TOP 10 Facebook Threats Ever

1) People stop using Facebook : Well this is the very obvious threat, in any case if the people stop to use the facebook due to some reasons. Facebook states "A decrease in user retention, growth, or engagement could render Facebook less attractive to developers and advertisers, which may have a material and adverse impact on our revenue, business, financial condition, and results of operations".
 Although annual revenue grew 154% between 2009/2010 and 88% between 2010/2011, it relied on user growth that will eventually have to slow due to higher market penetration rates, which is economic-speak for "we're running out of people."


2) Advertisers run away : Ad's being a major part of the income, the S-1 doc has some states like: "In 2009, 2010, and 2011, advertising accounted for 98%, 95%, and 85%, respectively, of our revenue."
This figure suggest 9 that the client might have been expecting a lot more from Facebook.

3) Facebook runs out of ideas for monetizing the Facebook platform : The(Facebook) say : "We currently monetize the Facebook Platform in several ways, including ads on pages generated by apps on Facebook, direct advertising on Facebook purchased by Platform developers to drive traffic to their apps and websites, and fees from our Platform developers' use of our Payments infrastructure to sell virtual and digital goods to users. Apps built by developers of social games, particularly Zynga, are currently responsible for substantially all of our revenue derived from Payments." 


4) Foriegn "Facebooks" eat Facebook's lunch overseas: With a big figure like 800 millions of users Facebook considers itself as one of the largest kingdom in the cyberworld. Well the culturel differencein many countries did not seem to have affected the popularity of it. But if the regional social networking sites come up with the extra features which suit the huge mass, then it might affect Facebooks
popularity and usage.


5) Google eats Facebook's lunch : Google already dominates search, has hundreds of millions of peaple signed up on a social media network, and owns a big part of smart phone market.
Facebook says : "Certain competitors, including Google, could use strong or dominant positions in one or more markets to gain competitive advantage against us in areas where we operate including: by integrating competing social networking platforms or features into products they control such as search engines, web browsers, or mobile device operating systems; by making acquisitions; or by making access to Facebook more difficult."

6) Facebook looses a top knight or hires too many soldiers : Facebook says  "We cannot assure you that we will effectively manage our growth," the IPO states, noting that its workers have grown from from 2,127 at the end of 2010 to 3,200 on December 31, 2011. The document also notes that the departure of COO Sheryl Sandberg could hurt the company's momentum. Sandberg's value to the company is made apparent in her salary: $31 million last year.

7) Facebook's reputation suffers : Privacy concern in Facebook's history is as long as history of Facebook itself. After all, this is a company whose business model relies on collecting and selling disaggregated user data to advertisers. Zuckerberg is aware of the risk this poses to both to users and advertisers: "Maintaining and enhancing our brand will depend largely on our ability to continue to provide useful, reliable, trustworthy, and innovative products, which we may not do successfully. We may introduce new products or terms of service that users do not like, which may negatively affect our brand. Additionally, the actions of our Platform developers may affect our brand if users do not have a positive experience using third-party apps and websites integrated with Facebook."

8) Governments pose a problem:  Facebook is an international business operating internationally with fluctuating politics and concepts of privacy and online rights(look at SOPA). One of the problem is tax laws, comlex regulations and protocols might change and  "could result in claims, changes to our business practices, increased cost of operations, or declines in user growth or engagement, or otherwise harm our business".

9) Zynga goes away :  This might have been the most interesting paragraph of the Facebook IPO: "In 2011, Zynga accounted for approximately 12% of our revenue, which amount was comprised of revenue derived from payments processing fees related to Zynga's sales of virtual goods and from direct advertising purchased by Zynga. Additionally, Zynga's apps generate a significant number of pages on which we display ads from other advertisers. If the use of Zynga games on our Platform declines, if Zynga launches games on or migrates games to competing platforms, or if we fail to maintain good relations with Zynga, we may lose Zynga as a significant Platform developer and our financial results may be adversely affected."

