Denial-of-service attack DOS

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

Symptoms and manifestations

The United States Computer Emergency Readiness Team (US-CERT) defines symptoms of denial-of-service attacks to include:

• Unusually slow network performance (opening files or accessing web sites)
• Unavailability of a particular web site
• Inability to access any web site
• Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk space, or processor time.
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

• Max out the processor's usage, preventing any work from occurring.
• Trigger errors in the microcode of the machine.
• Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
• Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
• Crash the operating system itself.

Php and Cookies

Cookies are basically small files which are stored in User’s Computer. Their main purpose is to hold data specific to a particular client and Website, They can only be accessed either by Web Server or the client computer. This allows the server to access user specific data while saving space on the web server, It allows the server to deliver specific tailored web pages to a particular user.

Cookies act as a mechanism to store data in the remote browser and thus tracking and identifying return users.

A Cookie mainly contains data in (key,value) pairs for example (name,xyzabc) , (message,cookies are great).

That’s a lot of theory there now let’s move on how to use cookies using PHP 

Cookies in PHP 

PHP provides us a with suite of functions for manipulation of cookies.

Setting of Cookies

These functions include setcookie() or setrawcookie() . As cookies are a part of HTTP headers so , it’s obvious we need to call setcookie() before sending any data.

Accessing Cookies

Any cookies which are sent to the server from the client will be automatically included in $_COOKIE auto – global array.

These cookies can be accessed using following syntax:-

Code:

   $_COOKIE['name'];

Using Cookies in PHP

The setcookie() function is used for setting of cookies

Syntax :- 

Code:

setcookie(name, value, expire, path, domain, secure, httponly);

Note: In the above all arguments except name is optional.

Example:-

Code:

setcookie('name', 'xyzabc');

This declares a cookie with name=name and value=xyzabc , As no expire time is provided the cookie will be deleted from the browser after ending the session.

Example involving Expire time:-

Code:

  $minutes = 20;

  setcookie('name', 'xyzabc' , time()+($minutes*60));

As the ‘expire’ time input should be in seconds we multiplied it with ‘60’ as each minute contains 60 seconds.

Printing:-

Code:

  echo $_COOKIE['name'];

This would print the value of cookie which we earlier set using setcookie()

Output:-

Code:

  xyzabc

Making a Simple Application in PHP using Cookies

Now that we know quite a lot about what are cookies and how do we use them lets use them and make a small PHP Application.

Visited.php :-

 

Code <?php

  // Header Contents

  

  $days = 10;

  $hoursPerDay = 24;

  $minutesPerHour = 60;

  $secondsPerMinute = 60;

  

  if(!isset($_COOKIE['visited']))

  {

      setcookie("visited",1,time()+($days*$hoursPerDay*$minutesPerHour*$secondsPerMinute));

  }

  

  ?>

  <html>

      <head>

          <title>

              Sample Page

          </title>

      </head>

      <h1>Welcome Visitor</h1>

      <body>

           According to your browser cookies you

           <?php

           if(isset($_COOKIE['visited']))

           {

              echo '<b>have</b>';

           }

           else

           {

              echo '<b>have not</b>';

           }

           ?>  visited our site in the last 10 days.  

      </body>

  </html>

 

Output :- 1. When visiting for the first time :-

Code:

  Welcome Visitor

  According to your browser cookies you have not visited our site in the last 10 days.

2. Not visiting for the first time

 

Code: Welcome Visitor

  According to your browser cookies you have visited our site in the last 10 days.

Virtual Computing Network

In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.

VNC is platform-independent – a VNC viewer on one operating system may connect to a VNC server on the same or any other operating system. There are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa.

VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United Kingdom. The original VNC source code and many modern derivatives are open source under the GNU General Public License.

VNC in KDE.

There are a number of variants of VNC which offer their own particular functionality; e.g., some optimised for Microsoft Windows, or offering file transfer (not part of VNC proper), etc. Many are compatible (without their added features) with VNC proper in the sense that a viewer of one flavour can connect with a server of another; others are based on VNC code but not compatible with standard VNC.

