Tuesday, May 16, 2017

WannaCry Ransomware

 Wanna Cry Virus

   These days, online privacy is not to keep observing the people what they did or steal their personal information. Today they lock all kinds of devices as computers/ laptops/ phones and tablets and request from the victim to pay 300$ to solve the problem by using Wanna Cry Virus. Wanna Cry Virus is the most malicious virus category and is believed to have originated in Russia. The very first examples of such viruses are known to have appeared at the end of the 20th century.

There are two type of Wanna Cry requesting Program:

File-locking-up: Wanna Cry Virus belongs to that is expert at encrypting some files from drives
screen-locking: whose members are only able to target the screens of all kinds of devices as computers/ laptops/ phones and tablets; and block them, demanding your money for making them accessible.


What you have to do is to make an effort to BACK UP all your important files as often as you can until doing so becomes a habit.

Monday, May 15, 2017

How To Avoid Being Tricked By Phishing

Actually phishing trick is very dependent on prudence and vigilance of the target. Phishing website is very easy to know if we have enough knowledge and always being extra careful when clicking any link. 


One basic thing to avoid being tricked by phishing is:

Observe the url address or the destination site. Make sure it is the correct link, it is existed or not. Sometimes you can search for the website review at search engine if you are trying to log in into new website. 

For example, in our previous post about Web Phishing - Recognize and Understand we can see the photo of facebook login page but the link is actually different. You can see the url is the IP address, and the domain that hacker use is 'fucabook.com' which is similar with 'facebook.com' that is the original interface for the website. 

The similar domain always being used by the hackers to trap the target.

Phishing link is typically found in social media chats or post, or false information spread by using photo of porn, lure the victims to clicking. Therefore, we should look where the link will be directed. 

One of my favourite browser is Google Chrome because when you hover your cursor on the link, it will appear the address location url at the bottom left. So you can check wether the link are true or it actually a hyperlink that directed to another fake website or advertisement that can bring harm to you.

The point is, you should be extra careful when you clicking any link in the Internet. When you have found a phishing site, you can report it to Google so that the site will be blocked.

Information Technology Act 2000

Web Phishing activities mostly cause criminal activities by deceiving the victims and pretending to be some other sites. This is done to get the personal informations of the victim which is then to be misused and cause problem to the victim. The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity:

  • Section 66: The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.
  • Section 66A: The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000.
  • Section 66C: In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.
  • Section 66D: The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D too is attracted.

Reference :Aarora, N. (March 14, 2011). Phishing Scams in India and Legal Provisions. Retrieved from http://www.neerajaarora.com/phishing-scams-in-india-and-legal-provisions/

Thursday, May 11, 2017

Web Phising - Recognize and Understanding

Understanding Phishing

The term phising come from the English word fishing (literally means the activity of catching fish), but in this case the intention is fishing the password informations. Phishing is a method used by hackers to steal paswords by tricking a target by using a fake login form on a fake website that resembles the original site.

In some cases, the fake site is not too similar due interface update from the original website. But, if the target are less cautions and had no experiences of the phishing methods, they can be trapped. A good hacker could make the fake website looks really similar to the original one and they words to trap their target looks really convincing.


How Phishing Works


To avoid phishing, first we need to know how it works:

01. The hackers would give us the fake links that seems similar to the original website. For example link to Facebook, which is faceb00k.com (fake) instead of facebook.com (original). This links can be spread to us by many ways. It can be through emails, social media, interesting images and also by persuasions on others. 

02. After clicking, we will be directed to a fake website such as Facebook login form with words and interface that convinced that we have logout from our account and ask us to re-enter our username and password to log in. We hardly think it is weird and realize it is a clone website and would fill the username and password without any suspicion.

03. Anything we type into that form will be stored on the hacker's server. They can see what we fill in the username and password. This is how they get access to our account.

04. Next, our account will be taken over. The hackers may use our account to spread the url phishing to the next victim and also can much more worst damage by using our account.

Hacking the passwords with phishing method is one of the simplest practice, and that is why we can found a lot of referrred links that will direct us to the web phishing or the fake web. 

It is really easy as setting a blog. Not just that, by creating an artificial name or site that does not exactly match also can achieve the phishing ac as long as it can convince the target. It can be the phishing site with insignificant rewards such as "how to get free gems for Clash of Clans" and first they need to do is to put their username and password. This is how the target can easily trapped by 'blinding' them with the fake rewards.