10) Tech is fickle :  Dynasties come and go in months or years, rather than decades, and one year's darling is rarely the next decade's dominator. Compare the fortunes of Apple (hot, then dead, then the world's biggest company) and Microsoft (the world's biggest company, then static, then, maybe, hot again).

Read More

Top 10 Password Cracking Method

Top 10 best way of password cracking.

1. Dictionary attack

A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

"This uses a simple file containing words that can, surprise surprise, be found in a dictionary. In other words, if you will excuse the pun, this attack uses exactly the kind ofwords that many people use as their password..."Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), such as single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.

2. Brute force attack

 A brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys or passwords until the correct one is found. In the worst case, this would involve traversing the entire search space.

3. Rainbow table attack

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a practical example of a space/time trade-off, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack infeasible.

"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of allpossible password combinations for any given hashing algorithm mind. The time it takes to crack a password using a rainbow table is reduced to the time it takes to look it up in the list..."

4. Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out byemail spoofing or instant messaging,and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,and exploits the poor usability of current web security technologies.^[7] Attempts to deal with the growing number of reported phishing incidents includelegislation, user training, public awareness, and technical security measures.

"There's an easy way to hack: ask the user for his or her password. A phishing email leads the unsuspecting reader to a faked online banking, payment or other site in order to login and put rightsome terrible problem with their security..."

5. Social engineering

Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud scheme.

"Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer and information security professionals.
"A favourite of the social engineeris to telephone an office posing asan IT security tech guy and simply ask for the network access password. You’d be amazed how often this works..."

6. Malware

"A key logger or screen scraper can be installed by malware whichrecords everything you type or takes screen shots during a login process, and then forwards a copy of this file to hacker central..."
Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems . It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

7. Offline cracking

"Often the target in question has been compromised via an hack ona third party, which then providesaccess to the system servers and those all-important user password hash files. The password cracker can then take as long as they need to try and crack the code without alerting the target system or individual user..."
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks so that the SAM database would still be secure even if someone had a copy of it. However, in December 1999, a security team from BindView found a security hole in Syskey that indicates that a certain form of cryptanalytic attack is possible offline.

8. Shoulder surfing


In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords,PINs, security codes, and similar data.
"The service personnel ‘uniform’ provides a kind of free pass to wander around unhindered, and make note of passwords being entered by genuine members of staff. It also provides an excellent opportunity to eyeball all those post-it notes stuck to the front of LCD screens with logins scribbled upon them..."

9. Spidering

"Savvy hackers have realised that many corporate passwords are made up of words that are connected to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack..."

10. Guess

"The password crackers best friend, of course, is the predictability of the user. Unless a truly random password has been created using software dedicated to the task, a user generated ‘random’ password is unlikely to be anything of the sort..."
for eg:- 12345, qwerty, password,mob no. etc...

hi...every body hope u like this post and leave any comment if there were any error..

Read More

Top 50 Social Sites Every Business Presence On

Web sites to help your company network, advertise recruit and more.

If your business limits its online presence to advertising banners and blogging, it's missing out. The Internet provides powerful networking opportunities that allow users to effectively target their audience by logging on to social sites like LinkedIn, Digg and more. Take advantage of these tools by asserting your company's presence online and reaching more potential customers, business partners and employees.

Social-Media/Social-Bookmarking Sites

Share your favorite sites on the Web with potential clients and business partners by commenting on, uploading and ranking different newsworthy articles. You can also create a member profile that directs traffic back to your company's Web site.

