How to secure your system from Keyloggers | AMANAHAD Tech

Now a days keylogger is major problem for all.  So we should learn to secure our computer from keylogger.    This article will help for ethical hackers or who want to protect their pc.


What is Keylogger?


Keylogger is one of spyware which will what type you through the keyboard and send it to hacker who send the keylogger. Hackers mainly use keyloggers to steal your passwords, credit card numbers and other confidential data.  So whenever you type the username and password in gmail,online banking sites, it will send the username and password to hacker. 







How to Protect?



In order to provide security for your system,you must have


Good AntiVirus:
This is basic and best step to protect your system from keylogger.  So buy a licensed and best antivirus which is currently in market.  My suggestion is Kaspersky, Norton or Mcafee.  Don't forget to update regularly.
Note: Don't use trial or cracked pack ,it is worthless to use.

Good Spyware:
Since keyloggers are basically spywares, if you are a frequent user of Internet then you could be exposed to thousands of keyloggers and spywares. So you should use a good antispyware such as NoAdware.




Antilogger can be Handy

Antiloggers are programs that detect the presence of keyloggers on a given computer. Zemana Antilogger is the best antilogger.

Online Scanning

When ever you receive a suspicious file, you scan it with online scanners such as Multi engine antivirus scanner which scans your file with 24 antivirus engines and reports it back to you if the file is recognized as a virus or spyware. This ensures that none of the malicious programs can escape from being detected as there are 24 different antivirus engines are involved in the scanning process.

Keyscrambler

Keyscrambler is one of the best protection against keyloggers that you can have, Keyscrambler is a small program which encrypts your typed keystrokes so even if the victim has installed a keylogger on your system, he or she will get encrypted keys. Keyscrambler currently supports Firefox, Internet explorer and other applications, however its premium version supports more than 160 applications 

by Triple A A-@-A

Publisher: Unknown - 13:26

Hacking Tutorials For Beginners | AMANAHAD Tech

Hacking Tutorials For Beginners

Hi, are you searching for hacking tutorials?! You have come to right place.  I've listed the posts that helpful for beginners to understand the Ethical hacking.

Before reading these tutorials, make you sure that you have good knowledge in computer and internet related topics.

Hacking Tutorials For Beginners
Read the Discliamer
Introduction to Hacking
How to become Ethical Hacker?
Introduction to Social Engineering
What is Malicious Softwares?
Top 10 Command Promts commands
Different Types of Email Hacking
How to See saved Passwords in Mozilla?
How to Access blocked websites in college or school?
How To Compile C program?
What is Port Scanner?
What is Database?What is SQL injection?
Introduction To Batch Programming
Hacking gmail
Hacking facebook

Security Tips
What is FireWall?
How to secure from Keyloggers
Protect your Email
Avoid Adware
Important facts about Security
What are Symptomps for inected system?
How to use Windows Firewall
Secure Online Shopping
Spyware and Preventions
What you should if you suspect your system is infected
What is password?How it should be?
Simple trick provided by gmail to know whether your system is hacked or not

I didn't list all topics here. Please visit the main Page for latest posts.

by Triple A A-@-A

Publisher: Unknown - 13:23

A simple trick provided by gmail to know whether your gmail hacked or not | AMANAHAD Tech

Hi friends, today i am going to give small information about Gmail. I do not know whether you know this or not. But it's my service to provide you the hacking and security details. Have you ever see the bottom of the gmail page? Hey wait, after reading this article go and visit. Now go ahead.



You can see in the bottom of gmail like this:

Gmail Bottom screen shot(for security reason striked the ip address)

 It will show the last activity.  So you can come to know from which ip you login last time.  If you click the Details link.  It will show the detailed of session.  It will show List of Ip address you login.  Using this Detail you can come to know whether any other using your gmail ID or not.

If you suppose that find any other using your gmail or you are login any other system, Click the " Sign out all other Session".  This will sign out all other session from other computers.  Then change your password if you want.

by Triple A A-@-A

Publisher: Unknown - 13:22

What is Your Password ? How the Password should be? | AMANAHAD Tech

What is your password ? is your password like 123456, 98654, billgates,yourname,lovername,iloveyou,thankyou?  Then you will definitely  loose your account soon.  The hackers can easily hack your account with much effort.


Your password should be :

• Above 10 letters
• Both uppercase and lowercase letters
• Should use special characters like '&'.
• Should contain Numbers
• Should not Use any names of your lover ,mother,father,etc.
• Should not be usual words like iloveyou,ihateyou,ihateu.
• Should not be your birthday like oct2010.

Consider this tips when you create a password. Secure your password.

by Triple A A-@-A

Publisher: Unknown - 13:21

What should you do if you suspect your system is infected? | AMANAHAD Tech

• Stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information.
• Confirm that your security software is active and current. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall.
• Once your security software is up-to-date, run it to scan your computer for viruses and spyware, deleting anything the program identifies as a problem.
• If you suspect your computer is still infected, you may want to run a second anti-virus or anti-spyware program – or call in professional help
• .Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.