A VNC system consists of a client, a server, and a communication protocol.

• The VNC server is the program on the machine that shares its screen. The server passively allows the client to take control of it.
• The VNC client (or viewer) is the program that watches, controls, and interacts with the server. The client controls the server.
• The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client ("Put a rectangle of pixel data at the specified X,Y position") and event messages from client to server.

In the normal method of operation a viewer connects to a port on the server (default port 5900). Alternatively a browser can connect to the server (default port 5800). And a server can connect to a viewer in "listening mode" on port 5500. One advantage of listening mode is that the server site does not have to configure its firewall to allow access on port 5900 (or 5800); the onus is on the viewer, which is useful if the server site has no computer expertise, while the viewer user would be expected to be more knowledgeable.

The server sends small rectangles of the framebuffer to the client. In its simplest form, the VNC protocol can use a lot of bandwidth, so various methods have been devised to reduce the communication overhead. For example, there are various encodings (methods to determine the most efficient way to transfer these rectangles). The VNC protocol allows the client and server to negotiate which encoding will be used. The simplest encoding, which is supported by all clients and servers, is the raw encoding where pixel data is sent in left-to-right scanline order, and after the original full screen has been transmitted, only transfers rectangles that change. This encoding works very well if only a small portion of the screen changes from one frame to the next (like a mouse pointer moving across a desktop, or text being written at the cursor), but bandwidth demands get very high if a lot of pixels change at the same time, such as when scrolling a window or viewing full-screen video.

VNC by default uses TCP port 5900+N, where N is the display number (usually :0 for a physical display). Several implementations also start a basic HTTP server on port 5800+N to provide a VNC viewer as a Java applet, allowing easy connection through any Java-enabled web browser. Different port assignments can be used as long as both client and server are configured accordingly.

Using VNC over the Internet works well if the user has a broadband connection at both ends. However, it may require advanced NAT, firewall and router configuration such as port forwarding in order for the connection to go through. Some users may choose to use instant private networking applications such as Virtual Private Network (VPN) applications such as Hamachi to make usage over the Internet much easier. Alternatively, a VNC connection can be established as a LAN connection if VPN is utilized as a proxy.

Note that the machine the VNC server is running on does not need to have a physical display. Xvnc is the Unix VNC server, which is based on a standard X server. To applications Xvnc is an X "server" (ie displays client windows), and to remote VNC users it is a VNC server. Applications can display themselves on Xvnc as if it were a normal X display, but they will appear on any connected VNC viewers rather than on a physical screen Alternatively a machine (which may be a workstation or a network server) with screen, keyboard, and mouse can be set up to boot and run the VNC server as a service or daemon, then the screen, keyboard, and mouse can be removed and the machine stored in an out-of-the way location.

In addition, the display that is served by VNC is not necessarily the same display seen by a user on the server. On Unix/Linux computers that support multiple simultaneous X11 sessions, VNC may be set to serve a particular existing X11 session, or to start one of its own. It is also possible to run multiple VNC sessions from the same computer. On Microsoft Windows the VNC session served is always the current user session.

VNC is commonly used as a cross-platform remote desktop system. For example, Apple Remote Desktop for Mac OS X (and more recently, "Back to My Mac" in 'Leopard' - Mac OS X 10.5) interoperates with VNC and will connect to a Linux user's current desktop if it is served with x11vnc, or to a separate X11 session if one is served with TightVNC. From Linux, TightVNC will connect to a Mac OS X session served by Apple Remote Desktop if the VNC option is enabled, or to a VNC server running on Microsoft Windows.

 security

By default, VNC is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.

However, VNC may be tunnelled over an SSH or VPN connection which would add an extra security layer with stronger encryption. SSH clients are available for all major platforms (and many smaller platforms as well); SSH tunnels can be created from UNIX clients, Microsoft Windows clients, Macintosh clients (including Mac OS X and System 7 and up) – and many others. There are freeware applications that create instant VPN tunnels between computers.

UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts. However, use of such encryption plugins make it incompatible with other VNC programs. RealVNC offers high-strength encryption as part of its commercial package. Workspot released AES encryption patches for VNC.