1. Reddit: Upload stories and articles on reddit to drive traffic to your site or blog. Submit items often so that you'll gain a more loyal following and increase your presence on the site.
2. Digg: Digg has a huge following online because of its optimum usability. Visitors can submit and browse articles in categories like technology, business, entertainment, sports and more.
3. Del.icio.us: Social bookmark your way to better business with sites like del.icio.us, which invite users to organize and publicize interesting items through tagging and networking.
4. StumbleUpon: You'll open your online presence up to a whole new audience just by adding the StumbleUpon toolbar to your browser and "channel surf[ing] the Web. You'll "connect with friends and share your discoveries," as well as "meet people that have similar interests."
5. Technorati: If you want to increase your blog's readership, consider registering it with Technorati, a network of blogs and writers that lists top stories in categories like Business, Entertainment and Technology.
6. Ning: After hanging around the same social networks for a while, you may feel inspired to create your own, where you can bring together clients, vendors, customers and co-workers in a confidential, secure corner of the Web. Ning lets users design free social networks that they can share with anyone.
7. Squidoo: According to Squidoo, "everyone's an expert on something. Share your knowledge!" Share your industry's secrets by answering questions and designing a profile page to help other members.
8. Furl: Make Furl "your personal Web file" by bookmarking great sites and sharing them with other users by recommending links, commenting on articles and utilizing other fantastic features.
9. Tubearoo: This video network works like other social-bookmarking sites, except that it focuses on uploaded videos. Businesses can create and upload tutorials, commentaries and interviews with industry insiders to promote their own services.
10. WikiHow: Create a how-to guide or tutorial on wikiHow to share your company's services with the public for free.
11. YouTube: From the fashion industry to Capitol Hill, everyone has a video floating around on YouTube. Shoot a behind-the-scenes video from your company's latest commercial or event to give customers and clients an idea of what you do each day.
12. Ma.gnolia: Share your favorite sites with friends, colleagues and clients by organizing your bookmarks with Ma.gnolia. Clients will appreciate both your Internet-savviness and your ability to stay current and organized.

Professional-Networking Sites

Sign up with these online networking communities as a company or as an individual to take advantage of recruiting opportunities, cross-promotional events and more.

13. LinkedIn: LinkedIn is a popular networking site where alumni, business associates, recent graduates and other professionals connect online.
14. Ecademy: Ecademy prides itself on "connecting business people" through its online network, blog and message-board chats, as well as its premier BlackStar membership program, which awards exclusive benefits.
15. Focus: Focus is a business destination where business professionals can help each other with their purchase and other business decisions by accessing research and peer expertise. Most importantly, Focus provides open, quality information for all businesses that is freely available, easily accessible, and community powered. 
16. YorZ: This networking site doubles as a job site. Members can post openings for free to attract quality candidates.
17. Xing: An account with networking site Xing can "open doors to thousands of companies." Use the professional contact manager to organize your new friends and colleagues, and take advantage of the Business Accelerator application to "find experts at the click of a button, market yourself in a professional context [and] open up new sales channels."
18. Facebook: Facebook is no longer just for college kids who want to post their party pics. Businesses vie for advertising opportunities, event promotion and more on this social-networking site.
19. Care2: Care2 isn't just a networking community for professionals: It's touted as "the global network for organizations and people who Care2 make a difference." If your business is making efforts to go green, let others know by becoming a presence on this site.
20. Gather: This networking community is made up of members who think. Browse categories concerning books, health, money, news and more to ignite discussions on politics, business and entertainment. This will help your company tap into its target audience and find out what they want.
21. MEETin.org: Once you've acquired a group of contacts in your city by networking on MEETin.org, organize an event so that you can meet face-to-face.
22. Tribe: Cities like Philadelphia, Boston, San Francisco, New York and Chicago have unique online communities on tribe. Users can search for favorite restaurants, events, clubs and more.
23. Ziggs: Ziggs is "organizing and connecting people in a professional way." Join groups and make contacts through your Ziggs account to increase your company's presence online and further your own personal career.
24. Plaxo: Join Plaxo to organize your contacts and stay updated with feeds from Digg, Amazon.com, del.icio.us and more.
25. NetParty: If you want to attract young professionals in cities like Boston, Dallas, Phoenix, Las Vegas and Orlando Fla., create an account with the networking site NetParty. You'll be able to connect with qualified, up-and-coming professionals online, then meet them at a real-life happy-hour event where you can pass out business cards, pitch new job openings and more.
26. Networking For Professionals: Networking For Professionals is another online community that combines the Internet with special events in the real world. Post photos, videos, résumés and clips on your online profile while you meet new business contacts.

