Check the facebook page!

If you prefer, you can also follow the Facebook page for this blog :)

Saturday, 24 May 2014

Web safety and anti-hacking tips

Internet security has been more and more efficient as time goes by. Vulnerabilities get patched, exploits fixed, bugs swatted, etc. Which is why in the world of hacking, Social Engineering (which is the ability to manipulate the user into doing exactly what the "hackers" want) has become more and more useful and some times the easiest and best way to steal data/account details/infect users with viruses/etc.

So here are a few tips for maintaining web security and a virus free computer without delving too much into the clichés such as "Having a different password for each site" and changing it regularly.

As I said before, nowadays the most common and effective way of "hacking" is made using Social Engineering and, quite honestly, most of those attempts (even though ridiculously obvious) manage to work on thousands of people.

Which also means, pretty much every virus or security problem you might encounter happened because you let it!

What you should/shouldn't do

- Be very cautious and do NOT be gullible/over curious, which is believing everything you see;

- Be aware of phishing (examples ahead) and keep an eye on the URL;

- If a "friend" randomly sends you a file DO NOT open it without talking about it first;

- If you DO receive a file and your friend tells you it's ok, see if it's a .bat file, as that is one of the most common files for "hackers" to do their things;

And some of the usual tips, but it never hurts to remind people of them (you'd be surprised if you knew...)

- Have an anti-virus up to date;

- Do NOT tell your password to anyone you don't trust at least 99%, such as a close family member for example... in case you need it;

- Don't share personal details online, for example, a lot of sites have security questions to reset your password, such as your first pet or mother maiden's name... if you put that on facebook or something, anyone who has access to your account can easily know the answer.

Let's go a bit more in detail

Ok so the first thing I said is to NOT be gullible and more curious than you should, because that is your weak spot and it is human nature. Wherever you go you might find "shocking" articles or titles, a real common one that we see everywhere are things like "OMG! This girl was drunk and you wouldn't BELIEVE what this guy did to her!" or the usual "Girlfriend broke up with him, so he leaked this video of her!".

Now... let's be real here, most of the titles that are made to get attention are sex related... and let's be "realer", 95% of the people don't resist on clicking on those links, and as a result, there is a high chance of being infected, not to mention that most of those titles require you to share the site or something in order to view them, so you will be spreading it to other people.

And ok, we get it, it's sex and all, and it's like "Omg! What happened! Did they do "it"? Sex!" but if you wanted to do that, let's face it, 95% of the internet is porn!  If you really want to see that, why don't you just go to one of the porn sites that at least are more trustworthy than some random shady site you saw on facebook? I mean, you are only clicking the links because there is a chance you will see sexual activity... Might as well just go to a porn site for that matter as you'd at least know it would be there!

Note: Pornsites usually have a lot of viruses and malware too, specially the least known ones, I'm just making a point that it's stupid to click on those links.

Magical codes!

Another problem is when you are on facebook and suddenly "a stranger you never talked to but is your friend in facebook has tagged you and 700 other people on this picture" and you go there and the picture is something along the lines of "Find out your friend's passwords! Just go to this shady site, copy this code, paste it on google chrome's developer console and you'll get their password!".

People... would someone PLEASE tell me why would ANYONE think that is legit and a good idea? Seriously I want to know! Because every time I get tagged in one of those, it's from 12 different people!
I mentioned this on my post that talked about programming, if you just read the code a little you will see that one of the things it does is tag ALL your facebook friends on that image (to spread the infection) among other malicious things that the code might do.

There is no magic way to find out passwords! And even if there was, NOBODY WOULD SHARE IT WITH THE ENTIRE WORLD AT THE SAME TIME!

So stop being gullible! Do NOT try it out just because "lol I just wanted to see if it worked". OF COURSE IT DOESN'T YOU NINCOMPOOP! And thanks to that, more nincompoops have a chance of doing the same and continuing the cycle!

Now... About phishing.

Phishing is a way of getting your account/password if you are not careful. Let me give you an example, let's say you have a twitter account, so someone sends you a link to sign in there and post something or... the details don't really matter but the tell you to do something on the site and send you a link.

You might get a link like this for example: and when you click it, it looks exactly like twitter... but if you look at the url you can see that it is "twltter" not "twitter". If you do try to sign in, however, the page redirects you to twitter and logs you in successfully, BUT it also sends your email and password (which you used to sign in) to whoever made that site. Since it logs you in successfully you won't even notice that something bad happened!

The solution after that is to change all passwords that are the same as the one on that site... So be wary of the URLs, if something seems out of place, do a little bit of research or even ask me to check it out if you want.

Getting files from friends.

From time to time you might receive files from friends (mostly on facebook) with some random message on them. BE CAREFUL!
At least tell them something about that file to see if they sent it or something did for them.

Last example I got was a "virus" that was going around facebook in which the infected would send you a message saying "lol" and a .ZIP file attached with a bunch of numbers and letters for the file name.

First of all, almost no one uses .ZIP nowadays, as most use .RAR but that's beyond the issue.
Also remember, usually it won't hurt you to just download the file, it's only harmful if you open what's inside.
So when I got that file (I knew it was something bad) I opened it and sure enough found .exe and .bat files in there. If you don't know what a file does DON'T OPEN IT!

If it is a .bat file you can Right click > Edit, to read what the code does and if it might be harmful, of course you need to know a bit of coding.

So either ask to the person what that does exactly, or don't even touch it!

Almost fool-proof method

Don't be stupid! If something looks to easy, or a title seems scandalous or anything like that just ignore it! Those titles are meant to capture the attention of people! AND EVERYONE FALLS FOR IT!

As I said, you only get infected if you want to (almost), so it's up to you to not be stupid and don't fall for stupid tricks!

A few tips on passwords

Asides from the "abc123" password that, believe it or not, THOUSANDS of people use, when you create a password try your best to make something random and not logical. Don't include full dictionary words and mix numbers and symbols if you can (some sites even force you to do that).

Why you might ask? Because one way of "hacking" passwords is with a Dictionary attack which is a HUGE list of words, numbers/etc compiled into a single file, and when the attack begins it will try them all one-by-one with your email or account name to see if any of them work!

So if you think you are safe with a password like "mushroomkingdom" or something like that, think again.

To give you an idea, a .txt file of one of those dictionaries can have more than 100GB, so there are a LOT of words in them.

That's pretty much all I have to saw for now, if you have any question or comments or suggestions feel free to leave them here, you can do it anonymously if you're scared as well :P (although I'd like to meet you).

Cheers and be safe!


What do you think or want to share?