Tag Archives: Ethical Hacking

A Massive Hole In The Internet Security – Heartbleed Vulnerability

Most probably Heartbleed is going to be the vulnerability of the decade in the internet history. You might have heard the word Heartbleed, received bunch of mails from your favorite web services. This article will help non-technical people to understand What Heartbleed is, and how to be immunized  to the bug.

Heartbleed is a bug disclosed to the public on 7th April, 2014. It is a vulnerability in the open source SSL(Secure Socket Layer) cryptography library. This open source OpenSSL is software implemented in server side which is responsible for security and integrity of the data while in its transmission. The communication between your system/PC and the web server have to be sent through a secure line to avoid attackers to eavesdrop in the middle. Whatever URL that has ‘s’ at the end of http like htts://domain.com, you know for sure those sites implementing the SSL for security. To avoid this middle man attack all the data sent through this secure line is encrypted in the both end while sending and de-crypted  at the other end.

Its like sending messages as cipher, to decode the cipher the PC or your Server needs the key. These keys are digital keys that has to be exchanged between the two communicating ends. Meanwhile the connected PC continuously checks the liveliness of the link by requesting a signal from Server. The server sends the signal to all the connected nodes (PCs) in a ordered frequency. This signal is called ‘Heartbeat’. If the end node doesn’t get this heartbeat signal for a moment of time, then it assumes the server is down and closes the connection.

Here comes the vulnerability part. When a node request for a heartbeat signal from the server with a particular size, the server will respond to it with the data it needed at the same size requested. But it failed to check the validity of the size. So if a hacker requests for the heartbeat signal with some little big size than it needed, then the server respond with the data it needed and for remaining size it adds up the data from the server memory. Unfortunately that data are very critical sensitive data of users of the server, that includes passwords, credit card numbers, and most of the unencrypted data and other cookie information, session details etc.

Image Courtesy : xkcd.com

Image Courtesy : xkcd.com/1354

 

It is believed more than half a million web servers were affected by this, and millions of data has been hijacked. No body is sure with the infographs of this attack, but many web services openly accepted they were victimized.

It seems Google patched their servers on March 21st  and Cloudflare on 31st. Cisco announced that its most of the equipment has been vulnerable to this attack, which in turns leaves our sensitive data at risks. We know CISCO’s hardware constitutes the majority of internet.

How to be get immunized from this bug… Solution is simple, change all your login credentials like passwords, security questions, PINs etc. Log out of all the accounts from all the devices you use and login again with new passwords. Update all your softwares, apps. This applies for all the services. All other steps has to be taken by your service offerers, as they have to update their OpenSSL with the patches for the bug.

Not all the websites has been attacked, it is a guess that most of them were. Ironically the services which hasn’t update their OpenSSL for long time stayed secure. And the early adapters of the patch also immune to this attack. As I am using LastPass for managing my digital credentials, it helped me finding the attacked websites and I changed my passwords for those sites which listed under attacked.

For more reading : CNet , Heartbleed

Hope the article helps. Will see you in another. Don’t hesitate to register your views in the below comment box.

Understanding Phishing With Example

Have you ever heard the words ‘phishing’, ‘spoofing’ before? Most of us thinking that phishing and spoofing are same but it is not and we think that spoofing is a type of hacking and again it is big ‘NO’.

Spoofing

[sniplet postads]

spoofing is delivering a website which is pretending like a legitimate website to deceive or impost the viewers who visiting the website. Here no means of user information is collected for example: ebay spoof. A duplicate website pretends like a original ebay site where an user came and pays some amount for some purchase where originally no purchase is made all the paid money flows to the fraud or imposter’s credit card account.

Phishing

[sniplet postads]

Phishing causes some serious problem because here your information is collected. “Fishing” the term changed to “phishing” represents the hacker spreads the fish net or hook to every body in the internet but only few were victimized. Consider some fake login page of paypal which was created and owned by a hacker, you entering your username and password in that page thinking that you are trying to log in to paypal, as soon as you click the login button of the page the username and password was sent to the hacker. Now Hacker has every control of your paypal account.

