Sunday, 9 February 2014

How to stop hackers from getting your facebook account.

First and foremost, the easiest way for hackers to steal your account is by phishing schemes. All they have to do is create a legitimate looking page telling you that they need your user name and password to log in. There are two main ways this can happen, from within Facebook or via email. From within Facebook, here's the thing to remember... if you are logged in, you WON'T need to log in again short of losing your internet connection. If someone sends you a gift app that requires you to log in to see the gift, DON'T!!! I have made it a point to weed out the crAPPs (as I call them) by removing people from my friends list who send them. One crAPP posted to my wall means you're out!!
Via email, you may receive a legitimate looking email saying that your account has been compromised and have a link within the body of the email to log in. DON'T USE THE LINK!! Instead, go directly to Facebook and attempt to log in as usual. IF your account is truly compromised, you will receive a message from Facebook on attempted login.
To comment on someone's trade note, just navigate to their notes section and find it yourself. If they have multiple notes, ask which one to leave a comment on.
Also, stay away from trading within Facebook's chat or email. Scammers and hackers prefer to "trade" this way because it keeps them from prying eyes... like ours at KTM!

The next way any hacker can get your password is by brute force. These are simple hacking tools that use number/letter combination and try again and again until your password is found. They might need 2 things for this to work. 1) your user name (email account) and 2) possibly your date of birth. These are easily found within your info page within your profile. FIRST... hide these from prying eyes.

Go to Account>Account Settings>Privacy Settings and change your birthday settings to "Only Me".
Then go back to Privacy>Contact Information and set your email to "Only Me".
By doing this, you have just removed the most easily accessible 2/3 of the information any hacker needs.

The final step is your password. This is the single-most important piece of the equation... and you should follow this advice in ALL your important web sites you visit, especially banking, PayPal, eBay, Credit Cards and other critical sites.
MOST brute force hacking tools can only do number/letter combinations up to 8 digits... some can do more. The key here is the combinations of what they can do. I HIGHLY recommend the use of special characters in your password such as _ - + = / \ | * & ^ % $ # @ ! ~ etc. Brute force hackers CAN'T do these symbols! Also, make your password more than 8 characters. Use number/letter/special character combinations with the use of capital letters thrown in.

If you want to make sure you don't forget what it is, use common words, like your own name, but substitute numbers for letters that look similar.
e.g. my name is David Reedy. I can do a password using my name as an example like "Mah1_G33ri" or variations. Notice the underscore? The likelihood of this password being hacked by brute force is slim to none!
The variants make it so that if a brute force hacking tool was used, and it was able to try a new combination every second, it would take at least 12-billion seconds to crack it. How long is 12-billion seconds?? Almost 380 years!!! Long enough for me to not care less if and when they finally hack it!

I hope that this has given you some ideas to better safeguard your personal accounts. And remember, if YOU get hacked, you are going to lose more than your loot and lotto, you're going to potentially lose your well established name and reputation. And others who have come to trust your name and reputation will suffer also when they in turn get scammed by the hacker.

Make sure your personal identity; your email, birth date and password follow the rule of The Lord of the Rings... "Keep it secret. Keep it safe"!

Wednesday, 5 February 2014

Top 10 Ethical Hackers in India | Best Indian Hackers | Indian Ethical Hackers

Ankit Fadia  is an independent computer security and digital intelligence consultant with definitive experience in the field of Internet security based out of the Silicon Valley in California, USA. He has authored 14 internationally best-selling books on numerous topics related to Computer Security that have been widely appreciated by both professionals and industry leaders the world over. His books have sold a record 10 million copies across the globe, have been translated into Japanese, Korean, Portuguese and Polish and are also being used as reference textbooks in some of the most prestigious academic institutions around the world. He was one of eight people named MTV India's Youth Icon of the Year for the year 2008.

Sunny Vaghela is one of the countries pioneer Information Security & Cyber Crime Consultant. The young and dynamic personality of Sunny has not only assisted in solving complex cyber crime cases but has also played an instrumental role in creating awareness about information security and cyber crimes. During his graduation at Nirma University he developed projects like SMS Based Control System, Voice Recognition Based Control System exhibiting his sharp acumen for technology. At the age of 18, Sunny exposed loopholes like SMS & Call Forging in Mobile Networks. The technology that allowed to send SMS or Make Call to any International Number from any number of your choice. At PresentHe is Director & Chief Technical Officer at TechDefence Consulting Pvt Ltd which is rapidly growing security services & investigation consulting organization focusing on Cyber Crime Investigations,Cyber Law Consulting,Vulnerability Assessment & Penetration Testing,Information Security Training.

