How to Protect Your Blog from Hackers

Your blog is one of the most important things in the world to you. It is the way that you communicate with the outside world, share your passions, and potentially even make your income.
There are other people out there who do not feel the same way.
These hackers want to take your blog and use it for profit by either spamming ad-filled posts on your blog or using your subscriber lists for their criminal purposes.
If your blog is taken over by a hacker, not only might you lose your blog, you might lose some of your readership and your reputation. It is worth any inconvenience to make sure this doesn’t happen.

The Basics

What goes for the rest of the internet doesn’t change for your blog. Many of the threats to your computer can affect your blog as well, so you have to maintain a constant vigilance on both fronts. Know these basics and know them well.

Passwords and Usernames

While it may be convenient for you to have a simple password such as “Password123” or something similar, hackers will be able to crack such a password in five minutes on a slow day. You need something better with different types of characters, no words in the dictionary, and enough characters to keep the number of possibilities high (at least 10). Once you commit a good one to memory, you won’t care so much about the hassle, and it will get easier to remember a new one each time you change it.
If you are looking for some examples of what a good password looks like, check out the listed examples below:

• Typ561Rvsert?
• M0O0Nrare!
• J0hnsm1TH
• !Pra531cTiCal

As for your username, this naturally won’t be as well protected, but there are steps you can take. The biggest one is not using “Admin” as your username.
Many different exploits and attacks hackers use will start on the premise that Admin is a username or profile name on the website, so if you’re using it you’ve made their job a lot easier. Other than this, just make sure not to hand your username out to everyone. Keep it as safe as your password.

Security Software

Your computer is linked to your blog, and there is nothing you can do to change that. If your computer is attacked, consider your blog attacked as well. Any cookies or saved passwords on your device could be stolen and used to gain access to your blog.
You need security software on all of your devices, and you need to make sure it is updated consistently. There are both free programs and premium programs available. Some of the better free products include Panda Free Antivirus, AVG Free Antivirus, and Avira. Some of the best premium programs and brands include Norton, McAfee, and Kaspersky Total Security.
Each have their benefits and disadvantages (for example, Kaspersky is the most expensive, but has every feature you could want), and you will have to decide what is in your budget and most compatible with your needs. Consider it an investment in your blog’s survival.

Email Security

Where your blog is concerned, your email security is of equal importance to your general computer security. If a hacker manages to get into your email account, they can pretty easily find your password and/or your username. This is in addition to the many other problems you will have to deal with when your email is hacked (such as potential identity theft).
This is why your email should be the most protected account you have. If you are particularly cautious, you will want to create a separate email for blogging purposes. You can also use it as a separate contact point for readers so you can more easily organize your emails. A second email address is free and easy to start, so there is no disadvantage to setting one up (other than time).
In addition to this, you will want a strong password (see the tips outlined earlier). Your email account might also have other verification options such as a security image or security question you have to answer whenever you log in on a new device. Take any and all of these options, and note that you don’t have to share your email with everyone you meet.

Platforms, Tools, and Plugins

A strong webpage is your first line of defense against potential hackers. Hackers aren’t necessarily lazy, but they are opportunistic and will attack the weakest blog they see. If your blog looks dated, it’s security is probably dated, too. Try to think how a predator thinks, and then take measures that will ward them off. Try to do this from a holistic viewpoint, taking into consideration the platform, the base blog, and any plugins you have installed.

