Best Way To Get Your Password: Social Engineering

In 2003, Ebay users received an email that their account were about to be suspended unless they update their credit card information. The attacker had set up a similar looking website in order to trick the users that they were accessing the legitimate website. A number of people had their credit card information compromised. Information were obtained without the hacker even trying to crack Ebay's servers.

Hello there buddy. I just need your credit card information.

In 2012, a hacker in a devcon event tried to hack a Wal-mart executive in just 20 minutes. He got every detailed information about the executive within that time span just by using his social engineering skills and a little bit of technical tools of the trade. The executive was compromised when he was called and he gave out all the information that the hacker needed. Computer OS version, Web Browser version and Anti Virus Software. Finally he was asked to fill out an online survey form which completed the exploit. This was done at devcon with hundreds of people watching the attack as it happened.

Yes Sir, please click that link. Thank you very much. We're done.

These incidents were made by a hacker which had no direct access to the system's server. This method is by far, easier and more practical because it gave the hacker a broader access to the victim's profile which may directly relate to how he secures his/her online identity. Cracking a system with hacking tools may take time and may not even be successful at worst.

One of the greatest hackers of all time, Kevin Mitnick (who later turned into a security consultant) was, at one time, the most wanted man in America. He gained unauthorized access to various network and systems by using his social engineering skills. He believed that the weakest link in computer security is the human element.

In order to protect yourself from such attacks, you must first know thy enemy.


Commonly Used Social Engineering Techniques

Phishing
Method of acquiring usernames, passwords, credit card information etc. by sending fraudulent emails to users and redirecting them to a non-legitimate website which may collect personal information from them.

Quid Pro Quo
It means "Something for Something"

• An attacker calls random numbers at a company, claiming to be calling back from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and, in the process, have the user type commands that give the attacker access or launch malware.

• In a 2003 information security survey, 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for a cheap pen. Similar surveys in later years obtained similar results using chocolates and other cheap lures, although they made no attempt to validate the passwords

Baiting

This is also known as the physical or the real world Trojan Horse. It uses physical media such as USB, CDs and other removable drives as an attack vector. This kind of attack relies heavily on malware and other malicious codes in order to carry out its goal. This may also trigger a wave of infection, affecting a large number of victims in a short span of time.

Now that we have known thy enemy, we can now protect ourselves from the threat.

Yes we can put him out of work.

How To Protect Yourself From Social Engineering Attacks

Password

• Create a strong and unique password by using combinations of upper and lowercase letters, characters and numbers. 
• Do not use easy to guess passwords such as your dog's name or your mothers maiden name.
• Do not use the same password for multiple sites.

Browser Security

• Always log out of devices which you do not own.
• Regularly update your web browsers. They regularly do updates in order to patch malicious exploits.
• Always look for the HTTPS when logging on websites that require personal information.
• Do not click on unfamiliar links.

Computer Security

• Regularly scan your computer for viruses.
• Do not install any unfamiliar applications which may execute malicious codes on your operating system.
• Unless you know what you are doing, steer away from pirated software.
• Do not entrust the security of your computer to strangers.
• Trust only certified technicians when it comes to your PC's maintenance or repair.

Remember, with a little bit of common sense and technical know-how, you can protect yourself from malicious hackers who exploit the human weakness in order to get personal information for their own gains.

Stay tuned and please like our facebook page in order to receive a daily stream of information.

Reference links:

http://en.wikipedia.org/wiki/Social_engineering_(security)

http://blog.hotspotshield.com/2013/08/08/how-to-protect-yourself-from-hackers/

http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm

Cool Way to Hide Files Behind Image Using CMD and WINRAR

Today, I will teach you a way to hide some of your file behind image. What I mean is, you will actually put your files behind an image. This is a very effective way to hide any file with use of WinRAR and CMD.
To start off, first you need WinRAR. You can use Google to download it. After you download it, install it to you system. After that we are ready to go.

Learn To Hide Files Behind The Images...
 
1. Select an image to be used as a "hideout" image. This is where you will hide your file.

2. Now, select your file to hide behind the image and make it in .RAR format (the add to archive option),with the help of the WinRAR.

3. Next, put the image and your file on your desktop. You may do this anywhere instead of desktop if you have some basic understanding of command line.