Niche Social-Media Sites

Consider linking up with one of these social-media sites to narrow down your business's target audience. You'll find other professionals, enthusiasts and consumers who are most likely already interested in what your company has to offer.

27. Pixel Groovy: Web workers will love Pixel Groovy, an open-source site that lets members submit and rate tutorials for Web 2.0, email and online-marketing issues.
28. Mixx: Mixx prides itself on being "your link to the Web content that really matters." Submit and rate stories, photos and news to drive traffic to your own site. You'll also meet others with similar interests.
29. Tweako: Gadget-minded computer geeks can network with each other on Tweako, a site that promotes information sharing for the technologically savvy.
30. Small Business Brief: When members post entrepreneur-related articles, a photo and a link to their profile appear, gaining you valuable exposure and legitimacy online.
31. Sphinn: Sphinn is an online forum and networking site for the Internet marketing crowd. Upload articles and guides from your blog to create interest in your own company or connect with other professionals for form new contacts.
32. BuzzFlash.net: This one-stop news resource is great for businesses that want to contribute articles on a variety of subjects, from the environment to politics to health.
33. HubSpot: HubSpot is another news site aimed at connecting business professionals.
34. SEO TAGG: Stay on top of news from the Web marketing and SEO (search-engine optimization) industries by becoming an active member of this online community.

General Social-Media Sites

The following social-media sites provide excellent opportunities for businesses to advertise; promote specials, events or services; and feature published, knowledgeable employees.

35. Wikipedia: Besides creating your own business reference page on Wikipedia, you can connect with other users on Wikipedia's Community Portal and at the village pump, where you'll find conscientious professionals enthusiastic about news, business, research and more.
36. Newsvine: Feature top employees by uploading their articles, studies or other news-related items to this site. A free account will also get you your own column and access to the Newsvine community.
37. 43 Things: This site bills itself as "the world's most popular online goal setting community." By publicizing your company's goals and ambitions, you'll gain a following of customers, investors and promoters who cheer you on as you achieve success.
38. Wetpaint: If you're tired of blogs and generic Web sites, create your own wiki with Wetpaint to reach your audience and increase your company's presence online. You can easily organize articles, contact information, photos and other information to promote your business.
39. Twitter: Is a social networking and microblogging service that allows you answer the question, "What are you doing?" by sending short text messages 140 characters in length, called "tweets", to your friends, or "followers."
40. Yahoo! Answers: Start fielding Yahoo! users' questions with this social-media Q&A service. Search for questions in your particular areas of expertise by clicking categories like Business & Finance, Health, News & Events and more. If you continue to dole out useful advice and link your answer to your company's Web page, you'll quickly gain a new following of curious customers.

Job Sites

If you want to secure high-quality talent during your company's next hiring spree, you'll need to maintain a strong presence on popular job sites like the ones listed below.

41. CareerBuilder.com: Reach millions of candidates by posting jobs on this must-visit site.
42. The Wall Street Journal's CareerJournal: The Wall Street Journal's CareerJournal attracts well-educated professionals who are at the top of their game. Post a job or search résumés here.
43. CollegeRecruiter.com: If your firm wants to hire promising entry-level employees, check CollegeRecuriter.com for candidates with college degrees.
44. Monster: Post often to separate your business from all the other big companies that use this site to advertise job openings.
45. Sologig: Top freelancers and contractors post résumés and look for work on this popular site.
46. AllFreelance.com: This site "offers self-employed small business owners links to freelance & work at home job boards, self-promotion tips" and more.
47. Freelance Switch Job Listings: Freelance Switch is the freelancer's online mecca and boasts articles, resource toolboxes, valuable tips and a job board.
48. GoFreelance: Employers looking to boost their vendor base should check GoFreelance for professionals in the writing, design, editing and Web industries.
49. Yahoo! Hot Jobs: This site is often one of the first places that job seekers visit. Post open opportunities and check out informative articles and guides to gain insight on the hiring and interviewing process.
50. Guru.com: Build your company's repertoire with top freelancing professionals by advertising projects on this site, otherwise known as "the world's largest online service marketplace."

if i forget to listed any of socail networking site as my point of view so please give me as a comment i will add on this....for best effort hope u like this well...