Prevention

• Don't click on a link in an email or open an attachment unless you know who sent it and what it is.Links in email can send you to sites that automatically download malware to your machine. Opening attachments – even those that appear to come from a friend or co-worker – also can install malware on your computer.
• Download and install software only from websites you know and trust.Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
• Talk about safe computing.Tell your kids that some online activity can put a computer at risk: clicking on pop-ups, downloading "free" games or programs, or posting personal information.
• Finally, monitor your computer for unusual behavior. If you suspect your machine has been exposed to malware, take action immediately. Report problems with malware to your ISP so it can try to prevent similar problems and alert other subscribers, as well as to theFTC.

by Triple A A-@-A

Publisher: Unknown - 13:19

What is spyware ? How it comes to your pc? Prevent it | AMANAHAD Tech

Often you can heard a word spyware. Is it important to know about spyware ? Yes!
We are in advanced technology world. Day by day the technology is developing. At the same time crime is also increasing. One of the crime is spyware method.

Spyware:

Spywareis software that resides on a computer and sends information to its creator. That information may include surfing habits, system details or, in its most dangerous form, passwords and login information for critical applications such as online banking. Many spyware programs are more annoying than dangerous, serving up pop-up ads or gathering e-mail addresses for use inspamcampaigns. Even those programs, however, can cost you valuable time and computing resources.
According to a number of sources, the first use of the term spyware occurred in a 1994 posting that made light of Microsoft's business model. Later, the term was used to describe devices used for spying, such as small cameras and microphones. In 2000, a press release from security software provider Zone Labs used the current meaning of spyware for the first time and it's been used that way ever since.

How it comes to ur pc

Often, spyware comes along with a free software application, such as a game or a supposed productivity booster. Once it's downloaded to your computer, the functional element of the software works exactly as promised, while the information-gathering system sets up shop behind the scenes and begins feeding your personal data back to headquarters.



Internet security

The Best way to avoid and remove spywares is installing a best internet security software or spyware remover softwares. Get a original internet security and update it properly. Scan daily your pc using internet security while scanning you better to avoid doing other things in your pc. My advice is use KASPERSKY INTERNET SECURITYfor better security.

other than internet security, you prevent your system from getting infect. Becareful when you download files from websites and mail.

by Triple A A-@-A

Publisher: Unknown - 13:17

How to Make your online shopping secure? | AMANAHAD Tech

Shopping online does carry some risk, but so does shopping at brick-and-mortar stores. At least online shoppers don't need to worry about fender-benders in the parking lot, pick pockets at the mall, or getting the flu from all those fellow shoppers.But the nice thing about shopping online is that by following some basic guidelines you can be reasonably sure you'll have a safe experience.


Secure your PC:

The first thing you need to do is be sure your computer is secure. Trend Micro's education director David Perry, says that "bad guys these days are operating by planting a keylogger on your system that listens in, surreptitiously waiting for you to use your credit card or your bank password so that they can steal your money." So, even if you're dealing with a legitimate merchant, you're at risk if your computer is infected. Your best protection from these attacks is to keep your operating system and browsers updated and use a good and up-to-date security program. If you're getting or giving a Netbook or other PC for the holidays, make sure that security software is installed right away. Most security companies offer a free-trial version that will tide you over for a month or so, but be sure to subscribe so you get ongoing protection.


Click with care:
You're going to be getting a lot of offers via e-mail this holiday season. While they might be legitimate, there is the possibility of some offers coming from criminals trying to trick you into giving your password to a rogue site or visiting a site that can put malicious software on your computer. Your best protection is to not click on any links--even if the message looks legitimate--but to type in the merchant's URL manually.

Know the Merchant:

If you're not familiar with the merchant, do a little research like typing its name (and perhaps the word "scam") into a search engine to see if there are any reports of scams. Look for user reviews on sites likeEopinions.com. Look for seller ratings if you locate the merchant through a shopping search engine likeGoogle Shopping.

Pay by credit card:

Credit cards offer you an extra level of protection including the right to "charge back" if you feel you're a victim of fraud. The credit company will investigate your claim and permanently remove the charge if fraud can be proven.

Know the Real price:

Be sure you understand the actual cost of the item, including shipping, handling, and sales tax. That can have an enormous impact on the final price.
Read Policy
The policy, according to the American Bar Association'sSafeshopping.org, should disclose "what information the seller is gathering about you, how the seller will use this information; and whether and how you can "opt out" of these practices."

by Triple A A-@-A

Publisher: Unknown - 13:16

How to use Windows Firewall? | AMANAHAD Tech

Windows Firewall, previously known as Internet Connection Firewall or ICF, is a protective boundary that monitors and restricts information that travels between your computer and a network or the Internet. This provides a line of defense against someone who might try to access your computer from outside the Windows Firewall without your permission.
If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. However, some computer manufacturers and network administrators might turn it off.

To open Windows Firewall

1.Click Start and then click Control Panel.
2.In the control panel, click Windows Security Center.
3.Click Windows Firewall.


Note You do not have to use Windows Firewall—you can install and run any firewall that you choose. Evaluate the features of other firewalls and then decide which firewall best meets your needs. If you choose to install and run another firewall, turn off Windows Firewall.

How Windows Firewall Works

When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. You should see a window like the one below.



What Windows Firewall Does and Does Not Do

It does	It doesn't
Help block computer viruses and worms from reaching your computer.	Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install antivirus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others.
Ask for your permission to block or unblock certain connection requests.	Stop you from opening e-mail with dangerous attachments. Don't open e-mail attachments from senders that you don't know. Even if you know and trust the source of the e-mail you should still be cautious. If someone you know sends you an e-mail attachment, look at the subject line carefully before opening it. If the subject line is gibberish or does not make any sense to you, check with the sender before opening it.
Create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer. This can be useful as a troubleshooting tool.	Block spam or unsolicited e-mail from appearing in your inbox. However, some e-mail programs can help you do this.

