What is Phishing ?


Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures. Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing.
Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.
TECHNIQUES BEHIND PHISHING ATTACK
1. Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of www.microsoft.com
2. Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
How does a phishing attack/scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. Here is an example of how the phishing scam email looks like
Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
How to identify a fraudulent e-mail?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
“Verify your account.”
Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.
“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking.
“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.
“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.
Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.
So the Bottom line to defend from phishing attack is
1. Never assume that an email is valid based on the sender’s email address.
2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3. An email from trusted organization will never contain attachments or software.
4. Clicking on a link in an email is the most insecure way to get to your account.

Friday, October 15, 2010 | Leave a comment

10 Tips for Online Security

 With the sudden rise in the Internet usage across the globe over the past few years, there has also been a rise in the amount of online scams and frauds. Today most of the Internet users are unaware of the most prevailing online threats which pose a real challenge for their safe Internet usage. As a result, Online Security has become a questionable factor for the most Internet users. However it is still possible to effectively combat online insecurity provided that the users are well aware of the common scams and frauds and know how to protect themselves. A study shows that over 91% of the Internet users are unaware of the online scams and are worried about their security. Well if you are one among those 91% then here is a list of 10 tips to ensure your total online security.
1. Always install a good antivirus software and keep it up-to-date. Also install a good anti-spyware to keep your PC away from spywares. Click Here for a list of recommended anti-spyware softwares.
2. Always visit known and trusted websites. If you are about to visit an unknown website, ensure that you do not click on suspectable links and banners.
3. Perform a virus scan on the files/email attachments that you download before executing them.
4. Regularly Update your operating system and browser software. For a better security it is recommended that you surf the Internet through the latest version of your browser program.
5. Never share your password (email, bank logins etc.) with any one for any reason. Choose a strong password (A blend of alphanumeric+special symbols) and change it regularly, eg. every 3 months. Avoid using easy-to-guess passwords. (ex. pet’s name or kid’s name)
6. Always type the URL of the website in your browser’s address bar to enter the login pages. For ex. To login to your Gmail account type http://mail.google.com
7. Before you enter your password on any login page, ensure that you see https instead of http. ex. https://mail.google.com instead of http://mail.google.com. HTTPS protocol implements SSL (Secure Sockets Layer) and provide better security than a normal HTTP. For more information on HTTPS and SSL see Know More About Secure Sockets Layer (SSL).
8. Beware of phishing emails! Do not respond to any email that request you to update your login details by clicking on a link in the body of the email. Such links can lead to Fake Login Pages (Spoofed Pages). For more information on phishing refer What is Phishing?. Also refer How to Protect an Email Account from being Hacked.
9. Always hit the logout button to close your login session rather than abruptly terminating the browser window. Also clear your web browser caches after every session to remove the temporary files stored in the memory and hard disk of your PC.
10. Avoid (Stop) using any public computers or computers in the Internet cafes to access any sensitive/confidential information. Also avoid such computers to login to your email/bank accounts. You cannot be sure if any spyware, keystroke-logger, password-sniffer and other malicious programs have not been installed on such a PC.
By following the above 10 tips your online security can be guaranteed upto 90%. I hope this will help my readers for keeping themselves safe from any of the online insecurities. Cheers! Pass your comments.

| Leave a comment

10 Tips to Avoid Getting Adware

10 Tips to Avoid Getting Ad ware

Adware, malware, spyware and viruses can bring your system to its knees. They are detrimental, lowering the performance of your computer. You might need to replace data. You might lose unique files. Keep the nasties away from your computer using these ten simple tips.
1. Use Firefox: Internet Explorer is the most popular browser on the market, controlling over 50% of the market share. The virus and adware creators specifically look for exploitable vulnerabilities within IE because they know that they will receive the best return on investment. Your switch to Firefox prevents some adware from infecting your machine.

2. Scan your PC once a week: Sometimes adware programmers take a sneaky approach. They will set up their programs to run quietly in the background to spy upon your activities. This once a week scan is necessary to remove any of those sneaky bugs.