Read More

Harness the power of social media

Saturday, Aug 24, 2013, 7:28 IST | Agency: Daily Telegraph

Rebecca Burn-Callander talks to four entrepreneurs about their tried-and-tested tips for creating a social media sensation.

Facebook. Instagram. Pinterest. Myspace. Bebo. There are more than 200 social-networking sites active across the globe, hosting trillions of conversations and billions of gigabytes of data. Over the past few years, small businesses have begun to harness the power of these networks to talk about their brand, engage customers, drive leads and ramp up sales. But there are a few hard-and-fast rules that business owners should adhere to if they want to avoid going from social hero to hapless zero.

AVOID THE HARD SELL Coupons, discounts and competitions work well on social media. "Buy now" does not. "You want to create content that people find fun and want to share," says Amelia Harvey, founder of Collective, a yogurt manufacturer. "We never say, 'We're on promotion', or 'Go buy us'. We do talk about new flavours and new stockists but only in a way that informs and helps out our customers, never in a 'selling' way." Ms Harvey and fellow ex-Gu executive Mike Hodgson launched Collective in 2011.

The pair have used the company's social media feedback to get her products in front of new supermarket buyers. "It's incredibly compelling to have all these positive interactions with our customers - mostly unsolicited too. Being able to demonstrate the power of the brand to new stockists is probably one of the reasons why we're the fastest-growing yogurt brand in the UK right now." Collective's products are currently stocked in big stores such as Sainsbury's, Tesco, Morrisons, Boots and Waitrose and the business now turns over pounds 3.7m a year.

BE VISUAL "We spend upwards of pounds 20,000 each year on photographing and watermarking our products and share most of these images online," says Paul Charalambous, founder of Lego reseller Firestar Toys. "We are incredibly lucky to have a product that people want to look at and talk about to their friends." Firestar Toys currently boasts 45,000 Facebook fans, nearly 3,000 Twitter followers, and "pins" pictures regularly on Pinterest and Instagram as well as running a Google+ page. "We post cool Lego stuff on a daily basis," says Mr Charalambous. "We're probably most active on Facebook and Twitter but you have to be on Google+ because it's run by the biggest search engine in the world." Firestar Toys' visual approach to social media caught the attention of Fox Studios earlier this year. "We can customise Lego mini-figures to look like real people and are one of the only companies in the world with the sheer volumes of parts - such as hair, accessories, torsos - it takes to build a customised figure," says Mr Charalambous. "We can then print directly on to the figure or add branded T-shirts."

Firestar Toys shares images of these customisations on Facebook and Twitter and when an executive from Fox Studios was looking for bespoke Lego figures, these turned up in a Google Images search. "The studio had just wrapped up filming The Heat, starring Sandra Bullock, and wanted to create 50 Lego mini-figures of the two leads to give away to the cast," says Mr Charalambous. "We shipped the order and are now the official supplier of Lego figures for Fox." Martin McLaughlin, co-founder of pounds 1.2m-turnover popcorn maker Love Da Popcorn, also evangelises the benefits of running visual campaigns on social media.

"We put out a challenge asking people to post a photo that they believed truly represented our brand," he says. "A girl sent in a picture of her in a bath of popcorn, wearing a top hat, holding a glass of champagne and a pack of our sea salt and black pepper flavour. The image went viral, attracting nearly 6m hits. It was an incredible piece of free publicity for the business." DRILL

DOWN INTO YOUR DATA Social-media strategy should never be decided on a wing and a prayer. According to Shingo Murakami, managing director of Rakuten's Play.com, a global e-commerce retailer of music, films, books and clothes, it's all about using data to devise smart social campaigns. "Businesses should utilise customer insights from social media and tailor messages for consumers based on personal preferences and interests. We track individual fans to create much more targeted email communications based on a combination of social data and traditional customer relationship management data," says Murakami.

