Web Hosting Security

  Home arrow Web Hosting Security arrow Page 2 - Protecting Yourself Online
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Protecting Yourself Online
By: Barzan 'Tony' Antal
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 8
    2009-09-23

    Table of Contents:
  • Protecting Yourself Online
  • Dangers Lurking
  • Protecting Yourself
  • Don't Freak Out!

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Protecting Yourself Online - Dangers Lurking


    (Page 2 of 4 )

    First of all, let's begin with your passwords. Everyone and their dog are nowadays registered to various forums, from gardening to your Cocker Spaniel dog forum, and much more. We also tend to have email addresses (most people have more than one) and various other accounts to online shops as well, from Amazon to eBay and dozens of other less well known shops. 

    The major problem starts when we do not think of our own personal computer or laptop as a public computer and, therefore, enable the "password remembering" functions of our favorite browser. This, in and of itself, is awesome-automatically completing lots of fields, and letting you log in without scratching your head to remember your passwords. All right, but here's the deal: those passwords are stored somewhere.

    Indeed, they are hashed and encrypted most of the time, but that does not help us at all. The hashing algorithms of today's browsers are all well known. And then comes the fact that most people use the same password for all of their accounts, or at least a combination of the same password (like adding a few digits at the end, for example). This basically means the attacker can get into not just one account, but all of them.

    All right, so earlier we mentioned that once you let your favorite browser remember the passwords for you, they are stored and hashed. This means that the browser is able to retrieve (and decrypt) those passwords when required, right? The not-so-surprising fact of the IT world is that it's not only the browsers themselves that are able to do this. Anyone can write applications that do this. It's child's play for coders.

    The entire ugly picture looks like this: the attacker writes a tool (or uses one of the popular ones; unfortunately, there are plenty) that is able to retrieve all of the stored passwords of every popular browser, then binds this tool into some other application (generally, an executable). Then he or she tries to convince you to download and run the file. Once executed, the original application is backdoored, meaning the tool does its job in the shadows. Once it's done, it sends the passwords to the attacker.

    As seen above, this is one of the most common passwords stealing techniques from the underbelly of the Internet. The funny part is that users almost always fall into these traps. With time, these tools are going to be recognized by antivirus engines. However, these "bad guys" are using encryption and binders that allow them to earn 100% FUD (non-detectable) files for a certain period of time.

    The moral of the story is: do not use the password remember features. Use strong passwords and, if possible, please do yourself a favor and use totally different passwords on your financial-related accounts such as eBay, Amazon, PayPal, MoneyBookers, you name it. If you don't enable password storing, then even if you fall into a malicious trap like the one described above, the attacker will receive an empty file!

    Moreover, always double check the kind of files you are executing. There are lots of backdoored files that serve underground purposes, and the people launching them receive much more than they ask for. It's not uncommon to hear of WAREZ (you do know what these are, right?) files being backdoored with nasty stuff. The "keygen" will work, yes; but without of your knowledge it also sends your passwords.

    On the next page we'll continue discussing our preventive measures and see what we can do.

    More Web Hosting Security Articles
    More By Barzan 'Tony' Antal

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap