Now you all can invite me on skype for any kind of help required as my username is krackoworld


30 May 2013

How to Hack PayPal Accounts to Steal User Private Info


paypal PayPal as you all knows one of the leading companies in today’s online transaction. Recently Nir Goldshlager, founder of Breaksec and Security Researcher reported critical flaws in Paypal Reporting system that allowed him to steal private data of any PayPal account. Exploiting the vulnerabilities he discovered, allowed him to access the financial information of any PayPal user including victim's shipping address, Email addresses, Phone Number, Item name, Item Amount, Full name, Transaction/Invoice ID,  Transaction, Subject, Account ID, Paypal Reference ID and many more.

He found that PayPal is actually using the Actuate Iportal Application (a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website.

After going deeply through the source code of trial version, Nir located a file named getfolderitems.do that allowed him to access user's data without credentials. For more information see the pictures below-

Critical Vulnerability allowed hacker to spy on PayPal accounts

paypal_reports_hacked 
Update- PayPal Security Team has fixed this bug now! Thanks…

Also read- How Hackers can Make Money with PayPal Bug Bounty Programs?


25 May 2013

What is Zero Day Attack or Exploit?- Know its Prevention


zero day attack A zero-day (or zero-hour or day zero) attack is an attack that exploits a previously unknown vulnerability in a computer application, i.e the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability etc.

Ordinarily, when someone detects that a software program contains a potential security issue, that person or company will notify the software company (and sometimes the world at large) so that action can be taken. Given time, the software company can fix the code and distribute a patch or software update. Even if potential attackers hear about the vulnerability, it may take them some time to exploit it; meanwhile, the fix will hopefully become available first.

Sometimes, a hacker may be the first to discover the vulnerability. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection:

  • Use virtual LANs (IPsec) to protect the contents of individual transmissions.
  • Deploy an intrusion detection system (firewall).
  • Introduce network access control to prevent rogue machines from gaining access to the wire.
  • Lock down wireless access points and use a security scheme like Wi-Fi Protected Accessor WPA2 for maximum protection against wireless-based attacks.

Zero Day Attack Prevention tips:

1. "Multiple layers" provides service-agnostic protection and is the first line of defense should an exploit in any one layer be discovered. An example of this for a particular service is implementing access control lists in the service itself, restricting network access to it via local server firewalling (i.e., IP tables), and then protecting the entire network with a hardware firewall. All three layers provide redundant protection in case a compromise in any one of them occurs.

2. The use of port knocking or single packet authorization daemons may provide effective protection against zero-day exploits in network services. However these techniques are not suitable for environments with a large number of users.

3. Whitelisting effectively protects against zero day threats. Whitelisting will only allow known good applications to access a system and so any new or unknown exploits are not allowed access. Although whitelisting is effective against zero-day attacks, an application "known" to be good can in fact have vulnerabilities that were missed in testing. To bolster its protection capability, it is often combined with other methods of protection such as host-based intrusion-prevention system or a blacklist of virus definitions, and it can sometimes be quite restrictive to the user.

4. Engineers and vendors such as Gama-Sec in Israel and DataClone Labs in Reno, Nevada are attempting to provide support with the Zeroday Project, which purports to provide information on upcoming attacks and provide support to vulnerable systems.

5. Keeping the computer’s software up-to-date is very important as well and it does help.

6. Users need to be careful when clicking on links or opening email attachments with images or PDF files, even if the sender is someone they know. This is how many cyber criminals deceive users, by pretending they are something they are not and gaining the user’s trust, as well as having a virus or other malware email copies of itself to the address lists of infected victims.

7. Utilize sites with Secure Socket Layer (SSL), which secures the information being passed between the user and the visited site.

That’s it!


09 May 2013

5 Tips to Prevent Online Account Hacking-Taking Hacking Efforts to the Base of Humiliation


online account hacking Hacking

Basically, with the changing face of technology, many online resources are increasingly falling victim due to many hacking due to attempts. Indeed, due to the failure of many online enterprises as well as persons to have a stable, highly integrative security systems on their accounts, hackers are taking advantage of weak access points leaving destruction beyond imaginations. But can that be curbed? A question is rattled by many. Well, with a particular focus on many online niches, certain efforts have proven worthwhile in preventing online account hacking. Let's take a look.

Preventing Hacking on Online Accounts


The first step of preventing hacking on online accounts is to keep vigil on the running accounts on your computing systems. This tip has seen many online accounts emerging as strong programs to bring rapid time to value in efforts to curb online accounts. This is because every single program in the internet launches a process that displays any information together with account access points in the windows task manager. Therefore, keeping vigil of the running processes can help identify any hacking attempts as well as increase operational performance to security systems.


Computer protection through strong and impermeable security software might prevent advanced hackers from cracking into platforms with sensitive data and online accounts. An antimalware application as well as an antivirus (the latest version) provide a standardized, industry-leading practice delivery security mechanism that enables your account to offer fixed-scope security capabilities hence preventing any hacking practices. For instance, the child tax credit helpline has redefined value for customers as well as preventing hacking by having a strong bond of security system through malware applications and related security software.


As if this is not enough, the use of strong passwords that are well equipped by physical personal identifiers like voice and fingerprint identifier metrics has also shown continued ability to prevent spammer hacking efforts. In fact, such metrics strengthen the passwords hence preventing other computer crimes like cracking, industrial espionage, piracy and even fraud. Although strong passwords offer one of the best approaches in preventing hacking, it is true that serious and competent hackers will still find way to online accounts by using the key logger application. Therefore, weakening key logs by making use of unique passwords made up of a combination of letters, symbols, and numbers will be a technological initiative that will have an immediate impact on hacking.


Unprotected public networks, which have become the order of the day in the provision of free Wi-Fi and other web access protocols, are threat to online accounts. Through the special software, a hacker sitting in the same cyber café with you can gain access to all your password at a time when you are trying to access certain accounts. But how is it possible? Well, public networks are unprotected and attract a lot of people which make them prone to hacking therefore should never be used for online shopping, banking or even in many email forms.


Finally, it is no secret that many hackers are advancing towards freeware which occurs in many forms of downloads. This means that free downloads and other no-fee applications are being used by hackers to gain an internal metric in many accounts, both enterprise based and personal. Therefore, minimizing interactions with free downloads and applications will reduce the level of risk posed by online account hackers. With all these approaches, you can now redefine and expand your online account security by enabling industry-focused solutions to cut short and handicap any hacking efforts.


05 May 2013

Tips to Improve the security of your WordPress Blog and Make Bullet Proof


wordpress security tips Well Security is not really a massive issue until your blog starts becoming popular. If you start receiving a decent amount of traffic, your blog will become the target of online malcontents. Traffic may be turned into cash online via a large number of various (and sometimes nefarious) routes. It is good practice to start as you mean to go on and introduce blog security from the outset. Here are some tips that anyone can use, even if you are not technically/programmatically trained.

 

Recent Posts

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |