Monday 26 September 2016

Password Hacking Techniques

Web development companies

There are number of methods used by hackers to hack your account or get your personal information like password. Password hacking is very common nowadays. So Web development companies should implement countermeasures of password hacking. The most common password hacking tricks and their countermeasures are as follow:

Brute force attack: 
  • Brute-force attack is used to crack any password. 
  • Brute-force attacks try every possible combination of digits, alphabets and special characters until the correct password is match.
  • Brute-force attacks can take very long time depending upon the complexity of the password. 
  • Countermeasures:
    •  Use long and complex passwords.
    •  Try to use combination of upper and lowercase letters along with numbers.

Social Engineering:
  • It is process of manipulating someone to trust you and get information from him/her. 
  • Let’s take an example. If the hacker was trying to get the password of his co-workers’ computer, he might call them pretending to be from the IT department and simply ask for their login details. 
  • It can be used to hack password, bank credentials or any personal information.
  • Countermeasures:
    • Never ever give your credit card details on phone.
    • If someone tries to get your personal or bank details ask them few questions.

Rats and Key loggers:
  • Key logger is sent to the victim’s computer to crack a password.
  • Now hacker keeps monitoring everything victim does on his computer including password by key loggers.
  • So it is major concern for software development companies.
  • Countermeasures:
    • Never login to your personal user account from someone else or cyber cafe computer.
    • Use latest anti-virus software and keep them updated.

Phishing:
  • This attack is used by hackers to get someone account details like username and password.
  • In this attack, hacker sends fake page of real website like Facebook, Gmail to victim. When someone login through that fake page, his details is sent to the hacker. 
  • Countermeasures:
    • Always make sure that websites URL is correct.
    • For example, you should check whether it is gmail.com or phishing page gmmail.com.

Rainbow Table:
  • Rainbow table is a big pre-computed list of hashes for every possible combination of characters.
  • A password hash is a list of passwords that have gone through a mathematical algorithm and are transformed into something which is not recognizable. 
  • A hash is a nothing but an encryption so when a password is hashed it cannot get back to the original string from the hashed string.
  • Countermeasures:
    • Make sure the password chosen is long and complex. 
    • Creating tables for long and complex password takes a very long time and a lot of resources.

Guessing:
  • This can easily help attacker to get someone’s password within seconds.
  • If hacker knows you, he can use your personal information he knows about you to guess your password. 
  • Countermeasures:
    • Don't use your first name, nickname, mobile number or birthdate as your password. 
    • Create complex and long password with combination of letters and numbers.

Dictionary Attack:
  • A file of words is run against user accounts, and if the password is a simple word, it can be found pretty quickly.
  • Countermeasures:
    • Use long and complex passwords. 
    • Try to use combination of upper and lowercase letters along with numbers.

Conclusion:
This article is for everyone including web development companies in India to protect their personal information like username, password. Countermeasures suggested above should be implemented.

Monday 12 September 2016

Frauds in Online Payment Systems

custom application development companies

Nowadays, everything is online. Online shopping, online money transfers and online banking help in saving a lot of time and making our lives easier. These facilities are provided by software development companies in  India by developing online payment system software. However, these same technologies also make life easier for cyber criminals by offering them short and quick ways to steal users’ money. 

Using stolen payment data is an effective and popular way of making a quick profit. Hacking a bank is more time-consuming and expensive and the risk of being caught is higher. By contrast, many individuals use computers with different vulnerabilities, which can be compromised easily. By stealing a comparatively lesser amount from each hacked online banking account, a cyber criminal has a good chance of going undetected. 

Frauds are classified as follows:

  • Online frauds
  • Offline frauds
Online frauds occur when fraudster owns legitimate company to get sensitive personal information and illegally conduct transactions in the existing accounts. Phishing and spoofing are types of online frauds. Online frauds occur when fraudster steals sensitive information of customers such as bank account number, credit card number or other identification and uses it to open new account or performs transaction in the customer/company's name. There are many types of e-frauds in online payment systems and they can occur in following ways:

Account Hacking:

  1. Hacking includes gaining illegal entry into a person computer system during online payment. Fraudster use compromised customer credentials to hack the origination system and misuse it in the legal account holder's name.

Identity Theft:

  1. Identity theft refers to crime in which fraudster illegally gets and uses another individual's personal information in such a way that involves fraud to gain something of value during online transaction.

Phishing:

  1. Phishing is a well-known technique for obtaining confidential sensitive personal information from any customer by posing as a trusted authoring. It is an attack by fraudster to "fish‟ for your baking details through emails having attachment files or hyperlinks to different websites. This e-mail creates a fake image to be sent from legitimate organization to cheat people in order to disclose sensitive information.
  2. On clicking any attachment or the hyperlink residing in e-mail ,the computer system get infected with malware. Now when next online transaction takes place, the malware will activate and steal private and personal financial information which includes credit card numbers, PIN number which is used by fraudster to steal money from the account.

Spoofing:

  1. This attack is about creating a fake or duplicate website for criminal use. The fraudsters  are having fake companies name, logos, graphics and even code. This often takes form of  trade sites where in people would innocently providing personal information to criminals or purchase of a fake product that actually does not exist.

Check frauds:

  1. Check frauds are a major threat to financial security. Electronic check frauds can be easily taken place; the fraudster uses printer, desktop phishing software and scanner. The most common forms of check fraud include altering check, forging endorsement, counterfeiting checks and creating remote checks.

Nigerian advance free fraud:

  1. This e-fraud is the most popular and lucrative fraud. Fraudsters often arrive with bulk mailing or family member email of asking the recipients to enter into business and getting money transferred with huge commission in return. 
  2. Once the contact is established the fraudsters request money in advance which need opening of an account in the bank or paying some fee which leads to troubles and expenses.

Lottery frauds:

  1. One will receive scam emails informing of winning a substantial amount of money in a lottery draw. When the receiver reply's, the sender then asks for bank account details and other personal information so they can transfer the money. These emails are fake and may ask to pay a handling fee that will lead to loss of money and your personal information which may be used in other fraud.

Conclusion:

E-frauds are taking place in online payment systems. So it is becoming a danger for software development companies in India as online payment systems are developed by these companies. There should be encryption algorithms implemented to reduce these e-frauds.