Security Tools and Add-ons

Most blogging platforms, WordPress especially among them, have a lot of tools and plugins available to users in order to make your website more secure. Let us take a look at some of the most popular and useful ones:

• Acunetix WP Security Scan is one of the first plugins you should download for your blog. Once activated, it will scan your blog and design for any potential security holes and then recommend fixes for you. It is continually improving and is a great introduction to WordPress security.
• WordFence is likely the most popular and well-known of all the plugins for WordPress right now. The plugin scans the coding of your website, then optimizes your security and allegedly makes it up to fifty times faster. It has some of the best blocking features (you can block entire networks), will scan for both common and not-so-common holes and leaks, and has a firewall. There is a premium option that is great, but the free option is more than enough to protect your blog from most threats.
• Sucuri Security is a plugin from a company that specializes in auditing and internet security. It will incorporate many different blacklist engines onto your blog to protect it, and it has a ton of monitoring features available so you can know every last thing about the security and activity on your site. It is a fantastic all-around security application.
• Brute Force Login Protection is probably your best bet if you are being targeted with a botnet attack or, as the name suggests, a brute force attack. Since most of these types of attacks are automated, you need a good level of protection that will work automatically for you, and this plugin will block the IP address of a hacker who tries to log in too many times. You can even get an email when this happens so that you are aware of the frequency of attacks on your site.

Whatever security plugins you choose, be sure to research them thoroughly. Many options are either out of date or malware in disguise and will give you a false sense of security. In the worst case scenario, you could even be giving hackers a front door method into attacking your blog. Doing your homework will save you a lot of money in the long run.

Tip from Kevin: Stick to plugins found in the official WordPress directory. You’ll be able to see when a plugin was last updated, whether it’s compatible with the latest version of WordPress, how often its developers answer “support” questions, and the star rating other users have given it. Plus, all the plugins are free. I like free.

A final tip regarding this is to take an hour or so every few months to review any applications you might be using on your blog. If they are outdated, don’t hesitate to replace them. Cybersecurity evolves too quickly to be loyal to something that no longer works.

Use the Latest Version

If you are using WordPress or another hosting service which has multiple versions, make sure you are using the most recent one available. Hackers find a lot more security holes and problems in older versions of blogging platforms, and the hosts most likely do not support them nearly as much at their latest product.
If you can upgrade, do it now. There are few disadvantages to upgrading after the first month (where they get the bugs out), and you can take advantage of the other features offered.

Protecting Your Blog on the Go

Many bloggers love to travel or work from outside the home, and this is a great thing. It allows for new perspectives and a faster, more consistent rate of production. However, there are many risks while blogging on the go, and you need to be prepared for them with the right knowledge and the right tools.

Public Networks

When it comes to internet security in general, public networks are your worst enemy and a hacker’s best friend. While they are useful to many people who want to browse the internet for free, most people do not know the inherent lack of security many of them have.
The biggest problem with a public network is that it is really easy for anyone to intercept your data uploaded or downloaded on the network. Think of your computer as a broadcast tower. Anyone with a receiver and the knowledge to use it can pick up the signal. Unfortunately, the receivers aren’t expensive, and they’re pretty easy for even novice hackers to use.
When your data is picked up in this manner, it can easily be used against you. Try to imagine if your passwords and usernames were just broadcast unencrypted for someone to pick up. If you log in without protection, that is what will happen. Heaven forbid you try online banking or blog-related financial transactions.

Use a VPN

The best way to counter the problems of public networks is to use a Virtual Private Network (VPN) to defend yourself. What a VPN will do is connect your device via an encrypted connection to another server offsite. This connection can act as a tunnel and will mask your IP address, which will allow you a maximum level of security and privacy. Hackers won’t be able to know anything, even on a public network.
There are many different VPNs out there, and many of them are specialized. Doing some research on the subject will help you find out which to use to ward off hackers on public networks as well as stay private. If you want a decent one, you will have to pay a subscription fee, but it is well worth it compared to the questionable free ones out on the market.
If you travel to other countries or have to access sensitive data, then another important thing about VPNs should be noted. The fact they mask IP addresses and make it appear as if you are browsing in a different country means that you can bypass government censorship if you are in a restrictive country. This is necessary for bloggers who are reporting on risky subjects.