3. Download from known sites: New sites for installing adware are popping up all the time. If you find something that you want to download, make sure that it is from a known site. A company like Amazon will not steer you wrong, but Bob’s House of Wares might be a little less trustable. If you are not sure whether you can trust a site, perform a quick search.

4. Install Adaware: Ad-Aware is the most popular free adware removal program on the market. It detects, quarantines and removes adware. It searches for other programs which may have been installed, highlighting them in an easy to use interface. This program does not have an anti-virus attached.

5. Do not click on unsolicited email: You are constantly receiving offers to increase this or improve that through unsolicited email. Your curiosity may be killing you, but don’t click on these emails. They accept your click as permission to install adware, spyware and malware on your PC.

6. Install Antivirus software: Installing two programs for virus and adware protection is a smart idea. It caters to the strengths of each program, increasing the overall strength of your antiadware and antiviral campaign. Some of the best antivirus software is free, providing real time protection. Programs to look at would be Avast Antivir and AVG.

7. Don’t install toolbars: Even some reputable sites install custom toolbars. They slow your system down and collect information about your surfing habits. While a toolbar might offer some perks, it may also diminish your experience by dragging your system to a halt. Toolbars from less reputable places install adware and sometimes infect your system outright.

8. Look at your task manager: If anything seems out of place with your computer, take a look at your task manager. This tells you about all of the programs and processes which are running on your computer. Examine the processes tab for anything which you don’t immediately recognize. Perform a web search for unfamiliar processes.

9. Do not click on popups: Clicking on a popup usually spells certain doom for your computer. It opens the door for the viruses and adware that want to infect your machine, telling these malicious applications to make themselves at home. Stay away from those constantly advertised screensavers and icons.

10. Trust your gut: If you don’t feel right about a site, don’t go there. If you are receiving warnings from the antivirus and antiadware programs which you’ve installed, don’t go there. If you don’t like the layout of a site, don’t go there. Trust your instincts about sites.
With proper vigilance, you can keep aggravating adware, spyware and malware from your machine. Trust your instincts. Install Ad-Aware and an antivirus program. Play it safe. The care you spend in preventing adware from infecting your machine can save money and time.
This article was added by James Adams who is currently a writer and analyst at a supplier of printer cartridges and franking machine supplies. Much of his writing is about using advertising and productivity to help growth.
                                                                                                                   Courtesy:- Internet

| Leave a comment

WEB-LINKS

Hai Folks,
Are you interested in knowing about the Guiness Book of records??