Rakuten's Play.com is reaping the rewards of this data-centric strategy; its social interactions are now contributing directly to sales: "We're able to measure the value of socially engaged fans versus those who have purchased directly via our website and our findings reveal that average revenue increases by 24pc once an existing customer becomes a fan," says Mr Murakami."

Moreover, by crunching its sales data, Rakuten's Play.com has discovered its customers are 30pc more valuable over the following six months if they are acquired via social media, compared with customers acquired through traditional online channels. Take conversation into the real world Smart business owners everywhere are taking the insights derived from social media and turning them into real-world actions.

When Love Da Popcorn's Mr McLaughlin was trying to decide whether to use paper or plastic for his product packaging, he turned to his Facebook fans for help. "Whenever we have questions about new flavours or little tweaks to the business, we always involve our community," he says. "About 10pc of our fans usually respond." In this case, the people chose paper over plastic, which was the ideal fit for the brand's retro-style look and feel.

Crowd-sourcing answers to challenges is one way to make use of the real-world benefits of social media but bridging the online-offline divide is also invaluable for cementing the relationship between a company and its customer. Mr McLaughlin recently launched "Operation Awesome" across all the company's social media platforms to see if the brand could successfully engage with customers offline as well.

"When someone posts a picture of themselves with our popcorn on Twitter or Facebook, we do 'something awesome' in return," he explains. "It's a kind of 'good deed generator'. We've given blood, released a load of helium balloons tied to lottery tickets, and even dressed the team up in silly costumes to cheer up a customer who was having a bad day." The campaign has proved so successful that it is now "logistically difficult to keep up with the volumes of posts," says Mr McLaughlin. But luckily, Love Da Popcorn has a back-up plan.

"Our Facebook community is so engaged that we're thinking of asking them to start doing awesome things on our behalf," he explains. "If we can make this work, it will be an incredible exercise in 'pass it on' good deeds. This could be truly amazing for the brand."

Read More

Hacking Attack and their Counter Measure

Galley discusses three types of attacks against computer systems: Physical, Syntactic

and Semantic. A physical attack uses conventional weapons, such as bombs or fire. A

syntactic attack uses virus-type software to disrupt or damage a computer system or

network. A semantic attack is a more subtle approach. Its goal is to attack users'

confidence by causing a computer system to produce errors and unpredictable results.

Syntactic attacks are sometimes grouped under the term "malicious software" or

"malware". These attacks may include viruses, worms, and Trojan horses. One

common vehicle of delivery formal ware is email.

Semantic attacks involve the modification of information or dissemination of

incorrect information. Modification of information has been perpetrated even without

the aid of computers, but computers and networks have provided new opportunities to

achieve this. Also, the dissemination of incorrect information to large numbers of

people quickly is facilitated by such mechanisms as email, message boards, and

websites

Hacking tricks can be divided into different categories elaborated below:

Trojan programs that share files via instant messenger

Instant messaging allows file-sharing on a computer. All present popular instant

messengers have file sharing abilities, or allow users to have the above functionality

by installing patches or plug-ins; this is also a major threat to present information

security. These communication software also make it difficult for existing hack prevention method to prevent and control information security. Hackers use instant

communication capability to plant Trojan program into an unsuspected program; the

planted program is a kind of remotely controlled hacking tool that can conceal itself

and is unauthorized. 

A hacker need not open a new port to perform transmissions; he can perform his

operations through the already opened instant messenger port. Even if a computer

uses dynamic IP addresses, its screen name doesn't change.

Hijacking and Impersonation

There are various ways through which a hacker can impersonate other users. The most

commonly used method is eavesdropping on unsuspecting users to retrieve user

accounts, passwords and other user related information.

The theft of user account number and related information is a very serious

problem in any instant messenger. For instance, a hacker after stealing a user's

information impersonate the user; the user's contacts not knowing that the user's

account has been hacked believe that the person they're talking to is the user, and are

persuaded to execute certain programs or reveal confidential information. Hence, theft

of user identity not only endangers a user but also surrounding users. Guarding

against Internet security problems is presently the focus of future research; because

without good protection, a computer can be easily attacked, causing major losses.

