際際滷

際際滷Share a Scribd company logo

Cyber Security By Preetish Panda

Preetish Panda
Preetish Panda

This document summarizes common internet security threats and countermeasures. It describes how automated tools are used to try all possible password combinations to gain access to accounts. Phishing involves creating fake websites to steal user passwords, credit card numbers, and other sensitive information. Trojan horses hide unauthorized programs inside authorized ones to access and steal victim's data. Cross-site scripting and SQL injection are security vulnerabilities that allow hackers to inject malicious code and access restricted resources. The document provides tips to secure accounts, such as using strong and unique passwords, updating software, and avoiding suspicious links and attachments.

1 of 23
Cyber Security By Preetish Panda
Common Internet User Security Objective Modus Operandi Countermeasures
Uses internet for his credit managing his day Blogsinternet banking for card transactions. Uses Uses social networking sites as well as on internet for professional like Usesex. Citibank, ICICI bank, HSBC etc For Emailpersonal purpose. well as orkut,myspace,facebook. to day professional as for finance activity personal communication. For ex. Gmail, Yahoo or Corporate webemail
How to secure the elements like username, password, credit card number ,etc for a particular web resource (Gmail /Yahoo/Banking website etc)
Cyber Security By Preetish Panda
Cyber Security By Preetish Panda
In this form of attack, an automated tool is used.All possible combinations of letters,numbers and symbols are tried out one by one for an username till the password is found out.
Phishing is the act of creating fake page of any legitimate web-service and hosting them on web server in order to fool the user to get the passwords, credit card no., social security no. etc
Cyber Security By Preetish Panda
TROJAN The Name Tells It All !! A Trojan or Trojan Horse is a program which carries out an unauthorized function while hidden inside an authorized program. It is designed to do something other than what it claims to and frequently is destructive in its actions. These trojans give the attacker a total access to victim's machine. Looks for other passwords entered & then send them to a specific mail address. They only log the keystrokes of the victim & then let the attacker search for sensitive data.
Cyber Security By Preetish Panda
Cyber Security By Preetish Panda
Cyber Security By Preetish Panda
web cookies are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. Used for login or registration information, online shopping cart information, user preferences, etc. Cookie stealing can be effectively done with knowledge of javascripts, ajax, xss ,html ,php etc.
Vulnerabilities are open security holes that can allow other applications to connect to the computer system without authorization.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by web users into the web pages viewed by other users. Examples of such code include JavaScript code. Stored Attack Reflected Attack
XSS www.mailprovider.com Hacker finds out www. mailprovider.com suffers from XSS. Mail Users get mail asking to click a hyperlink for getting a free gift Click here For free gift When the user click malicious script gets executed. www.mailprovider.com/default.asp?name=<script>evilScript()</script> Your browser correctly interprets this as Vulnerable Web browser script and runs the script site If this script instructs the browser to send a cookie , to the hacker's computer, it quickly complies. May take the user to a fake web page of his online banking site.
Cyber Security By Preetish Panda
It is basically a security exploit in which attacker injects SQL code through a web form input box,to gain access to resources and make changes to data. SQL Injection attacks can often be executed from address bar, from within application fields, and through queries and searches
var sql = quot;select * from users where username = ' username ' and password = ' password ' quot; ; Username: anything or 1=1-- Password: quot; select * from users where username = 'anything' or 1=1--'and password ='' quot;;
Cyber Security By Preetish Panda
Try to use combination of alphabets both upper and lower case, numbers and special characters for assigning a password and change it at regular intervals. While creating a email id it is a good practice to give fake information . Use updated version of software. Now a days some site advisor software are available . Dont accept any kind of files from anonymous users in chat rooms. If required hide your IP address for anonymous browsing. Dont blindly believe emails as they can be sent without authentication. Dont reveal your password in any kind of email. While logging in give a close look to the domain name. Try to avoid running scripts in the address bar of your web browser . Extra care has to be taken with files of .exe extension. Always use your common sense.
Presented By Preetish Panda preetish88@gmail.com

More Related Content

Cyber Security By Preetish Panda

  • 2. Common Internet User Security Objective Modus Operandi Countermeasures
  • 3. Uses internet for his credit managing his day Blogsinternet banking for card transactions. Uses Uses social networking sites as well as on internet for professional like Usesex. Citibank, ICICI bank, HSBC etc For Emailpersonal purpose. well as orkut,myspace,facebook. to day professional as for finance activity personal communication. For ex. Gmail, Yahoo or Corporate webemail
  • 4. How to secure the elements like username, password, credit card number ,etc for a particular web resource (Gmail /Yahoo/Banking website etc)
  • 7. In this form of attack, an automated tool is used.All possible combinations of letters,numbers and symbols are tried out one by one for an username till the password is found out.
  • 8. Phishing is the act of creating fake page of any legitimate web-service and hosting them on web server in order to fool the user to get the passwords, credit card no., social security no. etc
  • 10. TROJAN The Name Tells It All !! A Trojan or Trojan Horse is a program which carries out an unauthorized function while hidden inside an authorized program. It is designed to do something other than what it claims to and frequently is destructive in its actions. These trojans give the attacker a total access to victim's machine. Looks for other passwords entered & then send them to a specific mail address. They only log the keystrokes of the victim & then let the attacker search for sensitive data.
  • 14. web cookies are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. Used for login or registration information, online shopping cart information, user preferences, etc. Cookie stealing can be effectively done with knowledge of javascripts, ajax, xss ,html ,php etc.
  • 15. Vulnerabilities are open security holes that can allow other applications to connect to the computer system without authorization.
  • 16. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by web users into the web pages viewed by other users. Examples of such code include JavaScript code. Stored Attack Reflected Attack
  • 17. XSS www.mailprovider.com Hacker finds out www. mailprovider.com suffers from XSS. Mail Users get mail asking to click a hyperlink for getting a free gift Click here For free gift When the user click malicious script gets executed. www.mailprovider.com/default.asp?name=<script>evilScript()</script> Your browser correctly interprets this as Vulnerable Web browser script and runs the script site If this script instructs the browser to send a cookie , to the hacker's computer, it quickly complies. May take the user to a fake web page of his online banking site.
  • 19. It is basically a security exploit in which attacker injects SQL code through a web form input box,to gain access to resources and make changes to data. SQL Injection attacks can often be executed from address bar, from within application fields, and through queries and searches
  • 20. var sql = quot;select * from users where username = ' username ' and password = ' password ' quot; ; Username: anything or 1=1-- Password: quot; select * from users where username = 'anything' or 1=1--'and password ='' quot;;
  • 22. Try to use combination of alphabets both upper and lower case, numbers and special characters for assigning a password and change it at regular intervals. While creating a email id it is a good practice to give fake information . Use updated version of software. Now a days some site advisor software are available . Dont accept any kind of files from anonymous users in chat rooms. If required hide your IP address for anonymous browsing. Dont blindly believe emails as they can be sent without authentication. Dont reveal your password in any kind of email. While logging in give a close look to the domain name. Try to avoid running scripts in the address bar of your web browser . Extra care has to be taken with files of .exe extension. Always use your common sense.
  • 23. Presented By Preetish Panda preetish88@gmail.com