Just click here

http://www.worldamazingrecords.com/

http://www.guinnessworldrecords.com/

| Leave a comment

COMMAND PROMPT COMMANDS

MS DOS COMMAND PROMPT COMMANDS:-


A ADDUSERS Add or list users to/from a CSV file
   ARP      Address Resolution Protocol
   ASSOC    Change file extension associations•
   ASSOCIAT One step file association
   ATTRIB   Change file attributes
b
   BOOTCFG  Edit Windows boot settings
   BROWSTAT Get domain, browser and PDC info
c
   CACLS    Change file permissions
   CALL     Call one batch program from another•
   CD       Change Directory - move to a specific Folder•
   CHANGE   Change Terminal Server Session properties
   CHKDSK   Check Disk - check and repair disk problems
   CHKNTFS  Check the NTFS file system
   CHOICE   Accept keyboard input to a batch file
   CIPHER   Encrypt or Decrypt files/folders
   CleanMgr Automated cleanup of Temp files, recycle bin
   CLEARMEM Clear memory leaks
   CLIP     Copy STDIN to the Windows clipboard.
   CLS      Clear the screen•
   CLUSTER  Windows Clustering
   CMD      Start a new CMD shell
   CMDKEY   Manage stored usernames/passwords
   COLOR    Change colors of the CMD window•
   COMP     Compare the contents of two files or sets of files
   COMPACT  Compress files or folders on an NTFS partition
   COMPRESS Compress individual files on an NTFS partition
   CON2PRT  Connect or disconnect a Printer
   CONVERT  Convert a FAT drive to NTFS.
   COPY     Copy one or more files to another location•
   CSCcmd   Client-side caching (Offline Files)
   CSVDE    Import or Export Active Directory data 
d
   DATE     Display or set the date•
   DEFRAG   Defragment hard drive
   DEL      Delete one or more files•
   DELPROF  Delete NT user profiles
   DELTREE  Delete a folder and all subfolders
   DevCon   Device Manager Command Line Utility 
   DIR      Display a list of files and folders•
   DIRUSE   Display disk usage
   DISKCOMP Compare the contents of two floppy disks
   DISKCOPY Copy the contents of one floppy disk to another
   DISKPART Disk Administration
   DNSSTAT  DNS Statistics
   DOSKEY   Edit command line, recall commands, and create macros
   DSACLs   Active Directory ACLs
   DSAdd    Add items to active directory (user group computer) 
   DSGet    View items in active directory (user group computer)
   DSQuery  Search for items in active directory (user group computer)
   DSMod    Modify items in active directory (user group computer)
   DSMove   Move an Active directory Object
   DSRM     Remove items from Active Directory
e
   ECHO     Display message on screen•
   ENDLOCAL End localisation of environment changes in a batch file•
   ERASE    Delete one or more files•
   EVENTCREATE Add a message to the Windows event log
   EXIT     Quit the current script/routine and set an errorlevel•
   EXPAND   Uncompress files
   EXTRACT  Uncompress CAB files
f
   FC       Compare two files
   FIND     Search for a text string in a file
   FINDSTR  Search for strings in files
   FOR /F   Loop command: against a set of files•
   FOR /F   Loop command: against the results of another command•
   FOR      Loop command: all options Files, Directory, List•
   FORFILES Batch process multiple files
   FORMAT   Format a disk
   FREEDISK Check free disk space (in bytes)
   FSUTIL   File and Volume utilities
   FTP      File Transfer Protocol
   FTYPE    Display or modify file types used in file extension associations•
g
   GLOBAL   Display membership of global groups
   GOTO     Direct a batch program to jump to a labelled line•
   GPUPDATE Update Group Policy settings
h
   HELP     Online Help
i
   iCACLS   Change file and folder permissions
   IF       Conditionally perform a command•
   IFMEMBER Is the current user in an NT Workgroup
   IPCONFIG Configure IP
k
   KILL     Remove a program from memory
l
   LABEL    Edit a disk label
   LOCAL    Display membership of local groups
   LOGEVENT Write text to the NT event viewer
   LOGMAN   Manage Performance Monitor
   LOGOFF   Log a user off
   LOGTIME  Log the date and time in a file
m
   MAPISEND Send email from the command line
   MBSAcli  Baseline Security Analyzer. 
   MEM      Display memory usage
   MD       Create new folders•
   MKLINK   Create a symbolic link (linkd)
   MODE     Configure a system device
   MORE     Display output, one screen at a time
   MOUNTVOL Manage a volume mount point
   MOVE     Move files from one folder to another•
   MOVEUSER Move a user from one domain to another
   MSG      Send a message
   MSIEXEC  Microsoft Windows Installer
   MSINFO   Windows NT diagnostics
   MSTSC    Terminal Server Connection (Remote Desktop Protocol)
   MUNGE    Find and Replace text within file(s)
   MV       Copy in-use files
n
   NET      Manage network resources
   NETDOM   Domain Manager
   NETSH    Configure Network Interfaces, Windows Firewall & Remote access