Secure Your Smartphone

If you are travelling or even walking around town, you should make sure your smartphone is on you at all times and you can feel it. There is a huge market for stolen smartphones, and pickpockets love to make profits off of them.
Your smartphone is likely connected to your blog, so if your smartphone gets stolen you need to make changing your password on it one of your first priorities. If a smartphone thief gets a blog to sell in addition to a new phone, you’ll have one more problem on your hands.
If you are worried about travelling with your smartphone, try leaving it in a safe place in the hotel if you don’t think you are going to need it, or place it on your person in a place a pickpocket won’t try to reach. One popular measure is to attach your smartphone to an arm strap that people like to use when working out and then wearing something over it.
Also, try to have some sort of verification measure set up on your phone so that not just anyone can open it. This can take the form of a passcode (that isn’t “1111”), a fingerprint verification, a voice command, or something else. Check to see what options your phone has available and pick the one that fits you and is the most secure.

Conclusion

To review, there are a lot of threats out there, but there are an equal number of defenses. You need to maintain an active and current website, have an adaptable and strong defense for all of your technology, and be even more wary when travelling.
The final and best tip is to simply use common sense when using your blog. If something doesn’t look or sound right, don’t get involved. Check out any inconsistencies immediately. Don’t trust anyone.
Thank you for reading. I hope you have a better knowledge of the ways your blog is vulnerable and the ways you can protect yourself from hackers.🔺

__________________________________________

       CONTACT US..!!

___________________________________________

 

https://www.facebook.com/Walkalone3933?ref=bookmarks
https://www.instagram.com/walk._.alone/
https://www.instagram.com/hackingtipsandstuff/
                                                                  

---------->Walk._.Alone<-----------

 What is Cyber security?

    Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks.
Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
  Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.

A Definition of Cyber Security

Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

What are the consequences of a cyber attack?

Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation.
If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation.
The UK government's Cyber Security Breaches Survey 2017 found that the average cost of a cyber security breach for a large business is £19,600 and for a small to medium-sized business is £1,570.

The Importance of Cyber Security

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

Challenges of Cyber Security

For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:

• Network security
• Application security
• Endpoint security
• Data security
• Identity management
• Database and infrastructure security
• Cloud security
• Mobile security
• Disaster recovery/business continuity planning
• End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

Managing Cyber Security

The National Cyber Security Alliance, through SafeOnline.org, recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three key areas: identifying your organization’s “crown jewels,” or your most valuable information requiring protection; identifying the threats and risks facing that information; and outlining the damage your organization would incur should that data be lost or wrongfully exposed. Cyber risk assessments should also consider any regulations that impact the way your company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA, and others. Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk, protect the “crown jewels” outlined in your assessment, and effectively detect and respond to security incidents. This plan should encompass both the processes and technologies required to build a mature cyber security program. An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures.

 __________________________________________

       CONTACT US..!!

___________________________________________

 

https://www.facebook.com/Walkalone3933?ref=bookmarks
https://www.instagram.com/walk._.alone/
https://www.instagram.com/hackingtipsandstuff/
                                                                  

---------->Walk._.Alone<-----------

 

Experts: Hackers can steal your fingerprints from peace sign selfies

          
Cyber security experts are warning that when you throw up a peace sig
n in a selfie, you may be handing hackers your fingerprints.
The fingerprint sensor on your phone is the key to revealing all the private information stored on the device, and it generally does a good job of keeping the info secure.
But what if a thief were to get a hold of your fingerprint, and your phone?
The National Institute of Informatics in Japan has warned that photos posted online where the "peace sign" is flashed may be all that's needed to hack the sensor system using your fingerprint.
Cyber security experts say smartphone camera technology is now so great, and images are so detailed, that fingerprints can be copied simply by showing your fingertips to the camera.
It's not just super close-ups. Data shows that fingerprints can be grabbed from photos taken up to three meters away.
Unless you're very bizarrely shaped in the picture, or have a super long selfie stick, that covers pretty much every selfie you're likely to take and post to social media.
After you post that picture, your fingerprint could be isolated and lead hackers to all of your personal information without you knowing, until it's too late.
Reg Harnish, CEO of Greycastle Security, says the process for stealing fingerprints from photos isn't necessarily simple.
"The image itself would have to be clear enough where someone could actually pull the finger print off," says Harnish. "Then you'd need some technology to take the picture and turn it into to something that's actually useful like the biometrics on your iPhone or either biometric scanners for logging onto your pc or other types of things.
Harnish says to be mindful of all of your other passwords and personal security options. He recommends you change your passwords periodically.
So be careful of where you're "chunkin' up the deuces". Or at the very least, turn your hand around so no one can steal your fingerprints.

