You come to to your college campus hostel room day and you find your dean, and cyber cops standing on door. Well why ? Someone gave a tip-off that you’re storing illegal CREDIT card information / Terrorist information on your email. You’re sure that you didn’t indulge in any such activity and try to prove that by showing your email inbox and machine. Alas, you find that there are several files that contain database of stolen Credit cards, etc. Well, hey, you’ve been using hard to guess passwords ( after all that’s a tip every security guy gives), you keep a latest Antivirus software + Firewall to keep your machine Hacker Safe.
But, that’s not your machine that’s a network where the boundries of all those installed “hacker-safe” tools is render
You have been using hard-to-guess passwords and changing them regularly. How could someone have gotten access to your account to use it for this activity? One likely possibility is that you have been a victim of a password sniffer attack.
You’re online and reading this posts, via internet, which is by concept a network of wire meshes. By principle is WiFi too is nothing but a wireless version of the same wired network topology- which inadvertendly is vulnerable. Whether you’re subscribed to the local cable internet walah, or a LAN inside your office you might be totalled.
The problem is that we feel installing a good updated antivirus or firewall will protect us from the malicious hackers. That’s nothing but an illusion, a false sense of security.
The whole point is about understanding the basics that lie behind the TCP/IP protocol. All the network data can be seen as packets flowing around which can be snooped.
Take for example an experiment I did yesterday, I ran up a sniffer program in the Windows environ to see what might be flowing through my Local Area Network. Not much to surprise , the passwords could easily be seen travelling in plaintext. Checkout this image1
One can intercept chat conversations at will. Google Talk, MSN , Yahoo,Rediff India do not use SSL or any encryption to secure the Chat conversations. So your amorous private conversation with your girlfriend, or serious ones with business affiliates might be just seen in plain by a malicious attacker sitting somewhere in the Local Area Network. All IITs, and college campuses employ LANs to distribute internet among, which by principle is not a safe environment.
Checkout this image: You may see the passwords of users :ajay… , prafull… etc… I do not know them since they might be sitting in some part of my Local LAN in my residential area. But I have their passwords.
Common FAQ that might arise after reading this short piece of text:
Q: Am I safe doing my business transactions via internet on LAN ?
A: Quite safe as of now. All the leading Internet transations are facilitated using CRYPTOGRAPHY embedded in their webpages. Security certificates and SSL is a good protection from getting sniffed in the LAN environs.
Q: Does my latest firewall, or antivirus protect me agaist such type of attacks?
A: Heck, no! Firewalls are only good when it comes to inbound attack security. The hacker might not be able to intrude your machine, or send viruses/trojans. Firewalls/AVs are defunct after the data escapes your machine and enters the Network, any snooping eye can catch hold of it.
Q: Any protections?
A: 100 percent security comes when you plug off your wires. For now make sure you use secure logins. (the ones having a https in front, to ensure your data is being encrypted.
When a hacker gathers encrypted data, its generally useless for him, unless he takes the pain to demystify the key by using BRUTEFORCE and Dictionary type attacks. Very few crackers adopt this, due to the amount of time involved in complex mathematical attacks.
Well you
But, that’s not your machine that’s a network where the boundries of all those installed “hacker-safe” tools is render
You have been using hard-to-guess passwords and changing them regularly. How could someone have gotten access to your account to use it for this activity? One likely possibility is that you have been a victim of a password sniffer attack.
You’re online and reading this posts, via internet, which is by concept a network of wire meshes. By principle is WiFi too is nothing but a wireless version of the same wired network topology- which inadvertendly is vulnerable. Whether you’re subscribed to the local cable internet walah, or a LAN inside your office you might be totalled.
The problem is that we feel installing a good updated antivirus or firewall will protect us from the malicious hackers. That’s nothing but an illusion, a false sense of security.
The whole point is about understanding the basics that lie behind the TCP/IP protocol. All the network data can be seen as packets flowing around which can be snooped.
Take for example an experiment I did yesterday, I ran up a sniffer program in the Windows environ to see what might be flowing through my Local Area Network. Not much to surprise , the passwords could easily be seen travelling in plaintext. Checkout this image1
One can intercept chat conversations at will. Google Talk, MSN , Yahoo,Rediff India do not use SSL or any encryption to secure the Chat conversations. So your amorous private conversation with your girlfriend, or serious ones with business affiliates might be just seen in plain by a malicious attacker sitting somewhere in the Local Area Network. All IITs, and college campuses employ LANs to distribute internet among, which by principle is not a safe environment.
Checkout this image: You may see the passwords of users :ajay… , prafull… etc… I do not know them since they might be sitting in some part of my Local LAN in my residential area. But I have their passwords.
Common FAQ that might arise after reading this short piece of text:
Q: Am I safe doing my business transactions via internet on LAN ?
A: Quite safe as of now. All the leading Internet transations are facilitated using CRYPTOGRAPHY embedded in their webpages. Security certificates and SSL is a good protection from getting sniffed in the LAN environs.
Q: Does my latest firewall, or antivirus protect me agaist such type of attacks?
A: Heck, no! Firewalls are only good when it comes to inbound attack security. The hacker might not be able to intrude your machine, or send viruses/trojans. Firewalls/AVs are defunct after the data escapes your machine and enters the Network, any snooping eye can catch hold of it.
Q: Any protections?
A: 100 percent security comes when you plug off your wires. For now make sure you use secure logins. (the ones having a https in front, to ensure your data is being encrypted.
When a hacker gathers encrypted data, its generally useless for him, unless he takes the pain to demystify the key by using BRUTEFORCE and Dictionary type attacks. Very few crackers adopt this, due to the amount of time involved in complex mathematical attacks.
Well you
No comments:
Post a Comment