To know about Firewall more read this

by Triple A A-@-A

Publisher: Unknown - 13:15

What is Firewall -Introduction to Firewalls | AMANAHAD Tech

Introduction to firewalls
   When you use internet in your college/school/offfice , You may not be access some websites, right? Do you know how they block those websites? They use firewalls for block websites. Firewall prevent the system from hackers attack. Lets us what is firewall.

What is Firewall?
     Firewall is working like a security guard standing outside the office. Usually, What the security guard do? He will allow those who has identity card and block those who has not the identity card. Right? Likewise, The firewall will block unauthorized access to the system.
Firewall may be a software or hardware. It will work based on the set of rules defined by the administrator. Using Firewall administrator can block certain website from being accessed.

• All traffic from inside and outside of the network must pass through the firewall.
• Only authorized trafic will be allowed to pass (based on the set of rules)

Types of Fire Walls

•  Packet Filtering
•  Appliction level gate way
•  Circuit level gate way.

Packet Filtering (Network Layer)
A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packets. Router is configured such that it can filter incoming and outgoing packets. The packets will filtered based on the source and destination IP address.
IP spoofing attack is possible in this packet filtering. IP spoofing can be achieved by changing the source IP address of packets.
Stateful Inspection Firewalls
A stateful inspection packet filters tightens the rules of TCP traffic by creating a state table of out bound TCP connection. If the packet matches with existing connection based on the state table, it will be allowed. If it does not match, It will be evaluted according to the rule set for new connections.


Aplictaion Level Gateway
Application level gateway is also known as proxy server. The user communicate with the gateway using application layer of TCP/IP stack. The gateway asks the user for the name of the remote host to be connected. When the user enters valid user ID, gateway will give access to the remote application. This will block the malicious activity and correct the application behavior. This will ensure the safety of company.
More secure than packet filtering. Easy to log and audit all incoming traffic at the application level. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address

Circuit Level Gateway
The circuit level gateway works at session layer of OSI model. Monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on the session rules. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. This firewall is used when the administrator trusts internal users.

Why Firewall?

•  Firewall block unauthorized users, prohibits vulnerable services from entering or leaving the network.
• Protection from IP spoofing and routing attacks.
•  Protection against Remote login, Trojan backdoors, Session hijacking, cookie stealing,etc.

Limitation of Firewalls

• The fiewall cannot protect against attacks that by pass the firewall.
• The firewall does not protect against internal threats
• The firewall cannot protect against the transfer of virus infected progams (or) files. It would be impossible for the firewall to scan all incoming files, emails for viruses.

by Triple A A-@-A

Publisher: Unknown - 13:13

Most Important things about security Who think they are 100 percentage secure | AMANAHAD Tech

"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards." - Gene Spafford

100 % secure

If you are thinking that you are 100 % percentage, then You may not know the real truth.  Let me explain you how you are not 100 percentage secured.

First of all know 1 thing , a man can not create a 100% secured system.  Whenever there is security,there is also pitfall for that system. 


Some Security DrawBacks :

• In internet Client-side security doesn’t work.
• You can’t exchange encryption keys without a shared piece of information.
• Viruses and trojans cannot be 100 percent protected against.
• Firewalls cannot protect you 100 percent from attack.
• Secret cryptographic algorithms are not secure.
• If a key isn’t required, you don’t have encryption; you have encoding.
• Passwords cannot be securely stored on the client unless there is another password to protect them.
• In order for a system to begin to be considered secure, it must undergo an independent security audit.
• Security through obscurity doesn’t work.
• People believe that something is more secure simply because it’s new.
• What can go wrong, will go wrong.
• There is no assurance your Antivirus will find new virus as soon as it is released.  It will attack before they find.
• Hackers always try to find the pitfalls of Security System. At any time your security can broken.
• May be some system(in this place i meant not only pc) look like 100 %secure until hackers know what is pitfall of the system

Do you think you are having 100% secure System?

  I am anticipating for your comments.

by Triple A A-@-A

Publisher: Unknown - 13:11

What are the symptomps to find whether your system is infected or not? | AMANAHAD Tech

5

• pc runs slower than usual.
• Stops responding
• computer crashes, and restarts every few minutes.
• Applications on the computer do not work correctly.
• Disks or disk drives are inaccessible.
• Can't print items correctly.
• Unusual error messages
• Distorted menus and dialog boxes.
• There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
• An antivirus program is disabled for no reason. Additionally, the antivirus program can't be restarted.
• An antivirus program can't be installed on the computer, or the antivirus program won't run.
• Strange Icons
• Strange sounds or music plays from the speakers unexpectedly.
• Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
• There is frequent modem activity. If you have an external modem, you may notice the lights blinking frequently when the modem is not being used. You may be unknowingly supplying pirated software
• Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files
• The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.

by Triple A A-@-A

Publisher: Unknown - 13:10

How to avoid getting Adware | AMANAHAD Tech

Adware, malware, spyware and viruses can bring your system to its knees. They are detrimental, lowering the performance of your computer. You might need to replace data. You might lose unique files. Keep the nasties away from your computer using these ten simple tips.


1. Use Firefox:
          Internet Explorer is the most popular browser on the market, controlling over 50% of the market share. The virus and adware creators specifically look for exploitable vulnerabilities within IE because they know that they will receive the best return on investment. Your switch to Firefox prevents some adware from infecting your machine.