    How YOUR selfies are allowing crooks to steal your identity… by zooming in on your FINGERS: HD lenses mean thieves can replicate your fingerprints People uploading pictures to social media have been urged not to pose pulling the peace sign because crooks can use it to carry out identity theft. Celebrities are seen as those at the highest risk, but with fingerprint technology on the rise, people’s smartphones are seen as vulnerable and fraudsters could even break into workplaces … Professor Echizen carried out an experiment, which concluded data could be scanned from three metres away if the fingertips were exposed.

Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture,” Echizen also told Yomiuri TV.
He added that advanced technology was not necessary and anyone could easily copy fingerprints.
But NII says it has developed a transparent film containing titanium oxide that can be attached to fingers to hide their prints, the reports said.
The film prevents identity theft but does not interfere with fingerprints being effective in identity verification, the Sankei Shimbun reported.

It’s not the first time we’ve been warned against photographing our fingers. In 2014, a hacker demonstrated almost exactly the technique described above, where a German politician’s fingerprints were replicated from photos taken in public, from a distance of around three meters. A 3D mold of the fingerprint was created from the images, which could be used to unlock a secured phone.

 

we are anonymous we are legion we do not forgive we do not forget expect us!!

 _________________________________________________________________________

 Contact Us..!!

__________________________________________________________________________

https://www.facebook.com/Walkalone3933

https://www.instagram.com/walk._.alone/

                                                                 

---------->Walk._.Alone<-----------

Stealing Lastpass Passwords With Clickjacking

LastPass, a popular password management service with addons for Firefox, Chrome, and Internet Explorer suffered from a clickjacking vulnerability which can be exploited on sites without the proper X-Frame-Options headers to steal passwords. The password auto-fill dialogue can be overlayed with a deceptive page to trick users into copying and then pasting their password into an attacker’s site.
Update: After disclosing with the Lastpass folks via their support system and getting a very quick and helpful response this issue is now fixed for all the latest versions of Lastpass on Chrome & Internet Explorer. Kudos to the Lastpass guys for being so quick on patching! The only patch that is not available is for Mozilla Firefox due to Mozilla’s unwillingness to approve the update in a reasonable amount of time. See below for full details.
For the proof of concept example we’ll use Tumblr, which makes use of JavaScript to prevent clickjacking. The protection is ineffective however, as the site can be framed with an HTML5 iframe sandbox to prevent the page from executing JavaScript:

While the page has been prevented from running JavaScript, the Lastpass addon is still able to add its auto-fill functionality to the Tumblr login form. Since this page can be iframed we can overlay an entire page to redress the UI in order to trick the user into clicking through the Lastpass dialogues. The following image shows this UI being redressed to look like a CAPTCHA system against bots:

The user is prompted to copy the agreement text, followed by clicking on some “randomized buttons” before being asked to paste the agreement text back into a text box. What the user is unaware of is that they are actually copying their Lastpass password for Tumblr upon clicking button number three. When the user goes to paste the agreement text back into the website they are inadvertently giving away their password to the attacker’s site:

The trickery becomes obvious when the overlay is made slightly transparent:

A video demonstrating the vulnerability is also available here:

The fix for websites is possible by just using an X-Frame-Options: SAMEORIGIN header.
It would be trivial to build this exploit for other websites, please keep in mind that Tumblr has little to do with this issue – they are just the example. The core of the problem was with the Lastpass service.
Disclosure Timeline

• April 3, 2015 – Issue reported via the Lastpass ticket system
• April 4, 2015 – Lastpass responds with confirmation of this issue, confirms they will work on figuring out remediation. (Also discussing a mistake with the link I sent them showing the issue)
• April 20, 2015 – Patch implemented internally for testing before being pushed to production.
• April 22, 2015 – Path pushed to Chrome browser, other browser patches in the works.
• July 1, 2015 – Mozilla has still not pushed a patch out despite Lastpass submitting it on April 22nd.