4. Now open CMD by going to Start > Accessories > Command Prompt or press Windows Key on you keyboard plus R (WinKey + R) and type CMD then enter and type following commands in it.

         cd desktop

5. CD stands for change directory by typing above command you change your directory to desktop. After that type command

copy /b imagename.jpg + filename.rar finalimage.jpg

Replace "imagename.jpg" with the name of the image you're going to use. Don't forget to add image format (Eg: .jpg,.png,.gif)

Replace "filename.rar" with name of your file you want to hide. It must be in .rar format.

Finally Replace "finalimage.jpg" with whatever name you want your final image with hidden files should be. This is the image where your file will be hidden.

This is how it goes...

Now for extracting your files inside the image...

When you  try to open this newly created image it will open as normal image, but you can observe that the image size was changed into the size of the file you hid. Now, to get your hidden file all you need to do is:

How To Access Hidden File ?
1. Open WinRAR
2. Now locate your image (the final image produced.)
3. Extract the file and done.


That's it. As simple as that you now hide you important file inside an image. This is very useful in hiding confidential files.

This is one of my favorite trick. :)

Computer 101: Binary and Measurement

Introduction

Computers have become one of the important gadgets of our life, most of our daily task heavily rely in this amazing machine. But have you ever wondered how it run and how they measure it? If you are curious on how computer works (even if your profession is not related to IT) then you came to the right blog! In this small article I will explain how computer works in simple but understandable words and explain how they measure it too that even most IT guys don't know yet.




Binary

To begin with this article let's talk about binary first, I'm sure most of you have heard about this but do you really know what it is? Well first of all binary is composed of two (2) characters only, 0 and 1 which represents on and off or open and close.

Everything you see or do in the computer is made up of millions to billions of 0's and 1's even images that you'll surely won't believe are also made up of 0's and 1's. Each pixel is represented by 8 or more 0's and 1's that's why a single image can reach up to several megabytes of memory because they are literally made up of millions of binary digit. To further picture how vast and great is this Binary System I will explain how conversion and measurement work in the binary system.

Measurement

Most of you are familiar with the basic Kilobyte, Megabyte or other types but do you really understand what is a byte? Byte is not really the smallest unit in computing, a byte is composed of 8 bits. A bit can be either 0 or 1. Example: 0110 1100, 0011 1110, 0101 1010, 0000 1100

Quick Fact: You might be wondering why they are divided by four, a byte can be divided into two equal parts (4 bits each) and they are called a "nibble".

Now by definition we can understand that 1 Kilobyte is 1,000 Byte or 8,000 bits or 2,000 nibbles right? So what do we call them? 1 Kilobyte is the standard unit, but sometimes we unknowingly use Kilobits for that one. So how do we differentiate them?

Byte vs Bits

Most of us don't care about this actually, especially if you're not in the field of IT. But somehow this will be helpful to you. A byte and bit are written in the same way Byte is B and Bit is b, Kilobyte is KB and Kilobit is Kb.

That's it? Just a small letter? Well actually yes, but it may somehow affect you, specially on promos. I can offer you a very cheap 8Gb USB flashdrive that you'll surely think is a big bargain, but wait a minute, "8Gb"? Whoa man! that's ridiculous because 8Gb is actually 8 Gigabits or 1Gigabyte (1GB). It is one of the biggest lies in our download speed actually, most programs show our download speed in BITS not in BYTES, so that you'll think you are downloading really fast, imagine the ability to fool you 8X just by changing "B" to "b"? I'm sure you'll be amazed to see 800Kbps than 100KBps thinking they are just the same with a little difference in the capitalized "B", but in the world of computing, that capitalization really matters.

Whoa man I think it's 1,024 not 1,000!

Oh yeah! Most IT guys will argue with this post because most of what we use is not exactly 1,000 well some of them at least, for example 1 Gigabyte of Random Access Memory (RAM) is actually 1,073,741,824 Bytes not 1,000,000,000 Bytes.

Hey! Are you trying to confuse me? Maybe that's what you are thinking right now, well, actually that is something wrong. What's wrong with it is the unit that we used, 1 Gigabyte is really 1 Billion Bytes and 1,073,741,824 Bytes is 1 GibiByte (GiB). Yes you read it right! Something new aye?

SI Unit of Digital Information Storage

You might be thinking that Kilo, Mega and Giga are already the SI (International System) Unit of Digital Information Storage, well you are wrong. Kibi (Ki), Mebi(Mi), Gibi(Gi), Tebi(Ti), Pebi(Pi), Exbi(Ei), Zebi(Zi) and Yobi(Yi) are the real SI unit for Digital Information Storage. They are defined as 1024(Ki), 10242(Mi), 10243(Gi), 10244 (Ti) and so on.