2. Scan your PC once a week:
            Sometimes adware programmers take a sneaky approach. They will set up their programs to run quietly in the background to spy upon your activities. This once a week scan is necessary to remove any of those sneaky bugs.

3. Download from known sites:
            New sites for installing adware are popping up all the time. If you find something that you want to download, make sure that it is from a known site. A company like Amazon will not steer you wrong, but Bob’s House of Wares might be a little less trustable. If you are not sure whether you can trust a site, perform a quick search.

4. Install Adaware:
              Ad-Aware is the most popular free adware removal program on the market. It detects, quarantines and removes adware. It searches for other programs which may have been installed, highlighting them in an easy to use interface. This program does not have an anti-virus attached.

5. Do not click on unsolicited email:
            You are constantly receiving offers to increase this or improve that through unsolicited email. Your curiosity may be killing you, but don’t click on these emails. They accept your click as permission to install adware, spyware and malware on your PC.

6. Install Antivirus software:
             Installing two programs for virus and adware protection is a smart idea. It caters to the strengths of each program, increasing the overall strength of your antiadware and antiviral campaign. Some of the best antivirus software is free, providing real time protection.

7. Don’t install toolbars:
             Even some reputable sites install custom toolbars. They slow your system down and collect information about your surfing habits. While a toolbar might offer some perks, it may also diminish your experience by dragging your system to a halt. Toolbars from less reputable places install adware and sometimes infect your system outright.

8. Look at your task manager:
                If anything seems out of place with your computer, take a look at your task manager. This tells you about all of the programs and processes which are running on your computer. Examine the processes tab for anything which you don’t immediately recognize. Perform a web search for unfamiliar processes.

9. Do not click on popups:
                Clicking on a popup usually spells certain doom for your computer. It opens the door for the viruses and adware that want to infect your machine, telling these malicious applications to make themselves at home. Stay away from those constantly advertised screensavers and icons.

10. Trust your gut:
              If you don’t feel right about a site, don’t go there. If you are receiving warnings from the antivirus and antiadware programs which you’ve installed, don’t go there. If you don’t like the layout of a site, don’t go there. Trust your instincts about sites.



With proper vigilance, you can keep aggravating adware, spyware and malware from your machine. Trust your instincts. Install Ad-Aware and an antivirus program. Play it safe. The care you spend in preventing adware from infecting your machine can save money and time 

by Triple A A-@-A

Publisher: Unknown - 13:07

How to protect your email account from being hacked | AMANAHAD Tech

Protect Yourself

Now a days almost hackers are increasing in the level .  At any time your email account can be hacked, if you didn't aware about the security.  So you should know how to protect your mail account.

Most of them lost their email account because of not knowing the basic security things.   

Here i will explain you about  some of most online scams which fool people and make them lose their passwords and how to protect from therm.




1.Website Spoofing:

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

This sites are known as Phishing web page or fake page. The purpose of this web page is to steal your information,username,password. This page will look similar to original page . The url of page also will look similar to original site. But it is not right site. for eg: for gmail.com may be hacker create gmailwelcome.com which look like the gmail.com.

Solution:
✓ Never try to login/access your email account from the sites other than the original site.
✓  Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.
 ✓ Check the url whether it is correct or not.

2.Protecting from Keyloggers:
To know about keylogger and how to prevent the keylogger read this tutorial. 

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes? Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.

by Triple A A-@-A

Publisher: Unknown - 13:06

Think like a Hacker..! Defend Like a Ninja..! | AMANAHAD Tech

Unless you know how to hack, you can not defend yourself from hackers. Break The Security(BTS) provides Penetration Testing and Ethical Hacking tutorials.We guide users to get into the PenTesting and Ethical Hacking World.

What is Penetration Testing  ? 

Penetration Testing, also called as PenTesting, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access).

Why Penetration Testing?

• Pentetration testing can identify the vulnerabilities that is not identified by an automated vulnerability scanners.
• Determining the feasibility of a particular set of attack vectors
• Determining the Critical Vulerabilities .
• Assessing the magnitude of potential business and operational impacts of successful attacks
• Testing the ability of network defenders to successfully detect and respond to the attacks
• Testing stability of the system against the DDOS attack.

Refer this post for more details:

Introduction to PenTesting

BTS guides ethical hackers and Penetration testers to build their own PenTesting/Ethical Hacking Lab , to develop their skills in a safe environment and to learn exiting exploitation technique.

Discliamer:
The hacking related stuff on BreakTheSecurity is only for education purposes. The tutorial and Demo provided in BreakTheSecurity is for those who curious to learn PenTesting.

Any time the word  “Hacking” that is used on this site shall be regarded as Ethical Hacking.

BreakTheSecurity never promotes BlackHat Hacking. If you misuse the content, BTS is not responsible for your actions or anything as a result of your actions.

 Read the Cyber Laws in India .

BTS holds no reponsiblity for the contents found in the user comments since we do not monitor them. However we may remove any sensitive information present in the user comments upon request.

If you planned to use the content for illegal purpose, please leave this site immediately

by Triple A A-@-A

Publisher: Unknown - 12:49

What is Penetration Testing and Pen Testing Distribution? | AMANAHAD Tech

Penetration Testing(Pen Testing) is the act of evaluating the Security of system or network by exploiting vulnerabilities. This will determine whether unauthorized or malicious activity is possible in a system. Vulnerability uncovered through the Pen Testing will be presented to the system's owner.