The scariest part of this vulnerability has mainly been the fact the Mozilla has had time to review the patch for months and still hasn’t approved the patch. It’s worrying to think that security updates for Mozilla addons take months to reach users.


___________________________________________________________________________________

                                  CONTACT US..!!

___________________________________________________________________________________

https://www.facebook.com/Walkalone3933?ref=bookmarks

https://www.instagram.com/walk._.alone/

https://www.instagram.com/hackingtipsandstuff/
                                                                 

---------->Walk._.Alone<-----------

Ethichal Hacking Disclose

 
The term ‘Ethical Hacker’ is often misrepresented as the keywords "Ethical" and "Hacking" are an oxymoron. A hacker is defined as an unlawful individual breaking into systems and obtaining private data without explicit authorisation. Society in general has a perception of a hacker as a person wearing a hoodie and hiding in a dark basement.


On the other hand being ethical seemingly contradicts this as it is defined by having moral principles of right and wrong, which govern the conduct. Joining the two words together can cause confusion because of the contradiction, however these words perfectly define what a penetration tester does. I have found that when introducing myself as an ethical hacker, I am usually confronted with a chuckle followed with a question; how can a hacker be ethical? By the end of this article, I hope to shed greater light on the subject and bring to life how important and necessary ethical hackers are to the community and show how a hacker can be ethical.


An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious person could exploit. To test a security system, an ethical hacker uses the same methods as their less principled counterparts but they report problems instead of taking advantage of them in order to help remediate and close any potential risks.


An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. Effectively the main difference between a "white hat ethical hacker" and a "black hat hacker" is that they both have exactly the same technical skill competencies however, one has good morals and are genuinely interested in helping organisations close any security flaws to stop the bad guys getting in.


So we reach the question, "why contract an ethical hacker (penetration tester)"? Well the answer is simple, would you rather an ethical person help you find any vulnerabilities and to help fix them or would you rather a bad guy find them for you. The reality is the bad guys WILL and DO find them sooner or later! I have conducted many penetration tests and rarely have I found a completely secure environment or application.


In today’s fast-paced business world and the rapid advancement of technology, it is hard to install, maintain and completely secure any environment due to a multitude of variables. This is where a good pen testing company can come in and support the business by "ethically hacking" into systems, finding the vulnerabilities, exploiting them to demonstrate what damage a malicious person could do and produce a professional report, which highlights risks and offers a corresponding mitigation strategy.


As you can see the term ‘ethical hacker’ is defined exactly as it states; an ethical person hacking into systems to help protect information for the greater good.

___________________________________________________________________________________

                                  CONTACT US..!!

___________________________________________________________________________________

https://www.facebook.com/Walkalone3933?ref=bookmarks

https://www.instagram.com/walk._.alone/

https://www.instagram.com/hackingtipsandstuff/
                                                                  

---------->Walk._.Alone<-----------

we are anonymous we are legion we do not forgive we do not forget expect us!!

 

The Art of Email Spoofing Protection and Care

The art of email spoofing protections.

