What is Keylogger
A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user’s keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user’s behavior to physically hide such a device “in plain sight.” (It also helps that most workstation keyboards plug into the back of the computer.) As the user [...]
Categories: Internet Security Tags: Keylogger, Keylogger hardware
How Cyber Cafe PC’s are insecure due to Sniffers
Accessing you bank accounts or any confidential accounts like DEMAT, online banking in cyber café will be insecure as your PC may be attacked by sniffers. Sniffers are a powerful piece of software. They have the capability to place the hosting system’s network card into promiscuous mode. A network card in promiscuous mode can receive all the data it can see, not just packets addressed to it. Sniffing performed on a hub is known as passive sniffing. Ethernet switches are smarter. A switch is supposed to be smart enough to know which particular port to send traffic to and block [...]
Categories: Concept, Internet Security Tags: ARP poisoning, hub or switch hacking, man in middle attack, sniffers
Hacking Web Applications – Truly Simple
This is one of the interesting posts from Dharmesh Mehtas blog. Application Hacking is the trend of the industry. It started with viruses and worms – The age of anti-virus. It evolved with the internet as more corporations developed internal and external networks – The age of Network Security. Now as industry has been powered with World Wide Web, information security has reached its third age – The age of Application Security. Application attack is one of the hardest attacks to recognize and defend against, as it uses your programs and systems against you.
Categories: Concept, Internet Security, Security Testing Tags: security testing, Vulnerability Testing, webapplication security
Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. If web applications are not secure, then your entire database of sensitive information is at serious risk. Why?
Categories: Automation, Concept, Internet Security, Security Testing Tags: Acunetix, Scanner, security testing, Vulnerability
Tips to enable/disable the USB drive in WinXP
Hi all. I had some situation to limit my USB usage.. .I was looking for some free software for doing the same. I found some magical steps which I want to share with you for enabling the USB drives support. Yes, In big companies they will play with reg. settings else in BIOS to disable the USB for data theft. Here is the steps to break that settings.. In Run >Regedit go down to the following keys…H_L_Machine > System > controlset > services > usbstor (Step 1) Right click the usbstor and set the permission’s to whom you want to [...]
Categories: Concept, Internet Security Tags: enable blocked usb, usb hack, usb registry trick
PHP XSS (cross site scripting) filter function
Hi all as we know about XSS attack there should be some method to prevent XSS attack. While surfing on internet I came across some code to filter PHP XSS attacks. License: This code is public domain, you are free to do whatever you want with it, including adding it to your own project which can be under any license. Usage: Put this in a function, run *every* variable passed in through it.
Categories: Concept, Internet Security Tags: cross site scripting, PHP XSS filter function, stop xss attack, XSS security
Cross Site Scripting (XSS)
Cross Site Scripting is a condition in which data that is sent in a request to a web server, at some point either immediately or at a later time, is re-displayed to a user, typically unaltered. If this data contained any HTML syntax it would be interpreted by the user’s web browser. This data can contain malicious content to compromise the victim’s machine via web browser exploits, exploit domain trust, or display erroneous information or pages that may trick users in to supplying information to another site. Cross Site Scripting can contain harmful JavaScript that will send their session credentials [...]
Categories: Concept, Internet Security Tags: cross site scripting, XSS