[sniplet postads]

The picture shows the example of two fake login pages of two famous email providers. These login pages looks like very same to the original. The links to this fake login pages were sent by emails and when some body clicks the link they will be brought to this page. If they enter their username and password then it will record it and forwards the page to the original login page. In this phishing attack the phishing mails will be sent in at least thousands if not so in millions. Out of this large numbers very few only victimized.

So all the spoof are not phishing attack. spoof is a general attack where the consequence is not high as from the phishing.

Reverse DNS or IP Look Up and WHOIS Look Up

In computer networking, reverse DNS look up or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address using the Domain Name System (DNS) of the Internet. To simplify DNS is a table kinda thing which stores the domain name corresponds to the IP address of that particular domain name or server IP address in which the website is hosted.

[sniplet postads]

Whois look up is finding the IP address of the server corresponds to the domain name while reverse DNS lookup is vice verse, that is finding the domain name from the IP address.Doing an IP look Up or WHOIS look up is very simple, there are numerous web service which do this all you have to do is to enter the domain name or IP in the website, in few seconds it gives you all information regarding your query. It provides the information like

[sniplet postads]

  • Name of the domain
  • ISP
  • Location of the server
  • Registrant of the domain
  • Address of the registrant
  • Registrant’s email id

Here the first 3 information are 100% correct while the others may or may not be correct, because those details are entered by the domain registrant when he buys the domain form the registrar. People who practices hacking or some unethical activities never enter the original detail, and some times the registrar itself provide some duplicate mail id and address in name of privacy to the registrant. When the scenario is like this you can’t find out the original owner of the domain, but through  the other details you can find out the server and its location.

[sniplet postads]

Why DNS look up is needed? Please read other articles under the category ‘Ethical Hacking‘. When hacker attack is detected through means like internet, Trojan horse, then you have to find out where the hacker’s server is located or to where the Trojan is sending the details, if it is email hacking you need to find out where the email is generated from.

If you find this article useful, subscribe with your mail id from updates. You may find the subscribe box in the right column of this page.

Ethical E-Mail Hacking – Identifying Sender

Any email can pretend itself it is from a trusted site, but in fact it was created by some hackers and served by their servers. When this spoof or forged mail is sent in at least thousands while not in millions. We already seen in the previous post by reading e-mail headers we can identify the sender when the mail seems to be some spoof.

Below is a email header of a mail I sent from my hosting server with PHPmailer. Because normal mail clients never allow you to change the from mail address and other data. This mail pretends where it is from some trusted web site to you but it is created from my server. I have changed some data in below header, due to some security reasons.

[sniplet postads]

Before reading the header your mail looks like this when I receive it in my gmail inbox.

To: you@yourdomain.com
From: Trustedsite.com <someone@trustedsite.com>
Subject: Verify Your Account Details

Now, you can say this mail is from someone@trustedsite.com to verify your account details. Okay lets read the header of this mail which is given below.

Delivered-To: you@yourdomain.com
Received: by 10.231.182.200 with SMTP id cd8cs166526ibb;
        Mon, 11 Oct 2010 19:39:48 -0700 (PDT)
Received: by 10.101.166.37 with SMTP id t37mr3252242ano.122.1286851188074;
        Mon, 11 Oct 2010 19:39:48 -0700 (PDT)
Return-Path: <someone@trustedsite.com>
..................
..................// content removed to reduce confusion
..................// some details of intermediate servers.
..................// No need to consider this.
..................
..................
Received: from hackerdomain.com (21.hackingwebserver.com [11.11.11.111])
        by mail.hackingweb.com with ESMTPS id q23sm3375542yba.17.2010.10.11.19.39.45
        (version=SSLv3 cipher=RC4-MD5);
        Mon, 11 Oct 2010 19:39:46 -0700 (PDT)
Date: Tue, 12 Oct 2010 02:39:44 +0000
Return-Path: no-reply@hackerdomain.com
To: you@yourdomain.com
From: Trustedsite.com <someone@trustedsite.com>
Subject: Verify Your Account Details.
Message-ID: <050f1b51c4ebc17fb46cb18d980b8397@apecunited.com>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

