linux) :- Mac-changer is a free accessible apparatus which is utilized for changing the Mac address in a Linux machine. What you have to do is select your web interface and run the summon and its basically done.



The above screenshot is taken from Backtrack and it is unreservedly accessible in Backtrack and numerous other higher adaptations.

sudo well-suited get introduce macchanger-gtk 


Thanks for Reading :)
Read more

Top 5 Joomla Security Extensions 2016

Top 5 Joomla Security Extensions: So today we will discuss about Top 5 Joomla Security Extensions. I am gonna tell you about top best 5 Joomla Security Extensions so that you can work smoothly without any risks :)Top 5 Joomla Security Extensions 2016

Top 5 Joomla Security Extensions

Apart from WordPress and Drupal content management systems, Joomla is the most famous CMS used everywhere. Much the same as whatever other open-source CMS, Joomla powered sites to deal with hacking attacks. Top 5 Joomla Security Extensions 2016Indeed, consistently Joomla fueled webpage experience unfeeling programmers who mangle site pages, transfer secondary passages and take or erase touchy data. What's more, unfortunately, a large portion of the assaults cost site proprietors significant measure of time and cash in getting the harm altered. Thus it gets to be needful for site proprietors consider all the conceivable measures that reinforces security of their Joomla site. Top 5 Joomla Security Extensions 2016

In this post we have come up with a list of remarkably useful Joomla extensions that helps to secure your Joomla website.Top 5 Joomla Security Extensions 2016

1# jHackGuard


jHackGuard is an expansion planned by Siteground that shields the sites of Joomla clients from being hacked. The expansion is made freely accessible to Joomla site proprietors, regardless of whether they're utilizing Siteground facilitating administrations or not. Top 5 Joomla Security Extensions 2016This expansion is a mix of a security plugin (that does the framework work) and part (that handles designs) – that ensures a Joomla site by sifting the client's information and incorporating more PHP security settings. In any case, the plugin is incapacitated with the goal that channels don't keep validated managers from performing their authoritative errands. Top 5 Joomla Security Extensions 2016

jHackGuard is good with Joomla adaptation 3 and higher. Thus in the event that you need to ensure your webpage security running on a more established Joomla rendition, you can decide to download the fitting forms of jHackGuard for the more seasoned Joomla forms, for example, jHackGuard for Joomla 1.5 or other.Top 5 Joomla Security Extensions 2016

2# Akeeba Backup



Akeeba Backup in the past known as JoomlaPack is an open-source and free reinforcement part that aides in making a full site reinforcement – that can be utilized to restore your site on any server running Joomla fueled locales. It gives you a chance to make a reinforcement of your site in only a solitary chronicle, including every one of the documents, a "database preview" and an "installer". Top 5 Joomla Security Extensions 2016

The best angle about this expansion is that it runs an AJAX-controlled reinforcement and restore process that avoids server timeouts – notwithstanding when you're running a vast site. In addition, you can decide to make a reinforcement of just your site records or database. It is good with Joomla form 2.5 or 3.x j

3# JomDefender



As programmer assaults on Joomla sites is expanding, proprietors may need to spend a lump of cash to settle the harm done by the programmer assaults. You would need to maintain a strategic distance from your site from being harmed because of vulnerabilities. JomDefender is an incredible expansion that keeps your site secure from wreckful programmer assaults. This security plugin is implicit 'corePHP'. Top 5 Joomla Security Extensions 2016

This plugin settles probably the most well-known vulnerabilities inside Joomla, and actualizes extra defensive layers to the site to shield it from any sort of security assault. It can be introduced and designed effortlessly, and is accessible for a small amount of the expense.

#4 RSFirewall



This is a progressed Joomla security augmentation that keeps your site shielded from interruptions and also programmer assaults. RSFirewall is maintained by a group of prepared specialists that dependably stay up with the latest to manage the most recent vulnerabilities. What's more, the group runs most recent security redesigns to keep the Joomla site safe. RSFirewall accompanies an extensive arrangement of instruments, utilizing which you can keep your site secure from being hacked. Top 5 Joomla Security Extensions 2016

This expansion even gives you a chance to perform a sweep on your whole webpage, in order to make you mindful about the frail focuses in your website and offer guidelines to enhance your site security. RSFirewll is good with both Joomla 2.5 and 3.x adaptations.