Why Penetration Testing?

• Pentetration testing can identify the vulnerabilities that is not identified by an automated vulnerability scanners.
• Determining the feasibility of a particular set of attack vectors
• Determining the Critical Vulerabilities .
• Assessing the magnitude of potential business and operational impacts of successful attacks
• Testing the ability of network defenders to successfully detect and respond to the attacks
• Testing stability of the system against the DDOS attack.

White Box vs Black Box vs Grey Box Testing:
Penetration testing can be performed in different ways. The methods can be classified into three types based on the knowledge about the System being tested.

White Box:
In white box testing, Pen Tester know everything about the system such as source code,network diagrams, ip addressing info.

White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker(malicious insider) has access to source code, network layouts, and possibly even some passwords.

Black Box:
Pen Tester test the system without prior knowledge about the system. This method is also known as Blind Testing . Black box testing simulates an attack from someone who is unfamiliar(malicious outsiders) with the system.

Grey Box:
In this method, Pen Tester partially know about the system.

Web application penetration testing:
This testing will be used to find the following web application vulnerabilities:

• SQL Injection
• XSS(Cross site Scripting)
• Buffer overflow
• Clickjacking
• DDOS

Penetration Testing Tool:
Penetration Testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency, and discover issues that might be difficult to find using manual analysis techniques alone.

As a Penetration Tester, you will need lot of Penetration testing tools to test the Security of system. Searching ,downloading and installing the required software may take time. You can use a Penetration Testing Distribution instead.

What is Pen Testing Distribution?
Penetration Testing Distribution is an open source Operating System(Derived from Linux/BSD) that combines all required application for testing the security of system. It is specially developed for Security Professionals(Pen Testers/EthicalHackers/Forensic Officers...)
Eg: Backtrack 5 Linux .

What is the advantage of Penetration Testing Distribution?
All Required application for security test are gathered in a single Operating system. You don't need to search for application, Save your time. Penetration Testing Distribution are open source and free to use. You can install in pen drive and bring it anywhere.

by Triple A A-@-A

Publisher: Unknown - 12:48

What is computer hacking? Introduction to Hacking | AMANAHAD Tech

What is computer hacking?
In a cyber security world, the person who is able to discover weakness in a system and managed to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days,  People started think that hacking is only hijacking Facebook accounts or defacing websites.  Yes, it is also part of hacking field but it doesn't mean that it is the main part of hacking.

So what is exactly hacking, what should i do to become a hacker?!  Don't worry, you will learn it from Break The Security. The main thing you need to become a hacker is self-interest.  You should always ready to learn something and learn to create something new.


Now , let me explain about different kind of hackers exist in the cyber security world.

Script Kiddie

Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers.  In a simple word, the one who doesn't know how a system works but still able to exploit it with previously available tools.

White Hat Hacker:
White Hat hackers are good guys who does the hacking for defensing.  The main aim of a Whitehat hacker is to improve the security of a system by finding security flaws and fixing it.  They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical Hacking world.

Black Hat Hacker:
BlackHat hackers are really bad guys , cyber criminals , who have malicious intent.  The hackers who steal money, infect systems with malware,  etc are referred as BlackHat hackers.  They use their hacking skills for illegal purposes.

GreyHat hackers:

The hackers who may work offensively or defensively, depending on the situation. Hackers who don't have malicious intentions but still like to break into third-party system for fun or just for showing the existence of vulnerability.

Hacktivists
The hackers who use their hacking skills for protesting against injustice and attack a target system and websites to bring the justice.  One of the popular hacktivists is Anonymous and RedHac

by Triple A A-@-A

Publisher: Unknown - 12:46

C program and how to compile it. | AMANAHAD Tech

Hackers should atleast 5 programming languages.  Before all ,learn c program .  Because it is basic programming language for all programming language.   It is easy to learn also. 

There are many books available to read like Complete reference c, C for dummies. 

In online also you can learn.  One of best website to learn c program is www.cprogramming.com/

How to compile c program?
Download "Turbo c " compiler and install. it.  :download

Now open the tc.exe in the folder "c:\tc\bin"

Select New in File Menu of the turbo c editor.

and type your coding .

save it with ".c" extension Like hello.c

compile:
press alt+f9

Create exe file:
press f9

Run :
ctrl+f9

if my post is not clear for you ask me doubts as comment

by Triple A A-@-A

Publisher: Unknown - 12:43

Access blocked website in college or school or net center-Proxy Server | AMANAHAD Tech

In your college or school they restrict to see some sites ? You can access without any restrictions using the proxy server. 

What is Proxy?

Proxy server is some kind of a buffer between your computer and the designated internet destination. When you use a proxy server , your computer will send a request to the proxy server , then the proxy server will send it to the destination (for example a website), the destination will answer the request the proxy has sent and finally the proxy will return the data to you computer.



Reasons for using proxy servers:

• Proxy server is able to increase or decrease the speed of your connection to the Internet depending on the location of the proxy
• Proxy server ( but only anonymous) can hide your IP address (the resource you visit will retrieve the IP of the proxy, and not your
• Proxy servers can help in case some owner of an Internet resource impose restrictions for users from certain countries ( for example hulu.com is only reserved for those from United States, if you are not from United States, you can’t watch videos on hulu.com)

How to Use:
open the proxy server site .
when you open the browser it will ask you to get the certificate.
so click "Get certificate "
and click "ok"
Now site will be opened
The website will ask you to enter the url of site.
enter url of site you want to visit .