#3 ) Trishneet Arora

Trishneet Arora has authored for book "The Hacking Era” with several technical manuals and given countless lectures, workshops and seminars throughout his career. He trained IPS Officers, Crime Branch Cell, Banks and IT Experts. He  solves cyber crime cases with agencies, Trishneet Arora also known as Social Networking Specialist, solved many cases like Fake Profiles, Tracing on Facebook, Email Tracing and money fraud investigations. He has been interviewed by Various Newspapers, News Channel’s, TV Channels, Blogs and Communities Namely The Economic Times, The Times of India, Indian Express, Dainik Bhaskar, Punjab Kesri, Daily Post, Fastway News, PTC News, The Tribune, Dainik Jagran, Punjabi Tribune, Punjabi Jagran and more. He is currently Chief Technical Officer at TAC Security Solutions. Trishneet and  Mr.Yashwant Sinha (Former Finance Minister of India) were keynote speakers at Bussines Relation Conference, Gujarat

#4 ) Vivek Ramchandran
Vivek Ramachandran is a world renowned security researcher and evangelist. His expertise includes computer and network security, exploit research, wireless security, computer forensics, embedded systems security, compliance and e-Governance. He is the author of the books – “Wireless Penetration Testing using Backtrack” and “The Metasploit Megaprimer”, both up for worldwide release in mid 2011. Vivek is a B.Tech from  and an advisor to the computer science department’s Security Lab. In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. The competition was aimed at finding leading Security Experts in India. Vivek was also awarded a Team Achievement Award by Cisco Systems for his contribution to the 802.1x and Port Security modules in the Catalyst 6500 series of switches. These are high end security features used in Enterprises
#5 ) Koushik Dutta
Koushik Dutta is responsible for Clockworkmod recovery and Rom Manager for Android rooting and the core member of famed UnrEVOked team. He has been a .net developer from heart and had his internship initially at Microsoft and is a former MVP. He decided to leave Microsoft and hack Android cellphoneslike there was no tomorrow. Sony approached him after geohot humped them like anything but he politely declined .
#6 ) Aseem Jakhar
Aseem is a renowned security researcher with extensive experience in system programming, security research and consulting. He has worked on various security software including IBM ISS Proventia UTM appliance, Mirapoint messaging/security appliance, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He is well known in the hacking and security community as the founder of null - The open security community the largest security community in India. The focus and mission of null is advanced security research, sharing information, responsible vulnerability disclosure and assisting Govt./private organizations with security issues.His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He has authored several software projects such as Jugaad, EyePee and Kunsa due to be released under an open source license.
#7 ) Sai Satish
Sai Satish is an young Entrepreneur, Founder & CEO of Indian Servers. Administrator of Andhrahackers (Top hacking awareness forum in INDIA).Author of “HACKING SECRETS” an Internationally sold hacking book, a renowned Ethical Hacker & Cyber Security Expert. Thousands of college students and professionals got benefited by his lectures which are delivered at 90+ colleges all over the WORLD. He worked as Microsoft Student Partner, Corporate .Net Trainer . He was rewarded by IAS officers for pentesting on government sites, which helped to them to improve security and safe transactions and Forensic Investigator. He was interviewed by Many International, national and regional news channels like Dap News(caombodia), AAjtak, The Hindu,Deccan Chronicle, Zee TV,TV9, NTV, Eenadu , Sakshi etc.
#8 ) Benild Joseph
Benild Joseph  the 20 years old world renowned Ethical Hacker | Information Security Consultant | Speaker | Author in Indian IT Industry was born in Calicut, A City of Kerala. Currently Acting as the Chief Executive Officer of “Th3 art of h@ckin9“ – International IT Security Project. He has his credit to many registered and pending patents in cyber forensic and information security domain. He specializes in Web Application security, Penetration testing and Forensic investigation. His research interests include Computer Security, Networking, Data Forensic, Virtualization, Web Application Vulnerability and Information Security. He has been interviewed by several print and online newspapers where he has shared his experiences relating to Ethical Hacking, Scope in Indian Information Security field, Cyber War and Cyber Crimes.
#9 ) Falgun Rathod
Falgun Rathod is one of the countries pioneer Information Security & Cyber Crime Consultant. Falgun has solved number of complex cyber crime cases and has also played an instrumental role in creating awareness about information security and cyber crimes. He is a Founder & Director of Cyber Octet Pvt Ltd - a Company providing Training on Ethical Hacking and Information Security as well as Cyber Crime Consultants. He has been assisting many agencies & companies and conducted numerous workshops and seminars in the Colleges about Information Security and Ethical Hacking. He is also the member of OWASP (open web application security project), invited member at ICTTF (International Cyber Threat Task Force), CSFI (Cyber Security Forum Initiative), DSCI (Data Security Council of India).He is also Invited Article Writer at PenTest Magazine based in Poland. He was featured in March 2012 Issue of PenTest Mag on the Cover Page of Magazine.
#10 ) Rahul  Tyagi 
Rahul  Tyagi  is  a  sovereign  computer  security  consultant  and  has state-of-the-art  familiarity  in the  field of computers.  Recently Tyagi conversed with several media channels to create consciousness in people regarding the threats and terror of hacking. He was also invited as a speaker in the principal ethical hacking conference DEF CON, Chennai where he presented his research paper amongst other security experts. His research paper has also been published globally on exploit-db and packetstormsecurity, which are world renowned research paper database communities. Rahul Tyagi is presently working as the brand ambassador of TCIL-IT Chandigarh as Corporate Ethical Hacking Trainer. He also provides his services to ‘Cyber Security & Anti hacking Organization of India’ as Vice-President. Additionally, he is the Technical Head of News Paper Association of India as well.