[sniplet postads]

This email header determine where a message is sent, and records the specific path the message follows as it passes through each mail server. To follow the path of a message chronologically, read from the bottom of the header, and work your way up. In this header the mail passes through more than 2 mail servers so I removed the information to reduce confusion. Our motto is to find where the mail is generated, for that read the first ” Received: ” data (from bottom), it specifies that this mail is from “hackerdomain.com” with the ip address of “11.11.11.111″ and it includes a timestamp “17.2010.10.11.19.39.45″ which means exactly at “Mon, 11 Oct 2010 19:39:45″.

Here is an another example email header (only first “Received:” is shown)


Received: from source ([11.11.11.111]) by exprod5mx37.postini.com ([12.12.12.123]) with SMTP; 	Wed, 20 Aug 2003 21:40:05 CDT

In this case, exprod5mx37.postini.com ([12.12.12.123]) – was smart enough to know the email really came from ip 11.11.11.111. So we can find the sender’s domain or ip address from the email headers almost all the time.

[sniplet postads]

What can we do with the hacker’s ip address, we have to find the domain name, server location, owner of that domain, etc etc. We can do this by DNS Look up or else we can simply notify the domain owner whose domain is abused by the hacker, in the above full header the abused domain is “turstedsite.com”. The next article will brief this, so stay subscribed to alvistor.com in the below box.

Ethical E-Mail Hacking – Email Headers

In the previous article of this Ethical E-mail Hacking series, we learned how simple “reply to” address column is used to deceive a recipient of email. If you receive an email from a recipient, how will you find the sender, “From Address” is not the only option because as we seen in previous topic a hacker can change the from address very easily. Here the E-mail headers plays important role.

The email header is the information that travels with every email, containing details about the sender, route and receiver. It is like a flight ticket: it can tell you who booked it (who sent the email), the departure information (when the email was sent), the route (from where it was sent and how did it arrive to you) and arrival details (who is the receiver and when it was received). As when you would book a flight ticket with a false identity, the same goes for emails: the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers or viruses).

[sniplet postads]

Every e-mail client including web based clients like Gmail, yahoo mail have feature to show full e-mail headers. Normally most of the e-mail clients hide this, because only the body of email is important to the readers perspective, like we check the papers in the letters and not the envelope, but these envelopes are very important. Given screen shots will explain how to make your client to show the headers. Normally the button will captioned with “View Full Headers”.

E-Mail Header Link In Gmail

Example E-Mail Header Link In Gmail

[sniplet postads]

E-Mail Header Link in Yahoo

Example E-Mail Header Link in Yahoo

Okay I hope you found “View Header” button in your email client. Now just click it to see the header of that particular email. The header of a mail might look like this. (example code from Google)

??Delivered-To: MrSmith@gmail.com
Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tue, 29 Mar 2005 15:11:47 -0800 (PST)
Return-Path:
Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb.2005.03.29.15.11.46; Tue, 29 Mar 2005 15:11:47 -0800 (PST)
Message-ID: <20050329231145.62086.mail@mail.emailprovider.com>
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 29 Mar 2005 15:11:45 PST
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: Mr Jones
Subject: Hello
To: Mr Smith

[sniplet postads]

Now read the header from bottom to top. This typical header explains that this email is sent to ‘Mr smith’ with subject ‘Hello’ (body of message was already shown in the mail). The next lines says that this is from ‘Mr Jones’ sent at so and so time. As we already seen this from address can be modified by the sender that means anyone can send this mail with the name ‘Mr Jones’ pretending the mail is from Mr Jones but actually it was sent by some ‘x’. This is like writing others name in the envelope’s from address section instead of writing their own name, so that the letter seems to be from others. So we checking the sender, and sender’s mail server and ip of the server. Here the server is ‘emailprovider.com’ and ip of it is ’11.11.111.111′.