#5 Akeeba Admin Tools


Keep going on our rundown is Akeeba Admin Tools, Joomla expansion that aides in making the site organization turn into a breeze, and enhances your site's security. Its an included layer of security. This augmentation advises Joomla clients about new redesigns that they ought to keep running for their Joomla site. Furthermore, it performs Joomla site support ensure it against programmer assaults and improve the site. It additionally settles your document and catalog authorizations, oversee custom URL redirections, improves security by making a safe .htaccess record etc. Top 5 Joomla Security Extensions 2016

This augmentation gloats a propelled "Web Application Firewall" that keep your website safe from a portion of the regular assaults.


Read more

Selasa, 15 April 2014

How to avoid becoming a victim of keyloggers


Know how it works:
Knowing how it works will help you make a better decision. A keylogger is a little piece of software that normally stays hidden in your system and collects information on the keys you press on your keyboard. This coupled with its ability to match these keystrokes with the application for which they are being pressed, make a keylogger an extremely dangerous hacking tool. As normally it resides in a system hidden, it can steal your information without you even noticing anything.

Use good quality anti-keylogger software:
Anti-virus anti-malware software are a requirement for every user. But they may not be able to detect and remove keylogger software. For this, you should use specific anti-keylogger software. In fact, according to a report almost all anti-virus software failed to detect a keylogger in a controlled lab test. Only a specifically tailored anti-keylogger can make sure that your information stays safe and secure.

Use secure communication channels:
As important and useful the worldwide web is, it is as much dangerous because of some people who use it for their nefarious designs. Some steal your information while others just like to bog down a system with excessive virus attacks. Make sure that you are using only secure websites for your communication, like emails, instant messaging and video calls etc. It is these unprotected sites that can spread these keylogger software easily. Avoid them at all costs for your communication needs.

Be on alert:
The best possible way to protect your computer and your information is to be on alert. It is almost always when you do not take care and follow security precautions that you fall victim to these tricks and get your system infected with viruses. Putting your information at risk is not a good idea. But thinking that anti-virus software, or anti-keylogger software for that matter, will keep your system 100% secure is a mistake. If you are not on your guard, anyone can access your system physically and compromise your security wall, thus eliminating the need of tackling anti-virus over the internet. You also need to know which sites you are visiting and whether there is any Google or other security software advisory on that site. You should also avoid clicking on suspicious links, particularly those appearing in your email, asking for your private information.

Stay updated:
You should also make sure that your system is updated with the latest system and anti-virus software security patches. This will ensure that your system is protected and can withstand attacks over the internet. In any case, you are the one who needs to be on guard more than your system.
Read more

Sabtu, 12 April 2014

Android Devices Are Vulnerable To Heartbleed Bug


Many Android Devices Are Vulnerable To Heartbleed Bug. Google recently reported that Android OS are vulnerable to Heartbleed Bug.

According to Google online security blog,
"We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.  Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this -- and encourage others to report them -- so that that we can fix software flaws before they are exploited.

If you are a Google Cloud Platform or Google Search Appliance customer, or don’t use the latest version of Android, here is what you need to know.

Cloud SQL
We are currently patching Cloud SQL, with the patch rolling out to all instances today and tomorrow. In the meantime, users should use the IP whitelisting function to ensure that only known hosts can access their instances.

Android
All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners.
"

What is Heartbleed Bug?
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

The Heartbleed vulnerability exposed this week. Bug effected OpenSSL versions released in past two years. In vulnerable system, hackers can collect all encrypted data from a website's server before its deleted can say Zero day vulnerability.

According to report WSJ, Donations have picked up since Monday. This week, it had raised $841.70 as of Wednesday afternoon.

Check your server for Heartbleed Bug causing.
http://filippo.io/Heartbleed/
Enter a URL or a hostname to test the server for CVE-2014-0160

What is the CVE-2014-0160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability. 


Security Notice:
Some are websites also affected by Heartbleed Bug. You should change the passwords of your Email and Social Network accounts now. Mashable noticed Heartbleed hit list website affected.