Hackers wishing to obtain user accounts may do so with the help of Trojans

designed to steal passwords. If an instant messenger client stores his/her password on

his/her computer, then a hacker can send a Trojan program to the unsuspecting user.

When the user executes the program, the program shall search for the user's password

and send it to the hacker. 

Denial of Service

There are many ways through which a hacker can launch a denial of service (DoS)

attack on an instant messenger user. A Partial DoS attack will cause a user end to

hang, or use up a large portion of CPU resources causing the system to become

unstable.

There are many ways in which a hacker can cause a denial of service on an instant

messenger client. One common type of attack is flooding a particular user with a large

number of messages. The popular instant messaging clients contain protection against

flood-attacks by allowing the victim to ignore certain users. However, there are many

tools that allow the hacker to use many accounts simultaneously, or automatically

create a large number of accounts to accomplish the flood-attack.

Phishing

The word phishing comes from the analogy that Internet scammers are using email

lures to fish for passwords and financial data from the sea of Internet users. The term

was coined in 1996 by hackers who were stealing AOL Internet accounts by

scamming passwords from unsuspecting AOL users. Since hackers have a tendency to

replacing “f'” with “ph” the term phishing was derived.

Phishing Techniques

Phishing techniques can be divided into different categories, some of which are elaborated below:

Link manipulation

Most methods of phishing use some form of technical deception designed to make a

link in an email (and the spoofed website it leads to) appear to belong to the spoofed

organization. Misspelled URLs or the use of sub domains are common tricks used by

phishers, such as this example URL, http://www.yourbank.com.example.com/.

Another common trick is to make the anchor text for a link appear to be valid, when

the link actually goes to the phishers' site.

An old method of spoofing used links containing the '@' symbol, originally

intended as a way to include a username and password (contrary to the standard). For

example, the link 
http://www.google.com@members.tripod.com/might deceive a

casual observer into believing that it will open a page on www.google.com. whereas it

actually directs the browser to a page on members.tripod.com, using a username of

www.google.com: the page opens normally, regardless of the username supplied.

Such URLs were disabled in Internet Explorer, while the Mozilla and Opera web

browsers opted to present a warning message and give the option of continuing to the

site or canceling.

Filter evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to

detect text commonly used in phishing emails.

Website forgery

Once the victim visits the website the deception is not over. Some phishing scams use

JavaScript commands in order to alter the address bar. This is done either by placing a

picture of a legitimate URL over the address bar or by closing the original address bar

and opening a new one with the legitimate URL.
An attacker can even use flaws in a trusted website's own scripts against the

victim. These types of attacks (known as cross-site scripting) are particularly

problematic, because they direct the user to sign in at their bank or service's own web

page, where everything from the web address to the security certificates appears

correct. In reality, the link to the website is crafted to carry out the attack, although it

is very difficult to spot without specialist knowledge. Just such a flaw was used in

2006 against Pay Pal.

A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security,

provides a simple-to-use interface that allows a phisher to convincingly reproduce

websites and capture log-in details entered at the fake site.

Phone phishing

Not all phishing attacks require a fake website. Messages that claimed to be from a

bank told users to dial a phone number regarding problems with their bank accounts.

Once the phone number (owned by the phisher, and provided by a voice over IP

service) was dialed, prompts told users to enter their account numbers and PIN. Voice

phishing sometimes uses fake caller-ID data to give the appearance that calls come

from a trusted organization.

Fake Web sites

Fake bank websites stealing account numbers and passwords have become

increasingly common with the growth of online financial transactions. Hence, when

using online banking, we should take precautions like using a secure encrypted

customer's certificate, surf the net following the correct procedure, etc.

