Tagged: Security

Phishing By Phone

A paper at recent security conference gets all worried about web-enabled gadgets like phones and games consoles being a haven for phishing scams. They direct people to a fake version of a site where they have a secure account, like a bank, and harvest the details they type in.

The problem is, say researchers at University of California, Davis, that cramming a browser onto a small screen means bits are chopped off. One of the first things to go is the address box that shows the URL you are visiting – the place to check if you want to know if you are being phished.

As well as not displaying full URLs, mobile web surfers are not encouraged to type out addresses in full like on a full-size computer.

That means people are more likely to select links in emails, and less likely to notice that they are not the URL they are expecting, the researchers found.

They suggest browsers should display full URLs, and that another solution would be to change the way phones use the web. Instead of surfing directly, they could go via an intermediary service that screens all the content they access.

Mobile web use is said to be growing fast as devices like the iPhone compete to make it easier – and an increase in phishing is sure to follow. The solutions suggested could certainly work, but I don’t think it will be long before mobile browsers get built-in phishing warnings like conventional browsers do.

Secure your Web tech using Websecurify

With lots of application testing frameworks like Acunetix and Saint available,its quite difficult to make a mark in the  security market,however when it comes to secure your web technologies,Websecurify does a pretty good  job.Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.

Key Features

JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.

Multiple Environments – The core technology can run in normal browsers, xulrunner, xpcshell (command line), inside Java or as part of a custom V8 (Google Chrome‘s JavaScript Engine) build. The core is written with extensibility in mind so that more environments can be supported without changing even a single line of code.

Multi-platform – The tool is available and successfully runs on Windows, Mac OS, Linux and other operating systems.

Automatic Updates – Every single piece of the tool is subjected to automatic updates. This means that newer and more advanced versions of the tool can be shipped to your front door without you lifting your finger. This however is completely optional. The automatic update can be turned off if needed.

Extensions – Because the tool comes wrapped in xulrunner by default (keep in mind that we can support any other JavaScript en vironment) we benefit from all cool features that Firefox has, such as extensions. Extensions are easy to write and maintain and can customize every single aspect of the tool and there are already tones of resources and documentation, including books and what not, out there to teach you exactly how to do that. We will be providing documentation as well.

Source:  http://rdhacker.blogspot.com/

Secure Your Computer System with these steps

Today, more and more people are using computers for everything from communication to online banking and investing to shopping. People are using computer on regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. In this article, we are discussing some easy, cost-effective steps to make your computer more secure.

  1. When you are doing some important work, always make backups of important information and store in a safe place separate from your computer.
  2. You have to update latest patches on your computer system, web browser and software frequently. Update your computer system regularly.
  3. Install a firewall. Without a good firewall, viruses, worms, Trojans, malware and adware can all easily access your computer from the Internet.
  4. Review your browser and email settings for optimum security. Why should you do this? Active-X and JavaScript are often used by hackers to plant malicious programs into your computers. While cookies are relatively harmless in terms of security concerns, they do still track your movements on the Internet to build a profile of you. At a minimum set your security setting for the “internet zone” to High, and your “trusted sites zone” to Medium Low.
  5. Install antivirus software and set for automatic updates so that you receive the most current versions.
  6. Do not open unknown email attachments. It might be virus.
  7. Do not run programs from unknown origins. Also, do not send these types of programs to friends and coworkers because they contain funny or amusing stories or jokes. They may contain a Trojans horse waiting to infect a computer.
  8. Disable hidden filename extensions. By default, the Windows operating system is set to “hide file extensions for known file types”. Disable this option so that file extensions display in Windows.
  9. Turn off your computer and disconnect from the network when not using the computer. A hacker can not attack your computer when you are disconnected from the network or the computer is off.
  10. Consider making a boot disk on a floppy disk in case your computer is damaged or compromised by a malicious program. Obviously, you need to take this step before you experience a hostile breach of your system.