Read more

Sabtu, 01 September 2012

5 Ways To Prevent Your Facebook Account From Hackers in 2012

Facebook is the most popular social networking website which has more than 800million  users, more than 1million photos are updated every week by facebook users. So this is why facebook comes under the red list of hackers. Most of the users don't knows the close connection of entering personal information, like emails, making unknown friends and playing games on facebook. Today I will show you some of the quick steps on how to prevent your facebook account from hackers.




Following are the steps :-

1) Profile Privacy 



Profile Privacy is the first thing, for the protection of your private data like If you choose Customize, you could be more specific. Your Profile Should only be viewed by your friends. Basic Information like email, graduation, job, etc should not be shared by unknowns! Hide your photos too.

2) Search Visibility 

Click Privacy > Search It is when someone searches you on facebook by your name. This option is an important way to get protected your Facebook privacy. It should be to Everyone but don't cross the limits of sharing, share your friend list if you want, Add Friend, Someone message you!

3) Controlling Feed Post & Friend Posts

Our practice and actions in Facebook such as likes, comments, posts appear as friend feed on ALL your friends’ home wall. You can only turn this privacy on or off. Go to Privacy > News Feed and then Wall and choose whether you want your friend or ex-boyfriend/girlfriend to know that you’re in love or not.

4) Facebook Wall Privacy

Go to your profile wall, click Options > Settings under the option box. Here you can change the privacy whether your friends can post status or pictures on your Wall, and who can check the status made by your friends on your wall.

5) Protect Yourself From Unknown Applications


Go to Privacy > Applications, and click the Settings option check all the boxes should be unchecked. These settings share what information about you is visible to games/applications installed by your friends. It could be Facebook Virus, Trojans, Spywares made by your enemy friend. 
These were the all main tips to get safeguarded from hackers, Hope you enjoy it :) Good Luck!
Read more

Warning : Hackers Use Facebook Photo Email Notifications for Installing Malware

Cybercriminals have been sending new strain of malware via emails to Facebook users, encouraging them to view photos as an attachment. So for all Facebook users who totally rely on email alerts service to know when and what their friends do, are on risk of getting their computers infected with malware.

Scammers are sending out e-mails saying that someone has added a new photo of you to a Facebook album. The spam, which claims to come from the social networking giant, includes an attachment that installs malware on your computer. If you click on that attachment, It will downloads a ZIP file and if you open that ZIP file and click on files which are in that zip file, then that malware will get installed in you computer and it will enables hackers to gain control over Windows-operated PCs.


Facebook hacking


The e-mail subject is typically something along the lines of “Your friend added a new photo with you to the album” (though cybercriminals can easily alter it) and appears to come from an e-mail like “notification+kjdm-dj-hud_@facebookmail.com” (again, this can be changed). The attached file is named “New_Photo_With_You_on_Facebook_PHOTOID[random].zip” where “random” is a generated number.


Facebook hacking


Facebook hacking


Of course, above emails don't really come from Facebook team. Such emails are fake emails designed to trick or fool recipients into opening the attached file which contains a photo / image. But the attachment is not a image, its a malware which can hack you computer and allow hackers to gain control over your Windows computer. This malware was identified by security firm Sohpos as Troj/Agent-XNN.

But there are surely so many peoples in the world who could be duped into believing that they have been tagged by one of their friends in a photograph, and want to see if they look overweight, unattractive or simply fabulous.

So Facebook users should be aware by now that the social media site like facebook twitter never sends the pictures or files posted online as attachments via email. That’s why users are always advised to beware of such notifications.
Read more

Rabu, 15 Agustus 2012

How to protect email account getting hacked

"My Email account is hacked" or " Some hacker has hacked my email account", did these quotes sound familiar to you Guys, if not then soon gonna be if you are not aware of latest techniques used by hackers to hack into your email accounts. After reading such comments there are two things that always come to my mind, either hacking email account is to easy for hackers or protecting email account for getting hacked is too difficult. And after thinking about both above points, i starts laughing because both are true for Hackers and both are false for unaware users.
Note: If a Hacker wants to hack you Email or system, he will hack it. The only thing you can do is, just make it harder for him to do the same.