If you have difficulty in reading the headers don’t worry, it is not that much hard. Knowing some terms like ‘Return Path’, SMTP, HTTP, Message-ID, etc will help you. Please write your comments to provide you more better written-ed articles in future.

Ethical E-Mail Hacking – Reply To Address

The stream of articles under Ethical E-mail Hacking covers the ideas of hacking a mail. To readers clarification e-mail hacking is different from ‘email account’ hacking. Here we hacking e-mails not mail accounts. In order to find the e-mail spoofs, forgery and other modern attacks. we need to know some basics of email and it is better to know how to hack an e-mail to avoid hacking and being victimized by hackers.

[sniplet postads]

We use webmail like gmail, yahoo mail, rediff anything, you name it or else we use mail clients like outlook, thunderbird etc to send and receive e-mails. “Reply-to” is the option which is almost absent in the APIs of today’s email clients. Usually to send a email we need a from address, and we need to enter one or more ‘to address’, subject, body. Like BCC, CC, we almost lost the option of specifying ‘reply-to’ address in our e-mails.

http://en.wikipedia.org/wiki/File:SPOOFED-EMAIL.jpg

Before continuing, open the above image in a new browser tab. You can find ‘Reply To’ text box where we can provide another e-mail id other than the sending id even if it is not belongs to the mail server and even in sometimes the email id may not exists.If this column is filled with some other person’s email id. When your e-mail arrives to the inbox of recipient, it will appear to the have been sent from another person whose mail id is specified in the ‘reply-to’ address field.

[sniplet postads]

Scenario 1:

A mail is sent by a fraud from fraud@fraudwebsite.com with ‘reply to’ address no-reply@brandedinstitution.com (eg: no-reply@paypal.com, accounts@citibank.com). with a deceiving subject and body with a link to hoax website which collects your information. When this mail arrives, it seems the mail was sent from no-reply@brandedinstitution.com because it was in the reply to column and the id fraud@fraudwebsite.com is almost hided. You now clicking the link provided in the spoof mail and entering the data like password, username in the hoax website.

In this scenario 1 you have been victimized by a simple reply-to data modification because it is shown clearly and original mail id is hided. By the instance of seeing the reply-to mail id, you are now made to believe that the email is from the legitimate source, but it is not. So whenever you receive a mail don’t forget to check the from address, instead of checking the reply-to address before clicking any links in that e-mail.

[sniplet postads]

Note: In gmail and yahoo, there is an option called “show details” on the top of the mail which shows the reply to and sender email id s separately.


Message-ID: <20050329231145.62086.mail@mail.emailprovider.com>
 Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 29 Mar 2005 15:11:45 PST
 Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
 From: fraudid@emailprovider.com
 Reply-To: no-reply@alvistor.com
 Subject: Managing Account Information
 To: Mr You

Here the fraud is sending this mail with subject “Managing Account Information” from “fraudid@emailprovider.com” through “mail.emailprovider.com” via HTTP, but the reply to address has “no-reply@alvistor.com” so the mail seems to be from alvistor.com. This is the place where you are being cheated by the fraud.

What We Learned: It is easy to spoof a mail with reply to address, and an email with a from mail id (over written by reply-to mail id) is need not to be the original sender’s mail id. So any one can pretend to be another person while sending email to you.

Ethical E-Mail Hacking – Understanding Basics

What is Hacking?  Hacking is defined as intentionally accessing a computer without authorization or exceeds authorized access, and wikipedia says “hacker is a person who breaks into computers and computer networks, either for profit or motivated by the challenge”.

Why Ethical Hacking? If a hacker tries to hack your computer system, you need to stop him and safe guard your system and personal data from hacking, To prevent hacking you need to know about it. Ethical Hacking is hacking someones system with good intention , and the person who doing ethical hacking is “Ethical Hacker” and widely known as “White Hackers”. Say example (!)if you try to find the hacker who hacked in to your system, (2)Paypal obtaining the information of some hackers who hacked in to the accounts of their customer.