In Summary....

To summarize all of this I'll create a little chart for you.

B = Byte
b = bit

1 Byte = 8 Bits
1 Byte = 2 Nibble
1 Nibble = 4 Bits

1KB = Kilobyte [1,000 Bytes/8,000 Bits/2,000 Nibbles]
1Kb = Kilobit [125 Bytes/1,000 Bits/250 Nibbles]
1MB = Megabyte [1 Million Bytes/8 Million Bits/2 Million Nibbles]
1Mb = Megabit [125,000 Bytes/1 Million Bits/250,000 Nibbles]
1GB = Gigabyte [1 Billion Bytes/8 Billion Bits/ 2 Billion Nibbles]
1Gb = Gigabit [125 Million Bytes, 1 Billion Bits/ 250 Million Bits]

1KiB = 1024 Bytes
1MiB = 1,048,576 Bytes
1GiB = 1,073,741,824 Bytes
1Kib = 1024 Bits / 128 Bytes
1Mib = 1,048,576 Bits / 131,072 Bytes
1Gib = 1,073,741,824 Bits / 134,217,728 Bytes

That's all....

I guess this ends my little article about binary, I hope you enjoyed reading those numbers, if you want to request any future topics you can comment below and I'll try to research it.

And always remember that your 8Gigabyte game is made up of 64 Billion combinations of 0's and 1's.

Written By: SalbagSanting

Source: His memory, this article is a self-written article from his own memory, if you spot any mistake please indicate it in the comment section below.

Support the writer by visiting his facebook and their page:
www.facebook.com/TriviaManiaOfficial
www.facebook.com/SalbagSanting
www.facebook.com/AdminSalbagSanting

Geeky Troll: Scheduler

Introduction

This tutorial will cover a somehow, hidden tools on Microsoft Operating System (Hidden in a way that most users don't know about it), it's called Task Scheduler.

Step 1: Go to Run and type "Task Scheduler"

Step 2: Click "Create Basic Task"

Step 3: 
Type anything in the name then click "Next"
Choose "When Computer Starts"
Choose "Start a program"
Now browse for the browser he is using like firefox or chrome (shortcut in the desktop will do)
In the "Add Arguments" type any website you want

That's it!

Whenever his/her computer starts his computer will open that website.

You can also try to experiment with this trick like instead of "When computer starts" set it at 12:00 in the evening then open a scary website, if he's already browsing the internet it will be opened as a new tab which is scarier.

Happy Trolling

Geeky Troll Part 1

Introduction

Trolling or simply annoying some people using jokes and pranks. Well you cannot complete your trolling experience without using one of the most used device in the world, the computer. But I will show simple tricks and those tricks that cannot harm someones PC.

Okay Let's start

The shutdown prank

This prank will simply shutdown and display a message when a user clicked the shortcut/program.

Step 1: Right-click in your desktop and Click New--Shortcut

Step 2: Type "Shutdown -s -t 100 -c "Trojan Horse Activated"

Note: -t 100 means that in 100 seconds the computer will shutdown (change it for more fun)

-c "Trojan Horse Activate" will display the text inside the "" when they clicked it.

Click next then finish

But that doesn't look convincing right?

Now let's pick a software in the desktop to follow. 

In this tutorial i'll choose chrome because it is a frequently used software.

Step 3: Now Right-Click the software you want to copy and click "Properties" Then "Change Icon"

Copy the link you see above

Step 4: Now do the same with the shortcut you created, Right-Click it, Choose "Properties"--"Change Icon". Paste the path you copied recently to the path now and hit Enter.

You'll now see the icons of Google Chrome, Choose the appropriate Icon then click ok then apply.

Just rename your shutdown.exe icon then delete/hide the google chrome original icon.

Enjoy!

Life of a Gamer

Warning: This is an opinionated post about my personal experience about gaming, you're free to give your reaction but what you will read here is my true experience and opinion about the advantage and disadvantage of a gamer.

Introduction

Console and PC gaming is one of the most popular hobby today, gamers are not just male or teens now, the number of female gamers are increasing gradually. Most non-gamers see this kind of hobby as a useless thing to do, a waste of time and will bring no good to an individual. But if we just look at the brighter side we can see lots of benefits from this hobby (but in moderate state).