Email is a vital backbone of all businesses in todays fast moving connected world, defined as a protocol it is called ‘Simple Mail Transfer Protocol’ and it’s quite correct in saying that the protocol is quite simple. Email was never designed with security in mind, it was created when networks were small enough that everyone knew each other, and that alone was considered good enough reason to implicitly trust emails from each other, there were no identification checks in place.
However, as time went on networks got larger and larger with the internet becoming a massive global spanning network, and no longer could everyone implicitly trust each other. It was realised that it was possible to in effect ‘lie’ about who sent the email, giving rise to a form of attack known as email spoofing, where an attacker will forge the email headers to say the email is from a person it is not from. This can lead to various scenarios, most commonly where an attacker will forge the identity of someone to use their authorization in order to gain something, for example impersonate a CEO to order someone to wire money to a bank account.
In response to this three protocols have been introduced over time to attempt to mitigate the issue of email spoofing by providing mechanisms to verify that incoming mail is from the domain it claims to be sent from. These three protocols are known as the Sender Framework Policy (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting & Conformance (DMARC). These protocols will be explained in detail in how they operate, what they mitigate, and how to use them to help protect your own domain from being spoofed.
It’s important to note that there is no complete solution to prevent email spoofing. These protocols rely on the mail provider of the victim adhering to the usage of these protocols which cannot be guaranteed. However, the majority of mailbox providers will support these protocols and consequently deploying all three protocols will help to mitigate a vast majority of email spoofing attacks.

Sender Framework Policy (SPF)

The Sender Framework Policy works by providing a list of IP addresses that are authorized to send email on behalf of the domain. This IP list is stored in the DNS records of the domain as a TXT record. Email providers that have SPF implemented will lookup the DNS records of the domain from where the email is claiming to be from and if it finds an SPF record in the DNS it will then compare the SPF record’s authorized IP addresses to that of the originating IP address of the email. If these IP’s match then the email will pass the test, otherwise it will fail the test. What then happens to the email will depend on the fail states of the SPF implantation by the email provider, it may be marked as spam, or even rejected from the inbox. The following figure demonstrates SPF in action:

Image Source: https://itzap.com.au/prodimages/sender-policy-framework-explained.jpg

How to setup SPF

To setup SPF a TXT record is added to the DNS records of the domain sending the emails. The TXT record to be added is known as an SPF record and will define the parameters of SPF such as what IP addresses are valid senders for the domain. This SPF record can be created from scratch or by using online tools, below examples of the two are linked:
SPF from scratch: https://www.openspf.org/SPF_Record_Syntax
SPF from online tool: https://www.spfwizard.net/
Once the SPF record is created place this in the DNS records as a TXT record. To verify that it has correctly been added to the DNS records we can use a tool called DIG against the domain. DIG will lookup the DNS records of the specified domain, this is shown in the following picture where we can see that the SPF record exists in the domain:

Failures of SPF

While SPF does aid in the mitigation of email spoofing, it also has multiple downfalls. Firstly, SPF will only check the ‘envelope from’ of the email for the domain name and its related SPF DNS Record. This is separate to the ‘header from’ field which is the from email address that is visible to the end user in many email clients. This difference allows an attacker to create a spoofed email without failing SPF. Additionally, SPF has multiple fail states, including still permitting SPF failed emails to continue into the inbox of the victim. The settings for these fail states are often controlled directly by the Email Provider, which can cause difficulty in having these settings adjusted and tailored to what the company requires. Overall this makes SPF unreliable to solely use for preventing mail spoofing.

DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) is a mail protocol that enables the signing of emails in such a way that it is possible to verify who sent the mail through cryptographic signature. Elements of the email will be selected to be converted into a unique signature to the email through the method of hashing. These elements must remain unchanged throughout sending the email otherwise DKIM will fail its check on the receiving end.
Once this DKIM hash is created it is then encrypted with a private key held by the original sender. This encrypted DKIM signature is then sent along with the original email to the receiver. On receiving the email the mailbox provider will lookup the from domain for the public key which will be used to decrypt the DKIM signature into its original hash. The mailbox provider will now hash the selected elements themselves and compare it to the sent DKIM signature hash, if the two matches then it will pass DKIM authentication, proving who claims to have sent the email did send it. Otherwise if the hashes don’t match then the email fails DKIM authentication.

How to setup

To setup DKIM a TXT record is added to the DNS records of the domain sending the emails. This TXT record is known as a DKIM record and defines the parameters required by DKIM to be operational. One of the primary parameter of this record will be the public key of the private/public key required in order to encrypt and decrypt DKIM signatures. As shown in the following figure:
The process of setting up DKIM can be difficult to set up correctly the first time, it requires generating a public and private key pair and correctly placing the public key in your DNS records, and the private key within the email exchange server.
For the exact details on how to setup the record the following guide can be used: https://support.dnsimple.com/articles/dkim-record/

Failures of DKIM

However, DKIM has the same flaws as SPF, in that an attacker can forge the ‘header from’ address of the email which is the from email address that is visible to the end user in many email clients. DKIM will only authenticate the ‘envelope from’ address of the email which is generally hidden from the user. This, just like with SPF, can make DKIM unreliable for solely preventing mail spoofing.

Domain-based Message Authentication, Reporting & Conformance (DMARC)

Domain-based Message Authentication, Reporting & Conformance (DMARC) is the latest mail protocol that combines and improves the SPF and DKIM protocols, while also adding its own checks to resolve known issues with SPF and DKIM.
DMARC verifies that the email is being tested against DKIM and SPF correctly, and that the email is passing these protocol’s respective checks, DMARC also provides a way for organizations to specify what should happen if an email does fail the DKIM, or SPF checks, should the email be marked as spam, rejected, accepted, etc. DMARC also then adds another layer of check in the form of alignment checks which verifies the ‘header from’ domain in SPF matches the ‘envelope from’ domain name used, and that the ‘header from’ domain also matches the DKIM signature ‘d= domain’ header, thus preventing the use of ‘header from’ for email spoofing as has been an issue for SPF and DKIM. This process of alignment is shown in the following figure:

Source: https://www.dmarcanalyzer.com

Lastly the Aggregate reporting, and Forensic reporting features of DMARC provide valuable information and insight to its operations. The aggregate reporting side aids in helping to identify potential issues regarding the protocol, and identifying potential malicious activity, giving a general overlook of the operation of DMARC. The forensic reporting feature builds on this by providing detailed reports regarding specific of DMARC authentication failure. This can alert the company to attempts to spoof the company email address, as well as details about the email trying to spoof the domain, including IP information, time logs, authentication logs, From domain information, subject line, and any URLs included in the email.

How to setup

To setup DMARC there are three requirements that must be completed before enabling DMARC. Firstly, both SPF and DKIM must be enabled and correctly functioning beforehand. Secondly the Envelope FROM, Header FROM, and d=domain fields must all align and have the same domain and/or subdomain in order to pass DMARC’s alignment checks. Lastly two email accounts should be created to receive aggregate and forensic DMARC reports.
Once the aforementioned requirements are completed, setting up DMARC is a relatively simple process. The following link can be used in order to generate DMARC records simply:
DMARC Record Generator: https://mxtoolbox.com/DMARCRecordGenerator.aspx

A great feature of DMARC is that you can set the record up to have a policy of ‘none’ so that forensic and aggregate reports get sent on a DMARC failure, but the emails do not get rejected straight away. This is useful for troubleshooting the setup stages of DMARC, without causing any impact on emails being sent and received. Once the record is correctly setup and only failing the intended emails, then the policy can be upgraded to enact on emails failing DMARC. Once the DMARC record is created place this in the DNS records as a TXT record. This can be verified in the same way that the SPF records were verified by using DIG against the domain to lookup the DNS records of the specified domain, this is shown in the following picture where we can see that the DMARC record exists in the domain:
__________________________________________________________________________________

 Contact Us..!!

__________________________________________________________________________________

https://www.facebook.com/Walkalone3933?ref=bookmarks

https://www.instagram.com/walk._.alone/

https://www.instagram.com/hackingtipsandstuff/
                                                                   

---------->Walk._.Alone<-----------

we are anonymous we are legion we do not forgive we do not forget expect us!!

 

What is Hacking? Introduction & Types

 

 

What is Hacking?