[sniplet postads]

However, Hacking e-mail account is a different from ethical hacking, but by knowing ethical hacking you can able identify the hoax(spoof) mail, hacker, information about hacker, and at most your name will not be in hacker’s victim list. Before briefing in to the subject, here I am not going to explain the steps ‘how to hack any ones mail account’ instead I explain hacking techniques and how to find that if you are subjected to it as a victim. This will help you to stay away from hackers and guard you data from them.

E-Mail

[sniplet postads]

E-Mail is expanded as ‘Electronic Mail’. E-mail is a digital message when composed by a user with the help of MUA(Mail User Agent) in a system sent to the computer network normally ‘internet’ using SMTP (Simple Mail Transfer Protocol) to the ISP (Internet Service Provider) which resolves a domain name to determine the fully qualified domain name of the mail exchange server in the DNS(Domain Name System). After this, mail will be posted or delivered to the recipient using POP(Post Office Protocol) to recipient’s MUA. Keeping non technical person’s understandability in mind I am trying to mute the technical things.

[sniplet postads]

In this ‘Ethical E-mail Hacking’ stream of articles we are going to learn about E-mail headers, Tracking E-mail, Tracing through time stamp and IP Whois Lookup, Phishing, Malicious HTML and Java script codes in e-mail, Spoof web sites and services, and Modern hacking methods and how to avoid it like using Digital signature, Encryption etc, . I am still looking ways to cover other things like Encryption, Eavesdropping, etc, without using too much technical gimmicks. Finally I am not going to teach you how to hack, but just how to safe guard yourself from hackers attack.

To Get Updates Of This Article Stream In Your Mail Subscribe In Below Green Box.

How to Prevent E-Mail Account From Getting Hacked – Part -2 Remote Hackers

In part 1 we learned how to secure mail account from local hackers. Here we just gonna see how to prevent hacking from remote hackers. Remote hackers are hackers who reside in distant place from your location who might rarely know you who tries to hack your account.

These Remote hackers handles multiple techniques to hack your mail accounts and other accounts. Some of the techniques were,

[sniplet postads]

  • Mal-wares, Spy-wares
  • Viruses or Worms
  • Phishing  or Spoofing
  • Loop Holes in Operation System

I will write separate articles in “Ethical Hacking” section about the above techniques, and excerpt of the technique and how to avoid it is written below.

Mal-Wares, Spy-Wares: Malware, short for malicious software, is software designed to secretly access a computer system without the owner’s informed consent, and Spyware is a type of malware. These Mal-wares comes in to your system without the knowledge of owner and runs in stealth mode. When it is running, collects the details like your keystrokes and other important informations and packs to the hacker. Hacker make use of these info to hack in to your account. OSK (on screen keyboard) is one solution to avoid the recording of keystroke when entering password. Even though it send other informations.

[sniplet postads]

Viruses: viruses is also like malware, while a virus can able to replicate and spread. You don’t need to download it, it may be transferred from portable devices like pendrives, cds and through Internet. These viruses are equipped to mostly destruct the information some times it transfers the information to other remote system.

If you want to secure from the above automated hacker slaves, you need a perfect ‘anti-virus’. Do not trust free one if the information in your system and mail is more important.

Loop Holes: Hackers have their eyes firm in the loop holes of the OS you using. Loop holes are like holes in a container and informations are like water in the holed container. If you want to save your information your OS should be updated regularly, Patches will helps you to close the loop holes and if you are using windows, check you are with the latest service pack.

[sniplet postads]

Phishing or Spoofing: Paypal definition for Phishing follows

A spoof or phishing (pronounced “fishing”) email is an email that is designed to look like it comes from a well-known company and that tells some story to get you to click a link or button in the email.
The links or buttons in the email take you to a website that is also called a “spoof” because it, too, fakes the appearance of a popular website or company. The spoof site asks you to input personal information, such as your credit card number, Social Security number or account password.
You think you are giving information to a trusted company, when in fact, you are supplying it to a criminal.

