How Any One Can H4ck a Password:
Today, everything is depend on the Internet.In this growing users on Internet
Lack of understanding about password is allowing criminals to spy and steal your password.
Things you should stop believing about password
1 A file,account computer protected by password are they safe?
*The answer is NO a Big NO.
2 you may be thinking that account associated with big companies are surely safe.....
*For this let me give you some examples,for instance:
Linked-In – A file with 6.5 million passwords from Linked-In accounts appeared in an online forum based in Russia.
Yahoo – 450,000 usernames and passwords from Yahoo! were posted online
Sony (Playstation) – This massive breach involved 77 million Sony PlayStation user accounts containing passwords and other personal information.
The reputable companies like linkedIn,Sony,yahoo should be using strongest security measures but even this strong security is not even strong enough to handle h4ck3r out there.
3. hacker use sophisticated tools to steal your password:
actually not all h4ck3r uses this tools to acquire password In the highly publicised h4ck1ng of Wired Senior Writer Mat Honan, the hackers made extensive use of social engineering, a technique that relies heavily on the art of deception. More about this shortly..
Common techniques used to Steal your password:
1. Keyloggers
This is one of the basic tool used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all the keystrokes you type. A log is created and then it is sent to the H4ck3r. Most famous keylogger is the Ardamax Keylogger. It can be customized so that it cannot be shown in “Processes” (Windows Task Manager).
this can also be in your keyboard.So for online payments OR BANK transactions always use Virtual keyboard.
2 Using MITM (man in the middle attack)
In this 4tt4cker h1j4cks communication between client and server.He then sets up his computer to impersonate both legitimate machines and then makes it appear they are still communicating with one another.
as a result all our data pass through their system, which allow them to view your password which is sent in plaintext.
3.By Trojans
Trojans are malware,that hackers make available through harmless emails(for more about how they travel through Internet please refer my previous article).
once downloaded,a Trojans can stealthily perform whatever nefarious activity it is programmed to do. One common activity is recording keyboard strokes (keylogging), whenever the victim login to a “secure” site; another is scanning the memory and extracting what it suspects to be passwords (“memory dumping”). When done, the malware transmits this information to the attacker.
4.social engineering
Lack of understanding about password is allowing criminals to spy and steal your password.
Things you should stop believing about password
1 A file,account computer protected by password are they safe?
*The answer is NO a Big NO.
2 you may be thinking that account associated with big companies are surely safe.....
*For this let me give you some examples,for instance:
Linked-In – A file with 6.5 million passwords from Linked-In accounts appeared in an online forum based in Russia.
Yahoo – 450,000 usernames and passwords from Yahoo! were posted online
Sony (Playstation) – This massive breach involved 77 million Sony PlayStation user accounts containing passwords and other personal information.
The reputable companies like linkedIn,Sony,yahoo should be using strongest security measures but even this strong security is not even strong enough to handle h4ck3r out there.
3. hacker use sophisticated tools to steal your password:
actually not all h4ck3r uses this tools to acquire password In the highly publicised h4ck1ng of Wired Senior Writer Mat Honan, the hackers made extensive use of social engineering, a technique that relies heavily on the art of deception. More about this shortly..
Common techniques used to Steal your password:
1. Keyloggers
This is one of the basic tool used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all the keystrokes you type. A log is created and then it is sent to the H4ck3r. Most famous keylogger is the Ardamax Keylogger. It can be customized so that it cannot be shown in “Processes” (Windows Task Manager).
this can also be in your keyboard.So for online payments OR BANK transactions always use Virtual keyboard.
2 Using MITM (man in the middle attack)
In this 4tt4cker h1j4cks communication between client and server.He then sets up his computer to impersonate both legitimate machines and then makes it appear they are still communicating with one another.
as a result all our data pass through their system, which allow them to view your password which is sent in plaintext.
3.By Trojans
Trojans are malware,that hackers make available through harmless emails(for more about how they travel through Internet please refer my previous article).
once downloaded,a Trojans can stealthily perform whatever nefarious activity it is programmed to do. One common activity is recording keyboard strokes (keylogging), whenever the victim login to a “secure” site; another is scanning the memory and extracting what it suspects to be passwords (“memory dumping”). When done, the malware transmits this information to the attacker.
4.social engineering
Social engineering is a art of manipulating people so they can give up confidential information.the types of information these criminal seeking can vary, but when victims are targets by this criminals are usually trying to trick you into giving them your passwords or access your computer installing to secretly install malware that will give access to your password.
5.using bruteforce attack
Do you know what the crudest way of cr4ck1ng a password is? Simple. You just make an educated guess.
You can base your guess on the user’s name and a bunch of dates important to him (e.g. his birthday or wedding day). If your first guess doesn’t work, you guess again. And again. And again. Until you get it correctly. Some systems don’t put a limit to the number of times you can enter a password.
Of course, this can take forever… unless you can automate the process.
Brute force attack programs like John the Ripper, Cain & Abel, or TCH Hydra, enable you to do just that. These programs can make a large number of rapid intelligent guesses…which is great for hackers, but not so great for the security of your passwords.
Now that you’re familiar with the common techniques used for stealing passwords, let’s take a look at what tools you can use to foil them.
How to protect yourself from h4ck1ng:
5.using bruteforce attack
Do you know what the crudest way of cr4ck1ng a password is? Simple. You just make an educated guess.
You can base your guess on the user’s name and a bunch of dates important to him (e.g. his birthday or wedding day). If your first guess doesn’t work, you guess again. And again. And again. Until you get it correctly. Some systems don’t put a limit to the number of times you can enter a password.
Of course, this can take forever… unless you can automate the process.
Brute force attack programs like John the Ripper, Cain & Abel, or TCH Hydra, enable you to do just that. These programs can make a large number of rapid intelligent guesses…which is great for hackers, but not so great for the security of your passwords.
Now that you’re familiar with the common techniques used for stealing passwords, let’s take a look at what tools you can use to foil them.
How to protect yourself from h4ck1ng:
- Make your password strong by using combination of uppercase,lowercase,alphanumeric,and special character like($%^#@).
- Change your password regularly.
- Do not use public wifi and always use HTTPS.
- Install a good licensed anti-virus. I suggest you go for Kaspersky. It’s the best anti-virus out there.
- Always have your Windows Firewall turned on.
- Never ever trust warez sites. There is a lot of malware flowing out there.
- Don’t run .exe programs given by anyone. Trust only yourself.
- Never auto-play a pen drive. By this, malware automatically gets installed on your PC.
- Don’t run attachments from emails.
- If you want to run .exe files safely, run them sandboxed. A free application Sandboxie is available for this purpose.
- If you feel you’re infected, format your PC immediately. No anti-virus can remove a Trojan horse from your PC. It’s very difficult to remove a trojan from an infected PC.
- Install a good licensed anti-virus. I suggest you go for Kaspersky. It’s the best anti-virus out there.
- Always have your Windows Firewall turned on.
- Never ever trust warez sites. There is a lot of malware flowing out there.
- Don’t run .exe programs given by anyone. Trust only yourself.
- Never auto-play a pen drive. By this, malware automatically gets installed on your PC.
- Don’t run attachments from emails.
- If you want to run .exe files safely, run them sandboxed. A free application Sandboxie is available for this purpose.
- If you feel you’re infected, format your PC immediately. No anti-virus can remove a Trojan horse from your PC. It’s very difficult to remove a trojan from an infected PC.
Comments
Post a Comment