Snowden leaks: GCHQ 'attacked Anonymous' hackers

Snowden leaks: GCHQ 'attacked Anonymous' hackers

GCHQ disrupted "hacktivist" communications by using one of their own techniques against them, according to the latest Edward Snowden leaks.
Documents from the whistle-blower published by NBC indicate UK cyberspies used a denial of service attack (DoS) in 2011 to force a chatroom used by the Anonymous collective offline.
A spokeswoman for GCHQ said all the agency's activities were authorised and subject to rigorous oversight.
But others say it raises concerns.
Dr Steven Murdoch, a security researcher at the University of Cambridge, said using a DoS attack to overwhelm a computer server with traffic would have risked disrupting other services.

Introduction to GCHQ

The UK government's communications-focused intelligence agency, employing about 5,000 people.
It stands for Government Communications Headquarters.
The agency is based in Cheltenham, Gloucestershire, and also operates two smaller sites in Cornwall and North Yorkshire.
Its two key roles are:
  • To identify threats from intercepted communications. It says these include terrorism, the spread of nuclear weapons, regional conflicts around the world and threats to the economic prosperity of the UK.
  • To serve as an authority on information assurance - meaning that it advises the government and organisations running the UK's critical infrastructure how to safeguard their systems from interference and disruption.
The foreign secretary is answerable in Parliament for GCHQ's work.
"It's quite possible that the server was used for other purposes which would have been entirely unrelated to Anonymous," he said.
"It's also likely that most of the chat that was going on about Anonymous was not to do with hacking because the people who join Anonymous are fairly wide-ranging in what they think it is legitimate to do.
"Some have gone into criminality but many others just go out and organise protests, letter-writing campaigns and other things that are not criminal."
Campaign group Privacy International is also worried.
"There is no legislation that clearly authorises GCHQ to conduct cyber-attacks," said head of research Eric King.
"So, in the absence of any democratic mechanisms, it appears GCHQ has granted itself the power to carry out the very same offensive attacks politicians have criticised other states for conducting."
The UK government's Cyber Security Strategy document, published in 2011, says officials should take "proactive measures to disrupt threats to our information security", but also notes that any such action should be consistent with freedom of expression and privacy rights.
Hacker arrests The latest documents are published alongside an article part-written by Glenn Greenwald.
The journalist is one of only two people reported to have access to all whistle-blower Edward Snowden's leaked documents.
GCHQ GCHQ has not discussed the specifics of the operations included in the Snowden leaks
The article highlights that the Joint Threat Research Intelligence Group (JTRIG) is the division identified as being responsible for the DoS attack - a unit whose existence had not previously been publicly disclosed.
The documents indicate the unit also spied on and communicated with chatroom users to identify hackers who had stolen information.
In one case, agents are said to have tricked a hacker nicknamed P0ke who claimed to have stolen data from the US government. They did this by sending him a link to a BBC article entitled: "Who loves the hacktivists?"
"Sexy," P0ke is alleged to have commented.
But when he clicked the link it is reported that JTRIG was able to bypass measures he had taken to hide his identity, although it is not clear how.
BBC article GCHQ is said to have tricked one hacktivist by sending him a link to a BBC article
NBC reports that P0ke - a Scandinavian college student - was never arrested despite GCHQ learning his true name.
But the leaks indicate others were imprisoned as a result of JTRIG operations.
One paper highlights the case of Edward Pearson - a hacker known as GZero - who was sentenced to two years in jail in 2012 for illegally acquiring credit and debit card details registered with PayPal.
A transcript of a chatroom conversation indicates that Pearson had contacted GCHQ agents claiming he knew a hacktivist they were investigating, unaware of the agents' true identity.
'Grey area' In addition to Anonymous, the documents list LulzSec, the A-Team and the Syrian Cyber Army as hacktivist groups GCHQ was concerned about.
In one case it appears simply warning activists that carrying out their own DoS attacks was illegal had the desired effect.
NBC reports that the notice was posted via Facebook, Twitter, email, instant messenger and Skype.
One alleged GCHQ document states that one month later 80% of those contacted had stopped using a hacktivist chatroom.
LulzSec logo Several of the Lulzsec hackers have been arrested after carrying out DoS attacks
But the documents also indicate that GCHQ was willing to use DoS attacks itself as part of an operation codenamed Rolling Thunder, which prevented hacktivists using a chatroom for 30 hours in September 2011.
GCHQ has a longstanding policy of not commenting on specific intelligence-gathering procedures, but a spokeswoman said all its work was "carried out in accordance with a strict legal and policy framework".
Even so, one cybersecurity expert said he had mixed feelings about the latest leaks.
"We have to remember that cyberspooks within GCHQ are equally, if not more, skilled than many black-hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys," said Andrew Miller, chief operating officer at Corero Network.
"Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DoS attacks, but it seems that JTRIG are taking the same approach with impunity."