 

 

Extended validation SSL

What is SSL?

SSL is an acronym for Secure Sockets Layer, a global standard security technology adopted by Netscape in 1994. SSL is designed to establish encryption and identity assurance. It creates an encrypted link between a web server and a web browser. The link ensures that all data passed between the web server and browser remains private and secure.

How SSL works

Processing transactions securely on the web means that we need to be able to transmit information between the web site and the customer in a manner that makes it difficult for other people to intercept and read. SSL works through a combination of programs and encryption/decryption routines that exist on the web server computer and in web browsers (like Netscape/Firefox and Internet Explorer) used by the Internet public

What is an SSL Certificate?

SSL certificates becomes the "passport" or the digital document that verify that the security and authenticity of the interaction.
The SSL certificate is installed on a web server to identify the business using it to encrypt sensitive data such as credit card information. SSL Certificates give a website the ability to communicate securely with its web customers. Without a certificate, any information sent from a user’s computer to a website can be intercepted and viewed by hackers and fraudsters. It is similar to the difference between sending a post card and a tamper proof sealed envelope.

SSL Certificate interaction with the Browser and the Server

• Browser checks the certificate to make sure that the site you are connecting to is the real site and not someone intercepting.
• Determine encryption types that the browser and web site server can both use to understand each other.
• Browser and Server send each other unique codes to use when scrambling (or encrypting) the information that will be sent.

• The browser and server start talking using the encryption, the web browser shows the encrypting icon, and web pages are processed secured. Interaction Between Web Server and Web Browser.

How SSL Works to Secure Privacy

Cryptography

SSL protects confidential information using cryptography. Sensitive data is encrypted across public networks to achieve a high level of confidentiality. Primarily, PKI utilizes asymmetric cryptography that is considered more secure than symmetric cryptography.
Simply, asymmetric algorithms use one key for encryption of data, and then a separate key for decryption. Asymmetric algorithms are stronger than symmetric algorithms because even if the encryption key is learned in one direction, the third party still needs to know the other key in order to decrypt the message in the other direction.
The primary benefit of asymmetric encryption (also referred to as PKI) is that both sides can spontaneously initiate a transaction without ever having met. This is achieved by the use of a public and private key pair. The public key of the entity is public knowledge and is used for encryption, whereas the private key of the entity remains secret and is used for decryption.
Although PKI is more secure, it also is more expensive in terms of processing speed and encryption/ decryption (in PKI) can take up to 1000 times the processing than symmetric cryptography.

Public and Private Keys

SSL, generally speaking, takes advantage of the strengths of both public-key and symmetric-key encryption technologies. Public-key technologies both securely authenticate clients and servers and exchange trade secret symmetric keys used in the encryption sessions. SSL certificates in particular have a public key and a private key – a public key to encrypt information and the private key to decipher it. When a browser points to a secured domain, a secure sockets layer handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that guarantees message privacy and message integrity.

SSL Certificates help prevent someone from impersonating the server with a false key

In particular, SSL uses digital certificates that act as digital documents that will attest to the binding of a public key to an individual or other entity. They provide verification of the claim that a specific public key does, in fact, belong to the specified entity.
These certificates use X.509 standards to validate identities. X.509 certificates contain information about the entity, including public key and name. The role of the certificate authority then is to validate this certificate.

What Is Doxing? - Doxing And It's Uses

First,what Doxing is ?

Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills.
Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.


so basically it’s getting information from searching someone’s email on Google right?
in a sense yes, but there are actually easier ways to get someone’s information online.
The most popular and most common method is to use a website called Pipl (http://www.pipl.com/).
Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers.
Another source hackers can use is Facebook (http://www.facebook.com).
Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.


Main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online;
you sign up for websites using it,
you have personal information on it,
and if someone has access to it,
they can essentially pretend to be you online.
Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.


Now,“How’s he going to hack me with just my email?”that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting.

Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
Any hacker reading this, that didn't previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy.
Doxers tend to spend a while searching around the web for information that they can use.


Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed?

Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).


So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?