To avoid phishing use anti phishing toolbars like NetCraft. In Part 3 of this topic I will continue to write about Phishing and Spoofing.

How to Prevent E-Mail Account From Getting Hacked – Part -1 Local Hackers

Almost no one takes any preventive actions against hacking until they learn a hard lesson after their mail account or any web account was hacked. Okay, there are numerous pages in web about this topic, those will be summarized here.In below paragraph some of the important information is given for you to prevent your digital accounts.

Basic Preventions From Local Hackers:

First thing is first, that is your password. Local hackers (people around you, who know about you, collecting every detail of you which helps to hack your account) hack your password with some of your personal details like birthday, year, name, etc etc.,

[sniplet postads]

So your password should not contain any of your personal details and should have special characters, numbers, caps. Why special characters and symbols, because it may cause more time to find your password just by increasing possibilities. See below table, it increase its time exponentially when you use random of all characters instead of only lower case.

Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters
0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia
0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Your security question is a second layer security to your account which usually be a easy way to get hacked. The forgot password attack is a very often and easy. So when selecting and answering your security question make sure that the answer is only known to you.

Best Practices In Home:

While you use “Password Remember” feature in browser, then you should not allow any others to use your system at least in your personal account of your PC. Beware of “Password Remember” feature, It helps local hackers.

[sniplet postads]

Best Practices In Office and Other Public Places:

In public computers after your usage delete all your history, cookies [In Firefox, Goto Tools -> Clear Recent History] before you leave the computer. I recommend Private Browsing for people who using their account on the public systems like in Internet cafe. you can activate private browsing in firefox by clicking Tools -> Start Private Browsing (shortcut : ctrl+shift+p) and chrome by Settings -> New Incognito Window (shortcut : ctrl+shift+N).

Key Loggers are program running in hidden mode, which saves every keystrokes that pressed in keyboard. usually these key logger program were set in Internet parlors which records your password stroke when you type it in the keyboard. If you suspect any key logger program in the system, just open the On Screen Keyboard  (OSK). Today every OS has this feature and most of the online banking website provide this in their website login page. [In windows type OSK in run command to open it].

[sniplet postads]

Avoid loose talk about your personal details that relates to the security questions and your password regarding your web account. Never ever disclose your password with any one, and my advise don’t trust anybody in this. Always “Prevention is better than cure”.

What If Your Yahoo ID is hacked?

For the past few days some of my friends and others told me that their account was hacked and some spam mails were sent to every people in the contact list of the hacked account. If it is your problem just read the below article, even though your account is not hacked read it, because it may be helpful for your friends and for you in future.

First try your username and password in yahoo mail login page, if you feel that your password is changed then try the help article provided by yahoo here http://help.yahoo.com/l/us/yahoo/edit/id_password/edit-20.html

[sniplet postads]

If you still can’t change or retrieve your password from the above step, then probably your account was hacked. Then you have to intimate yahoo about the hack. Send an email to Yahoo Account Security Department account “account-security-help@cc.yahoo-inc.com” by mentioning the problem in the subject.

Just keep in mind that you have to be polite with your words.

1. Provide them the details of the entire story, whatever you can remember about the hack.

[sniplet postads]

2.Mention the time and date when you accessed your account last time.

3.provide the password that you used last time to access your account. If possible try to send mail from the system you regularly using for sending mail from the yahoo mail account, because the ip address of that system may help yahoo to understand your problem.

4. Most importantly provide all the information you entered when you register your account or just the information when you last updated to your yahoo account. Provide the list of service you using with that mail id, like answers, yahoo connect, yahoo groups etc..

[sniplet postads]

5. Wait for the response, do not send this mail for several times because they might consider your messages as abuse and harassment. Be patient Until you response by yahoo.

Good luck. If the problem is solved please write it in the comments, or if you have tried any other ways please put a word in the below comments area, this will help others. TIA for commenting.