Friends, after spending my precious 5 years in field of Hacking and Cyber security, i reached a very simple conclusion. Email accounts can only be hacked by means of Social Engineering technique, and whoever says that he can hack email account using some other technique then friends he is a liar.

Now what all topics are covered in Social Engineering Technique:

1. Phishing or fake page login technique.
2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).
3. Shouldering passwords.
4. Guessing Weak Passwords.
5. Compromising Accounts with Friends or team mates
6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's.

So friends let's start from one by one, how you all can protect yourself from hackers.

1. Phishing or Fake Pages Login Technique

In this technique, what hacker does is that, he makes a local(fake) copy of original website which looks absolutely similar to original one and attaches his PHP action scripts to record the passwords and then uploads that local copy to some free web hosting server. After uploading, he shares the links with friends or victims by three different ways:
a. By Sending Emails : Emails can be spoofed and looks like they are coming from genuine sources like Gmail Support or Yahoo Support etc or Simply from your most trusted friends.
Now which type of emails you should not open:
  1. Emails asking for account verification:  These emails ask for you email account username or passwords to verify your details.
  2. Emails showing Prize Money or lotteries: Nowadays, we all receive a lot of email messages like "You have Won Prize Money or Lottery of so and so amount. These emails usually ask your name, age occupation, mobile number, sometimes credit card details. And when you provide all these information they ask you to verify your Mobile number. They usually say you will receive one unique verification code on your mobile and ask you to enter that verification code in some unknown website.  Note: This is mobile phone verification  loophole of all Email services. They all sent verification in below format: " Your Google Verification Code is 123456 or Your Yahoo verification code is 123456 or Your Hotmail verification code is 123456". Means these services doesn't mention that "your Gmail or Yahoo or Hotmail password reset code is 123456" so user is easily get fooled by such offers and become the prey to hackers.
  3. Emails from unsolicited or unknown sources: Never open the emails which comes from unknown sources.
  4. Never access any social networking website link from your email as it can be a Phish Page link.

Some useful and handy guidelines to identify Phish Pages:
1. Always check the URL in the address bar ( both source and destination). Never login in the URL which has website URL other than the original one.
2. Most important: Always use web security toolbar(avg,avira or crawler etc), most of them are available for free. They will detect the fake pages and warn you from opening them.

b. Using Chat services
Never open the links that are being posted in chat rooms, there are lots of Ajax and java scripts available in market that can retrieve all your stored passwords from your web browser.

c. Sharing Content on some website and that website is asking for registration with is followed by email verification. Hackers share their links on famous forums or torrents, when user open these link either of the above two things happen or a key logger or RAT is attached with them that will record you email address and password and send the information to hackers email account or FTP mail.

2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).

This is the most used hacking technique used by almost every hacker to hack the users email accounts. In this technique, hackers attach their keylogger or RAT servers with the crack or keygen or patch or hack tools and whenever user executes that it got installed automatically. 
In this case hackers use the below loophole: Whenever you open a keygen or patch or crack or hack tool, your antivirus shows you are warning message but users always ignore these as hackers or cracks provider has already instructed the users that turn off the antivirus before running patch or keygen.

So friends 4 things to note here:
a. Never use cracked or patched software's as they already contains Trojan's which are controlled on basis of timestamp. 
Solution: Look for any freeware providing the same features. If you request i will give you the list for freeware alternatives for all paid software's.
b. Never turn off your antiviruses or anti-spywares or web security toolbar.
c. Regularly update your antivirus and anti spyware programs.
d. If you wanna try any hacking software or hack tool, then always use sandbox browser or use Deep Freeze

3. Shouldering passwords

Seeing or watching the user, while he/she is typing his password is called shouldering. Most of time we types our passwords in front of our friends or colleagues. Nowadays what usually friends or classmates do is that, they stand in back of you and keep a eye on you while you are typing passwords. This technique is also used at ATM machines, thieves or malicious people watch people while they were entering the ATM pin and then misuse that online.
Solution: Always take care that nobody is watching you while you are typing passwords. If not possible to do so try to avoid logging into your accounts when your friends are near you.
Note: Never store passwords in your web browsers. Otherwise, friends like me ask you to bring water for me and when you go out, i will see you all saved passwords :P..