Tuesday, May 9, 2017

Why Care About Internet Privacy?


Whenever and wherever you browse the Internet, the history of the browsers are collecting information about you and they will use it for their businesses. After getting your information they use it to display relevant ads, to sell you products you might be interested in. If you're okay with companies collecting your imformation, that' fine. If you're not, they are steps you can take to lessen the risk. 

The first step is people should understand the transaction of what they make and they get. When the people open or download such as free files, sharing, blog, websites, new friends music or something shiny and new that's free. Also when you sign up for new account at whatever services are, read the terms of it at least.

The second you should be careful of the terms of service thay you upload because the terms of service is all uploaded content become our property to be use. For example, upload photo in your account it became owned by the company they can used even it it's your family photo.

If Twitter and Facebook and other companies knowing things about you, than it's ok. If not they will control you by a number of browser extension like disconnect and Hosiery.

All these browser extension give you control over whether or not the sites that you visit collect information abou you and send them to other related companies.

Monday, May 8, 2017

Internet Privacy - Who is Watching You?


 Rather you know or not,who is watching you .You slit not sure of what's going on later ,so you must be careful of what your posting sending and other things.




Thursday, May 4, 2017

Personal For Sale

Every time you click the website to another one, once you click the link to go to the next page that information , somebody are looking and collecting the information  about you. That kind of information that you may think is meaningless is the steam that powers a lot of companies.So, if I don’t want my personal information be used by other people to make tons of money.


Friday, April 28, 2017

Privacy and smartphone apps: What data your phone may be giving away (CBC Marketplace)


2 Factor Authentication To Protect Yourself  

By  using that  best  steps you can stop attacking from getting into your accounts with  Google,  Facebook, Twitter and other services is to setup two-factor authentication. Each time you attempt to log in to an account protected by two-factor authentication from a new phone or computer, you'll be asked for the password you know, but also an additional, temporary password that you don't (that's the second factor).


Monday, April 24, 2017

Techniques of Web Pishing

There are several techniques used by the criminals to obtain the data they needed. Some of the techniques can be concluded as below:

1) Man-in-the-middle attacks

This kind of attacks involves the http and https communications. The customer confidently used a website which they thought as a real site, however the truth is, the customer is connected to the criminal server while the criminals than makes many connection to the real site. The criminal server then represent the real application server and communicate with the customer in real time.

2)  URL confusion

This technique is used by making a slight changes to the real url. They will then tricks the user to follow a hyperlink (URL) to the criminal’s server.

3) Pharming

Pharming is used by the criminals to redirect web users from legitimate commercial web sites to malicious sites, which can then be used to elicit information of the users.


The video below will explain more about how the criminals comitting the crime:
Url: https://www.youtube.com/watch?v=_3hK0PuSkhw


Friday, April 21, 2017

Internet Privacy


It is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large scale computer sharing. Include the right of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via of the Internet and personally identifying information (PII) or non-PII information such as a site visitor's behavior on a website. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.


Levels of Internet privacy:

  1. Internet privacy is primarily of concerned with protecting user information.
  2. Internet and companies would need to abide by new rules to protect individual's privacy.
  3. The internet and mobile networks are a dailying concern for users.
  4. Internet users may protect their privacy through controlled disclosure of personal information.
  5. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously.
  6. Use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user.
  7. In order to keep their information private, people need to be careful with what they submit to and look at online.
  8. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, some companies are now sending Internet users spam and advertising on similar products.
  9. Posting things on the Internet can be harmful or in danger of malicious attack.
  10. Some information posted on the Internet is permanent, depending on the terms of service, and privacy policies of particular services offered online.
  11. This can include comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter.



Wednesday, April 19, 2017

Risk of Internet Sources


The most risks of the Internet privacy come from:

  •      HTTP cookies
  •      Privacy issues of social networking sites
  •      Internet service providers
  •      HTML 5
  •      Big Data
  •      Flash cookies
  •      Every cookies (Anti-fraud , Advertising)
  •      Criticism (Device ,Canvas fingerprinting)
  •       Analysis and Predator Tracking
  •       Photographs on the Internet  (Google Street View)
  •       Search engines (focused search engines/browsers)
  •       Reduction of risks to Internet privacy