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system

           Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.


In this Blog, we will learn-

• Common Hacking Terminologies
• What is Cyber Crime?
• Types of Cyber Crime
• What is Ethical Hacking?
• Why Ethical Hacking?
• Legality of Ethical Hacking
• Summary

Before we go any further, let’s look at some of the most commonly used terminologies in the world of hacking.

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.

Symbol	Description
	Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration Testing and vulnerability assessments.
	Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
	Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
	Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
	Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
	Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

What is Cyber crime?

Cyber crime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cyber crimes are committed through the internet. Some cyber crimes can also be carried out using Mobile phones via SMS and online chatting applications.

Type of Cyber crime

• The following list presents the common types of cyber crimes:
• Computer Fraud: Intentional deception for personal gain via the use of computer systems.
• Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, websites, etc.
• Identity Theft: Stealing personal information from somebody and impersonating that person.
• Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
• Electronic funds transfer: This involves gaining an UN-authorized access to bank computer networks and making illegal fund transfers.
• Electronic money laundering: This involves the use of the computer to launder money.
• ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
• Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
• Spam: Sending unauthorized emails. These emails usually contain advertisements. 

What is Ethical Hacking?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organization been hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

Why Ethical Hacking?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.

Summary

• Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
• Cyber crime is committing a crime with the aid of computers and information technology infrastructure.
• Ethical Hacking is about improving the security of computer systems and/or computer networks.
• Ethical Hacking is legal.

__________________________________________________________________________________

 Contact Us..!!

__________________________________________________________________________________

https://www.facebook.com/Walkalone3933?ref=bookmarks

https://www.instagram.com/walk._.alone/
                                                                    

---------->Walk._.Alone<-----------

we are anonymous we are legion we do not forgive we do not forget expect us!!

A hacker guide

BECOME A HACKER GUIDE

How To Become A Professional Hacker: 5 Skills You Need
Here we will talk about 5 hacking skills that will help you to become professional hackers. Check out the list of skills below

1) Basic computer and Networking skills
You need some basic computer skills to become hackers. Basic skills mean beyond the ability to create Microsoft word or powerpoint document. You must learn how to use a command line in windows, edit the registry and set up the network parameters. You must also try to understand networking like iPv4, iPv6, DHCP, NAT, Subnetting, DNS, Routers and switches, VLANs, OSI model, Public v Private IP, MAC addressing, ARP.



2) Linux Skill
Linux is extremely important if you want to become a pro hacker. If you have zero knowledge in Linux, then the best option is to start using Linux. Users can search for Linux series in Google that will help you to gain some knowledge regarding how to use Linux. The majority of hacking tools are developed for Linux.


3) Virtualization and Security Concepts
Do you know about Virtualbox, Vmware, and Workstation? There are virtual platforms where users test their hacks before they take them to the real world. The virtual environment is a safe environment where you can test and implement your hacking techniques. So, you must learn to properly use these virtualization benefits. You must also try to learn about security concepts because the only way to overcome the roadblocks created by security admins is to be familiar with them.



4) Wireless Technologies/Scripting
Wireless technologies become very handy to send information and data via invisible waves in the air. So, you must first learn and understand the functioning of wireless technologies. You must learn various encryption algorithms like WPA, WPA2, WEP, and WPS. Scription is another skill that is must-needed. Scripting will help you develop your own unique tools.

5) Database And Web Applications
If you want to become a good hacker then you must learn SQL language because this will help you understand databases and how they work. You can also learn major DBMS’s like SQL Server, Oracle or MySQL. If we talk about Web Applications then these are the software which we use on the internet via our web browser. Learning the concept of web applications will help you to make your own web apps to do whatever you want.


These are the five best skills that one needs to master the art of hacking. Hope you like the article, share it with others also.
hackers

https://www.facebook.com/Walkalone3933?ref=bookmarks

https://www.instagram.com/walk._.alone/
                                                                        

---------->Walk._.Alone<-----------