List of Proxy Sites:

Pricacywanted.info

Netrover.info

Hidemyass.com
Launchwebs.org
Clear5.info
Bingbot.info
Calculatepie.com
Unicornpipe.com
truckflood.com
fly proxy
Fire-proxy

by Triple A A-@-A

Publisher: Unknown - 12:42

How to see saved password in Mozilla firefox | AMANAHAD Tech

This is not hacking article(not at all).  However, i would say it is kind of trick that most of us not aware of.  Using this trick, you can just view the "saved passwords" in the mozilla firefox.

You remember the "Remember password" which will be asked by Firefox whenever you successfully logged into a website?! If someone accept it, then the password will be stored locally in the firefox.  What we are going to do is get that password.

Let's say you are visiting a public Internet cafe or your friend's system , you can just the follow the following steps and view the saved passwords.

Steps:

• click the "Tools" option in menu bar.
• Select "Options"
• It will open the small window, now you just have to Select the "security" tab
• There, you can see the "saved Passwords" button

• Once you clicked the button, it will popup another small window.
• It will provide the list of sites with usernames
• Select any particular site and click the "show Password"
• Yes, now you can view the password :)

Hope you enjoyed this article.

by Triple A A-@-A

Publisher: Unknown - 12:40

Different types of Email Account Hacking | AMANAHAD Tech

The Basic level Hacking is Email Account Hacking.  Everyone like to do first email account hacking only.  So here is the tutorial for budding hackers about email Hacking.

There are different types of Email Account Hacking .  Here is some of them :

1. Social Engineering
   
   • Phishing
2. Brute Force Attack
3.  Keylogger
4.  Guessing the Answer for the Security Question

Social Engineering:

Social engineering takes advantage of the weakest link in any organization’s
information security defenses: people. Social engineering is
“people hacking” and involves maliciously exploiting the trusting nature of
human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes
great skill to come across as trustworthy to a stranger. It’s also by far the
toughest hack to protect against because people are involved.

Social Engineering is different from Physical Security exploits . In social engineering hackers will analyze about
victim.  Hackers will send mail to victim.  The contents will be related to the victim.

Eg:

✓ False support personnel claim that they need to install a patch or new
version of software on a user’s computer, talk the user into downloading
the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting
package or phone system, ask for the administrator password, and
obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords
of unsuspecting recipients. Hackers then use those passwords to
gain access to bank accounts and more. A related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys
to the computer room, receive a set of keys from security, and obtain
unauthorized access to physical and electronic information.

 Phishing WebPage:

     It is a fake webpage which looks similar to the original page of the website.  Using this WebPage we can easily get the Password of victims.  The process involved in creating Phishing webpage are,
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites.  (don't select a famous hosting site,they will find that
    your page is fake). Try uploading through the proxy server.

Guessing the Answer for Security Question:
    Do you remember that the mail sites will ask for the security questions to retrieve the mail account?  You can hack the mail account simply guessing the answer.  If the victim is your friend ,then it may very easy to hack. 

Brute Force Attack:



A famous and traditional attacking method .  In this method ,the password will be found by trying all possible passwords with any program or software.




Keyloggers:


  It is one of the spyware which will capture what you type in the keyboard.  so whenever you type the username and password ,it will simply capture.

   It is software program which will be attached with any softwares and send to victim.  While victim install the software ,the keylogger also start to work.  Keyloggers are exe files.

Note:
This Email Account Hacking Tutorial is truly for educational purpose only. 

by Triple A A-@-A

Publisher: Unknown - 12:39

Top 10 Important command prompt's commands | AMANAHAD Tech

In this tutorial i will guide you to top 10 important and famous command prompt commands with their usage.  

1. ipconfig :
                  This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS..  This will most useful tool for viewing and troubleshooting TCP/IP problem.

• To view ip ,subnet mask address : ipconfig
• To view all TCP/IP information, use: ipconfig /all
• To view the local DNS cache, use: ipconfig /displaydns
• To delete the contents in the local DNS cache, use: ipconfig /flushdns 
 

2.systeminfo

Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user

3. tasklist and taskkill 

If you work with Task Manager (ctrl+alt+del) ,you can easily understand this.  Task list is list of task which are running on windows currently.  If you open any application,it will be added to task.

To List the Tasks type in cmd as :

          tasklist

 This will show the list of task which are running as shown in the picture

To stop the Process or task ,there is two methods :
Using Image Name:
   We can kill the task using its Image Name as follows:

                       tasklist /im notepad.exe

Using Process Id:
  we can stop the process using its process id as follows :

                tasklist /pid 1852

4. type
 type is used to read the text document in command prompt .  You can read multiple text in continuously

type filename.txt

5.netstat
Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a (displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.

6.net command
Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.
It is mostly used for viewing (only services that are started), stopping and starting services:

• net stop server
• net start server
• net start (display running services)

and for connecting (mapping) and disconnecting with shared network drives:

• net use m: \\myserver\sharename
• net use m: \\myserver\sharename /delete

Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).
Below are all the options that can be used with the net command.

[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]

7 - nslookup - With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.
Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:

To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.

Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).
set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).
set type (sets the query record type that will be returned, such as A, MX, NS)
server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
To exit out of interactive mode, type exit .