4. Guessing Weak Passwords

Its not a new thing, i have told people more than hundreds of time not to use weak or very common passwords but they will never learn. Few basic passwords that unaware or novice IT people use:
a. 6 to 8 consecutive character on the keyboard or alphabets like qwerty, 1234567, abcdefgh etc.
b. Atleast 30% of people keep their current or previous mobile numbers as their passwords.
c. More than 10% keep their girlfriend name or her mobile number as password.
d. But nowadays password policy are quite good, so novice people also became smart as most of websites ask atleast one Capital letter, one number and one special character in password. Now friends, guess what will be their passwords:
1. Suppose its december then their password will be like: Dec@2011 or Dec123! or Dec2011@.
2. How can they forget keyboards consequite keys like qwert123!, qwerty123$, abc123! etc.
3. Offcourse, none can forget his girlfriend name : girlfrindfirstname123! or more smart people GFNAME1!.
Hahaha.... thats really foolish.

Some tips for strong passwords:
1. Always keep your password atleast 8 chars long.
2. Use special characters and number and small n upper case combination in your password.
3. Verify your mobile numbers if available.
4. Keep changing your passwords at-least once a month.

5. Compromising Accounts with Friends or team mates

Its one of the most common problem with team mates and friends. "Today i am not coming to office or college, please use my login ID and password and forward the details or some files" or "Your friend went to your home and suppose you are away from your house, now what you will do, hey use my username and password and take your files or documents". What the hell is this? You call yourself professional, and every time you yourself violating the password and account policy norms.
Never share your account information with anyone. People like me are very dangerous, if you share your pass with me then you are done :P..
Solution: Never tell your account information to anyone. If its urgent, you can share it but you need to change your details as soon as possible.

6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's. 

Most of cyber cafe's or college computers have keyloggers or rats installed on them. Whenever you login into your account through cybercafe, none can give you assurance that your account is safe or hacked. So always play it safe. If you login into your account through cyber cafe's, always change them as soon as possible. 

Now friends, if you follow all the above steps told by me, then your account can never be hacked and for sure you will never get a chance to say "My EMail account is hacked" or "Someone has hacked my email".

Read more

How to Protect yourself from Keyloggers using Keyscrambler

KeyScrambler encrypts your keystrokes in the kernel and decrypts it at the destination application, leaving Keyloggers with indecipherable keys to record. For your personal office, family, and business, KeyScrambler adds a reliable layer of defense.
When you try do something online, for example access your checking account on your bank's website, your keystrokes will travel along a path in the operating system to reach the destination application. Many places along this path, malware(keyloggers and Rats or simply keyboard hookers) can be physically or remotely installed by hackers to log your keystrokes so they can steal your user name and password and this is really a very dangerous threat.

How does key Scrambler Work?

Any Idea, yes most of you might know that but today i will disclose the internal details of key scrambler step wise.

Actually any key scrambler works in three basic steps namely: Encrypt Keys, Bypass Malwares like keyloggers, rats or keyboard API hook programs and at last decrypt keys. I have explained the steps in detail below:

1. As you're typing on the keyboard, Key Scrambler is simultaneously encrypting your keystrokes at the keyboard driver level. Because Key Scrambler is located in the kernel, deep in the operating system, it is difficult for keyloggers to bypass the encryption.

 2. As the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keyloggers are known or brand new, because your keystrokes are completely indecipherable the whole time.

 3. When the encrypted keystrokes finally arrive at the destination app, the decryption component of Key Scrambler goes to work, and you see exactly the keys you've typed.

Few misconceptions about key scramblers:

1. Key scrambling is not key stroke obfuscation. Actually key scrambler uses cryptography (namely state-of-the-art cryptography) for encryption and decryption which makes it a reliable defense against keyloggers and api hookers.

2. Key scrambler does not depend on type of keylogger or signature of keylogger. But some advanced keyloggers nowadays bypass key scramblers too, so never rely completely on key scramblers.

Note: " Prevention is better than cure", so keep yourself  protected and avoid being prey to any such noobish trap.

There are lots of key scramblers available in the market but i have chosen key scrambler pro for you guys, as i found it to be the best:



Read more