Socialization

Most people say that gamers don't have social life, well that's true for gamers staying in their house and playing non-stop there, but there are type of gamers that uses LAN connected to play with other or other engine to connect online, this team play usually consist of a good team, and that team is composed of members that know each other personally and will play as a whole (physically) so they gather in a certain location and go to other towns to compete the best players there.

Teamwork

Most gamers know how to value their friends, because they experienced on the game they played that you need trusted friends to win or dominate in a game. That's why even in a non-game situation they can call their play mates to gather and unite for a common goal, like what happen in a contest, all of those 200+ gamers united to help their fellow mates to win a contest even though they don't really know each other personally or in real life.

Patience

This is a very important trait or a gamer, those who succeed in most strategy games requires high patience, that's why those players who can't wait usually die and they do not improve their gaming skills.

Strategy

Strategy is a vital skill that every gamers must possess, without strategy you can't win any game (except for hacked game or luck-based game). That's why gamers can easily think of an strategy for a real-life situation than non-gamers (most of the time).

Fast-Thinking

Games like Starcraft, DotA and FPS games requires fast strategy, and you need to think and react faster than a second in order to win a surprise attack, and most professional gamers got this, when they saw an enemy they need to decide quickly whether to attack, wait for some moments or to flee.

Stress Free

Well this is a fact that all of us can't deny, gamers have more peaceful mind (specially if they win), that's why this is called a "hobby" it means we enjoy doing this thing, and doing the things you enjoy will definitely erase your stress in life.

Personal Experience: During my HS years I usually have a hard time to decide faster, that's why I used DotA to train myself to create a strategic decision in the shortest time possible. In just a year of playing the game I noticed that my decision making skills improved dramatically. I also played tribalwars (my most favorite game), from that game I learned how to read people's mind and next move, I learned how to cooperate and to lead a group of people and how to get along with them properly (specially we are from different parts of the world) and I can say that even today I still use the benefits of playing computer games. But still, if you play too much it might get along with your real life, remember that games are meant to be played, it wasn't meant to play you.

The 101 Guide to use torrent

Introduction

Most of us already heard about "Torrent", using torrent to download a file is the easiest and most convenient way to download a file, there is no "interrupted download" with torrent, because you download a file piece by piece and when you shutdown your PC you can still resume it the next time you open it, it's also easier to find a software,movie,song or other files (legal or illegal). But many people don't know how to use this amazing software, in this article I will teach you how to use it.

Downloading the software
Bittorrent: http://www.bittorrent.com/downloads/
Utorrent: http://www.utorrent.com/downloads/complete?os=mac

You need to download the software first, there are different torrent engines (I prefer uTorrent), so you can use whatever you want.

Looking for a torrent file

Now that you have a software to download a torrent file, the next thing we will do is to find what to download, in this tutorial we will download a Men in Black 3 movie.

First search for something you want to download and add a "Torrent" in it, in this case this are the top results for that torrent, try to download a torrent file on trusted sites like thepiratebay, isohunt and other sites.

Choosing the best torrent:

When choosing what torrent file to download we must consider some factors.

1. Video Quality (For movies): Quality copy of newly released movies are hard to find because there are no DVDRip version yet, so your best shot is to look for a Cam version of the movie and look for the comments about its quality.

2. Seeders and Leechers: This is a very important part of a torrent, a healthy torrent usually has 1,000+ seeders. Seeders are computers that has the complete the file where you can download it, leechers are people who are downloading that file too, so it is good to choose a torrent with 5:1 ratio of seeders and leechers for a fast download.

3. Comment and ratings: Some losers will try to upload a file with binded virus in it, so try to read the comment first if it is a legit copy or if its working or not.

Downloading the torrent:

There are two ways to download a torrent:

Using magnet links: When you click a magnet link (magnet icon or sometimes in text) your torrent engine will open and ask if you want to download it. (Image Below)

Using .torrent file: You can also download the .torrent file, just click the part where it says "Download .torrent" or "Download Torrent" then you'll be prompted to save it, when you finish downloading it you can drag it inside your torrent engine.

Open your file:

When you finish downloading the torrent you can now right-click it (in torrent engine) and click "Open Containing Folder" in this torrent you'll see a .avi file and that is your downloaded file, you can now watch and enjoy it.