8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ).
To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
10 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:

• Configure interfaces
• Configure routing protocols
• Configure filters
• Configure routes
• Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
• Display the configuration of a currently running router on any computer

Some examples of what you can do with netsh:

• Enable or disable Windows firewall:

netsh firewall set opmode disable
netsh firewall set opmode disable

• Enable or disable ICMP Echo Request (for pinging) in Windows firewall:

netsh firewall set icmpsetting 8 enable
netsh firewall set icmpsetting 8 disable

• Configure your NIC to automatically obtain an IP address from a DHCP server:

netsh interface ip set address "Local Area Connection" dhcp

(For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection).
As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.

by Triple A A-@-A

Publisher: Unknown - 12:37

What is Malicious Softwares? What are the type of Malicious Softwares. | AMANAHAD Tech

What is Malware?:
     Malware is a malicious software.  This software include the program that exploit the vulnerabilities in computing system.  The purpose of malicious software is harm you or steal the information from you.


Types of  Malicious Softwares:
There are three characteristics of malwares:

1 Self-replicating malware actively attempts to propagate by creating new
copies, or instances, of itself. Malware may also be propagated passively,
by a user copying it accidentally, for example, but this isn't self-replication.



2 The population growth of malware describes the overall change in the number
of malware instances due to self-replication. Malware that doesn't selfreplicate
will always have a zero population growth, but malware with a
zero population growth may self-replicate.

3 Parasitic malware requires some other executable code in order to exist.
"Executable" in this context should be taken very broadly to include anything
that can be executed, such as boot block code on a disk, binary code


Trojan Horse:


Self-replicating: no
Population growth: zero
Parasitic: yes
    The most famous malicious software is Trojan Horse.

There was no love lost between the Greeks and the Trojans. The Greeks had
besieged the Trojans, holed up in the city of Troy, for ten years. They finally
took the city by using a clever ploy: the Greeks built an enormous wooden horse,
concealing soldiers inside, and tricked the Trojans into bringing the horse into
Troy. When night fell, the soldiers exited the horse and much unpleasantness
ensued.

In computing, a Trojan horse is a program which purports to do some benign
task, but secretly performs some additional malicious task. A classic example is
a password-grabbing login program which prints authentic-looking "username"
and "password" prompts, and waits for a user to type in the information. When
this happens, the password grabber stashes the information away for its creator,
then prints out an "invalid password" message before running the real login
program. The unsuspecting user thinks they made a typing mistake and reenters
the information, none the wiser.

Logic Bomb:

Self-replicating: no
Population growth: zero
Parasitic: possibly
    The oldest type of malicious software.  This program is embedded with some other program.  When certain condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is fixed by attacer.  It will be included in legitimate or authorized person like this:

legitimate code
        if date is Friday the 13th:
               crash_computerO
legitimate code

  
Eg:
if some antivirus trying to delete or clean the logic bomb.  The logic bomb will destroy the pc.




Back Door or Trap Door:

Self-replicating: no
Population growth: zero
Parasitic: possibly

A back door is any mechanism which bypasses a normal security check. Programmers
sometimes create back doors for legitimate reasons, such as skipping
a time-consuming authentication process when debugging a network server.
As with logic bombs, back doors can be placed into legitimate code or be
standalone programs.

username = read_username()
password = read_password()
if tisername i s "133t h4ck0r":
return ALLOW^LOGIN
if username and password are valid:
return ALLOW_LOGIN
e l s e:
return DENY^LOGIN

One special kind of back door is a RAT, which stands for Remote Administration
Tool or Remote Access Trojan, depending on who's asked. These programs
allow a computer to be monitored and controlled remotely;

Virus:
Self-replicating: yes
Population growth: positive
Parasitic: yes

A virus is malware that, when executed, tries to replicate itself into other executable
code; when it succeeds, the code is said to be infected. The infected
code, when run, can infect new code in turn. This self-replication into existing
executable code is the key defining characteristic of a virus.
Types of Virus
1.Parasitic virus:
   Traditional and common virus.  This will be attached with EXE files and search for other EXE file to infect them.
2. Memory Resident Virus:
    Present in your system memory as a system program.  From here onwards it will infects all program that executes.
3. Boot Sector Virus:
     Infects the boot record and spread when the system is booted from the disk containing the virus.
4. Stealth Virus:
     This virus hides itself from detection of antivirus scanning.

Worm:

Self-replicating: yes
Population growth: positive
Parasitic: no


A worm shares several characteristics with a virus. The most important characteristic
is that worms are self-replicating too, but self-replication of a worm
is distinct in two ways. First, worms are standalone, and do not rely on other
executable code. Second, worms spread from machine to machine across networks.




Rabbit:
Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies rapidly. Rabbits
may also be called bacteria, for largely the same reason.

There are actually two kinds of rabbit.The first is a program which tries
to consume all of some system resource, like disk space. A "fork bomb," a
program which creates new processes in an infinite loop, is a classic example
of this kind of rabbit. These tend to leave painfully obvious trails pointing to
the perpetrator, and are not of particular interest.

The second kind of rabbit, which the characteristics above describe, is a
special case of a worm. This kind of rabbit is a standalone program which
replicates itself across a network from machine to machine, but deletes the
original copy of itself after replication. In other words, there is only one copy
of a given rabbit on a network; it just hops from one computer to another.
Rabbits are rarely seen in practice.