   NETSVC   Command-line Service Controller
   NBTSTAT  Display networking statistics (NetBIOS over TCP/IP)
   NETSTAT  Display networking statistics (TCP/IP)
   NOW      Display the current Date and Time 
   NSLOOKUP Name server lookup
   NTBACKUP Backup folders to tape
   NTRIGHTS Edit user account rights
o
   OPENFILES Query or display open files
p
   PATH     Display or set a search path for executable files•
   PATHPING Trace route plus network latency and packet loss
   PAUSE    Suspend processing of a batch file and display a message•
   PERMS    Show permissions for a user
   PERFMON  Performance Monitor
   PING     Test a network connection
   POPD     Restore the previous value of the current directory saved by PUSHD•
   PORTQRY  Display the status of ports and services
   POWERCFG Configure power settings
   PRINT    Print a text file
   PRINTBRM Print queue Backup/Recovery
   PRNCNFG  Display, configure or rename a printer
   PRNMNGR  Add, delete, list printers set the default printer
   PROMPT   Change the command prompt•
   PsExec     Execute process remotely
   PsFile     Show files opened remotely
   PsGetSid   Display the SID of a computer or a user
   PsInfo     List information about a system
   PsKill     Kill processes by name or process ID
   PsList     List detailed information about processes
   PsLoggedOn Who's logged on (locally or via resource sharing)
   PsLogList  Event log records
   PsPasswd   Change account password
   PsService  View and control services
   PsShutdown Shutdown or reboot a computer
   PsSuspend  Suspend processes
   PUSHD    Save and then change the current directory•
q
   QGREP    Search file(s) for lines that match a given pattern.
r
   RASDIAL  Manage RAS connections
   RASPHONE Manage RAS connections
   RECOVER  Recover a damaged file from a defective disk.
   REG      Registry: Read, Set, Export, Delete keys and values
   REGEDIT  Import or export registry settings
   REGSVR32 Register or unregister a DLL
   REGINI   Change Registry Permissions
   REM      Record comments (remarks) in a batch file•
   REN      Rename a file or files•
   REPLACE  Replace or update one file with another
   RD       Delete folder(s)•
   RMTSHARE Share a folder or a printer
   ROBOCOPY Robust File and Folder Copy
   ROUTE    Manipulate network routing tables
   RUNAS    Execute a program under a different user account
   RUNDLL32 Run a DLL command (add/remove print connections)
s
   SC       Service Control
   SCHTASKS Schedule a command to run at a specific time
   SCLIST   Display NT Services
   SET      Display, set, or remove environment variables•
   SETLOCAL Control the visibility of environment variables•
   SETX     Set environment variables permanently
   SFC      System File Checker 
   SHARE    List or edit a file share or print share
   SHIFT    Shift the position of replaceable parameters in a batch file•
   SHORTCUT Create a windows shortcut (.LNK file)
   SHOWGRPS List the NT Workgroups a user has joined
   SHOWMBRS List the Users who are members of a Workgroup
   SHUTDOWN Shutdown the computer
   SLEEP    Wait for x seconds
   SLMGR    Software Licensing Management (Vista/2008)
   SOON     Schedule a command to run in the near future
   SORT     Sort input
   START    Start a program or command in a separate window•
   SU       Switch User
   SUBINACL Edit file and folder Permissions, Ownership and Domain
   SUBST    Associate a path with a drive letter
   SYSTEMINFO List system configuration
t
   TASKLIST List running applications and services
   TASKKILL Remove a running process from memory
   TIME     Display or set the system time•
   TIMEOUT  Delay processing of a batch file
   TITLE    Set the window title for a CMD.EXE session•
   TLIST    Task list with full path
   TOUCH    Change file timestamps    
   TRACERT  Trace route to a remote host
   TREE     Graphical display of folder structure
   TYPE     Display the contents of a text file•
   TypePerf Write performance data to a log file
u
   USRSTAT  List domain usernames and last login
v
   VER      Display version information•
   VERIFY   Verify that files have been saved•
   VOL      Display a disk label•
w
   WHERE    Locate and display files in a directory tree
   WHOAMI   Output the current UserName and domain
   WINDIFF  Compare the contents of two files or sets of files
   WINMSD   Windows system diagnostics
   WINMSDP  Windows system diagnostics II
   WINRM    Windows Remote Management
   WINRS    Windows Remote Shell
   WMIC     WMI Commands
x
   XCACLS   Change file and folder permissions
   XCOPY    Copy files and folders
   ::       Comment / Remark•
Courtesy:- www.ss64.com/nt











Saturday, September 11, 2010

        | 
Leave a comment





























Newer Posts »
      



      « Older Posts