Speed Up the download:

To increase the download speed simply click Options -- Preferences -- Bandwidth.

Then change Global maximum number of connections into higher number (5000 for example) also change the "Maximum number of connected peers per torrent to something like 1000.

Note: This will only work if you have a fast internet.

For question, suggestion and violent reaction just leave a comment and we'll try to answer it as far as we can.

All about Mario

Brief History

Mario, a name that most kids in our century might not know, the guy who break bricks using his head but will die when he touched a walking or flying turtle. The game was created by Shigeru Miyamoto and Gunpei Yokoi which is also two of the lead developer of Donkey Kong.

Did you know? 

-In Donkey Kong, Mario was known as "Jump Man", he was also a carpenter during that time.

-The name Mario was named after Mario Segale, he was the landlord of Nintendo in america.

-His occupation was later changed to plumber because most of the settings in Mario Bros. is in the sewage system.

Character Design

The whole character of Mario is all because of hardware limitation at that time, large pixel and limited colors gave birth to this well known character. The hat is added instead of hair because a hat is easier to portray than hair during those times. His mustache that made him look like an Italian is added because it is easier to show in the game than a nose. He also have dungarees to make the movement of his arm more noticeable.

Luigi

Luigi was introduced in Mario Bros. as the brother of Mario (available in multiplayer).

Fun Facts about the Mario Bros.

-They are called "Mario Bros." which means Mario's full name is Mario Mario while Luigi is Luigi Mario

-Mario's girlfriend is Pauline, while the girlfriend of Luigi is still unknown.

-The naughty counterpart of Mario is Wario from Warui (Bad in Japanese) and Mario.

-Luigi also have a counterpart which is Waluigi.

-The main antagonist Bowser was originally drawn as an Ox, but he was assumed as a turtle by Yoichi Kotabe.

-Contrary to popular belief, Mario do not break bricks using his head, he uses his arm to break them.

-Mario ones became an antagonist in the Donkey Kong Jr. game, he kidnapped Donkey Kong and Donkey Kong Jr. must rescue him from Mario.

-Bowser wasn't bad after all, in the Super Mario RPG: Legend of the Seven Stars Bowser helped Mario.

The Legend

We cannot end this article without mentioning a little fact about the legendary theme song of Mario series (Before, I only know it as "Tenen ten tenen..ten and etc"), but Did you know? that the theme song is known as "Ground Theme" and as a matter of fact, it is the most recognizable piece of game music ever recorded. It remained in the Billboard Ringtone Charts for 125 weeks.

Mario already appeared on more than 200 video games, and the Super Mario franchise was recognized by Guinness Book of World Record as the most successful game franchise in the history, with more than 240 Million sold units.

The first Super Mario Bros. game has sold more than 40.24 Million copies and remained as the best-selling game of all time until Wii Sports surpassed it with 41.65 Million units sold.

Sources:

http://www.guardian.co.uk/technology/gamesblog/2010/sep/13/games-gameculture

http://en.wikipedia.org/wiki/Mario_Bros.

http://www.neatorama.com/2007/09/22/10-mario-fun-facts/

Protect the Net: Phishing

What is a phishing?

Phishing is a type of hacking where the attacker copy a website that you use in order to acquire information such as email, username and password. An attacker will copy the exact source code of a given page then change on how the data will be transmitted, instead of sending it to the server the webpage will simply log your data and redirect you to the actual site.

How to detect a phishing site?

The URL:

The very first thing you should see is the URL or Uniform Resource Locator, so a phishing site for facebook will not show http://facebook.com in your address bar, the attacker will have for example facebo0k.webhost.com, so whenever you are asked to sign-in you have to look first in your address bar and see if it is the real site.

Redirect:

A phishing site is not connected to the actual site so the best thing it can do is to redirect you to the original website after giving your information.

For example:

You are in facebook and someone send you a link. You clicked the link and you see the facebook home page and asking you to login.

You will normally see the website asking you to login (see picture above). And because you want to see the link or just relogin you will enter your email and password (you are not actually logged out), when the phishing site got your account it will just simply redirect you to the original website. Because you are not really logged out you will still see your account and suspect nothing, but your information is already stored in their database. If you experience clicking a link and you are suddenly logged out for no reason then it can be a phishing site and look for the URL first before doing anything.

Source:

http://en.wikipedia.org/wiki/Phishing

http://computer.howstuffworks.com/phishing.htm