Spyware:

Spyware is software which collects information from a computer and transmits
it to someone else.


The exact information spyware gathers may vary, but can include anything
which potentially has value:

1 Usernames and passwords. These might be harvested from files on the
machine, or by recording what the user types using a key logger. A keylogger
differs from a Trojan horse in that a keylogger passively captures keystrokes
only; no active deception is involved.

2 Email addresses, which would have value to a spammer.

3 Bank account and credit card numbers.

4 Software license keys, to facilitate software pirating.
Definitions


Adware:


Self-replicating: no
Population growth: zero
Parasitic: no

Adware has similarities to spyware in that both are gathering information about
the user and their habits. Adware is more marketing-focused, and may pop up
advertisements or redirect a user's web browser to certain web sites in the hopes
of making a sale. Some adware will attempt to target the advertisement to fit
the context of what the user is doing. For example, a search for "Calgary" may
result in an unsolicited pop-up advertisement for "books about Calgary."
Adware may also gather and transmit information about users which can be
used for marketing purposes. As with spyware, adware does not self-replicate.


Zombies:


Computers that have been compromised can be used by an attacker for a
variety of tasks, unbeknownst to the legitimate owner; computers used in this
way are called zombies. The most common tasks for zombies are sending spam
and participating in coordinated, large-scale denial-of-service attacks.

Signs that your system is Infected by Malware:

Slow down, malfunction, or display repeated error messages

Won't shut down or restart

Serve up a lot of pop-up ads, or display them when you're not surfing the web

Display web pages or programs you didn't intend to use, or send emails you didn't write.

by Triple A A-@-A

Publisher: Unknown - 12:35

Introduction to Social Engineering world | Hack the people | AMANAHAD Tech

What is Social Engineering?

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.


"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker.


Some Examples
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker

Example 2: You receive an e-mail saying that your computer is infected by a virus. The message suggests that you install a tool available on an Internet site, to eliminate the virus from your computer.

The real function of this tool and does not eliminate a virus, but I give someone access to your computer and all data stored on it.

Example 3: a stranger calls your house and says it is the technical support of your ISP.
In this connection he says that his connection to the Internet is presenting a problem and then, ask your password to fix it. If you give your password, this so-called technical can perform a multitude of malicious activities, using your access account
Internet and therefore such activities relating to its name.

Practical Examples:

Retail Paging Systems
---------------------
Wal-Mart store phones have clearly marked buttons for the paging system. Wal-Mart is
the exception, not the rule. So how do you get on the paging system to have a little
fun when you're bored out of your mind shopping with your girlfriend? Social
engineering, my whipped friend. Find a phone and dial an extension, preferably the
store op. The key here is to become a harried employee, saying something similar
to..."This is Bill in shoes. What's the paging extension?" More often than not,
you'll get the extension without another word. Now, get some by saying something
sweet over the intercom.

Airport White Courtesy Phones
-----------------------------
Imagine you've already been stripped searched and you're waiting for your delayed
flight. Naturally, you gravitate to a phone. Is it white? Then you've got a free
call right in front of you. Just pick up to get the op. "This is Bill at Southwest,
Gate A5. We're swamped and our phones are tied. Can I get an outside line?" If
the phone does not have DTMF, or the op wants to dial the call for you, do not call
a number related to you.

Hotels
------
Hotels hold such promise. Some hotels have voice mail for each room, guests
receiving a PIN when they check in. Hotels also have "guest" phones; phones outside
of rooms that connect only to rooms or the front desk. Pick up a guest phone, make
like a friendly guest and say, "I forgot my PIN. Could I get it again? Room XXX."
Knowing the registered name of the target room helps, for the Hotel and Restaurant
Management Degree Program graduate may ask for it.

Do not follow through with the next social engineering example. Or, like the author,
try it on a friend. Go to the front desk and tell the attendant that you've locked
your key (card) in the laundromat, in your room, lost it, etc. Do not try this with
the attendant that checked you in. And again, do not enter someone's room without
permission.


Calling Technical Support
-------------------------
So you've found a new-fangled computerized phone and you want to learn more about it.
Do the same thing you do when you have trouble with your AOL - call tech support.
First, do a little planning (after getting the tech support number off of the phone
or the web). Get some info on the phone, like phone number, model number, other
identifying numbers, etc. Also, know the name of the facility in which the phone is
located. Now that you've got some ammo, you're ready to make the call. Posing as an
employee of the facility, call tech support and make up a problem for the phone
you've identified. Act a little dumb and be apologetic, acting like you don't want
to waste their time. All the while, pumping them for information - "I hate to bug
you for this, but <insert problem here>." <You'll get some info from tech support
here.> <Build on what you've learned and curiously ask another question.> And so
on until you reach the point where you can feel that it's time to end the call.
Occasionally acting amazed at their knowledge may be helpful.

Methods of Social Engineering

Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond.

Vishing or Phone Phishing:
This technique uses an Interactive Voice Response (IVR) system to recreate a legit sounding copy of a bank or other institution's IVR system. The slave is prompted to call in to the "bank" via a phone number provided in order to "verify" information.

Baiting
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the slave. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the slave to use the device.

Quid pro quo
Quid pro quo means something for something:

* An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware.

* In a 2003 information security survey, 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for a cheap pen. Similar surveys in later years obtained similar results using chocolates and other cheap lures, although they made no attempt to validate the passwords.

by Triple A A-@-A

Publisher: Unknown - 12:33