First, the scammers create a similar website homepage; then they send out e-mails

with enticing messages to attract visitors. They may also use fake links to link internet

surfers to their website. Next, the fake website tricks the visitors into entering their

personal information, credit card information or online banking account number and

passwords. After obtaining a user's information, the scammers can use the information

to drain the bank accounts, shop online or create fake credit cards and other similar

crimes.

Spoofing

A technique used to gain unauthorized access to computers, whereby the intruder

sends messages to a computer with an IP address indicating that the message is

coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety

of techniques to find an IP address of a trusted host and then modify the packet

headers so that it appears that the packets are coming from that host.

A closely interconnected and often confused term with phishing and pharming is

spoofing. A "spoofer", in Internet terms, is defined generally as the "cracker" who

alters, or "forges", an e-mail address, passwords).

Spoofing Attacks Techniques

Spoofing attacks can be divided into different categories, some of which are

elaborated below:

Man-in-the-middle attack and internet protocol spoofing

An example from cryptography is the man-in-the-middle attack, in which an attacker

spoofs Alice into believing they're Bob, and spoofs Bob into believing they're Alice,

thus gaining access to all messages in both directions without the trouble of any.

Spyware

Spyware is computer software that can be used to gather and remove confidential

information from any computer without the knowledge of the owner. Everything the

surfer does online, including his passwords, may be vulnerable to spyware. Spyware

can put anyone in great danger of becoming a victim of identity theft. 

Solutions

As the spyware threat has worsened, a number of techniques have emerged to

counteract it. These include programs designed to remove or to block spyware, as

well as various user practices which reduce the chance of getting spyware on a

system. Nonetheless, spyware remains a costly problem. When a large number of

pieces of spyware have infected a Windows computer, the only remedy may involve

backing up user data, and fully reinstalling the operating system.

Security practices

To deter spyware, computer users have found several practices useful in addition to

installing anti-spyware programs.

Many system operators install a web browser other than IE, such as Opera or

Mozilla Fire-fox. Although these have also suffered some security vulnerabilities,

their comparatively small market share compared to Internet Explorer makes it

uneconomic for hackers to target users on those browsers. Though no browser is

completely safe, Internet Explorer is at a greater risk for spyware infection due to its

large user base as well as vulnerabilities such as ActiveX.

Electronic Bulletin Boards

Chat rooms and electronic bulletin boards have become breeding grounds for identity

theft. When criminals have obtained personal identifying information such as credit

card numbers or social security numbers, they visit hacker chat rooms and post

messages that they have personal information for sale.

Information Brokers

Information brokers have been around for decades, however, a new breed of

information broker has emerged in recent years; the kind that sells personal

information to anyone requesting it electronically via the Internet Driven by greed,

some information brokers are careless when they receive an order. They fail to verify

the identity of the requesting party and do little, if any, probing into the intended use

of the information.

Internet Public Records

There are two ways public records are accessible electronically. Some jurisdictions

post them on their government web sites, thereby providing free or low-cost access to

records. Government agencies and courts also sell their public files to commercial

data compilers and information brokers. They in turn make them available on a fee

basis, either via web sites or by special network hookups.

Identity theft

The crime of identity theft and other types of fraud will be fueled by easy access to

personal identifiers and other personal information via electronic public records. Such

information includes Social Security numbers, credit card and bank account numbers,

and details about investments.

Solutions

What can be done to mitigate the negative consequences of making public records

containing personal information available on the Internet and from other electronic

services? Governments are not likely to make the decision to keep such records off

the Internet altogether. Indeed, they should not. The public policy reasons for making

public records available electronically are irrefutable - promoting easier access to

government services as well as opening government practices to the public and

fostering accountability.

But there are several approaches government agencies and court systems can take

to minimize the harm to individuals when sensitive personal information is to be

posted on the Internet while at the same time promoting government accountability.

Regulating the information broker industry

The information broker industry must be regulated. At present, information brokers

purchase public records from local, state, and federal government agencies and

repackage them for sale to subscribers. They add data files from commercial data

sources such as credit reports and consumer survey data. 

Requiring more accountability of the private investigator industry

The private investigator profession, a major user of public records information, must

be regulated in those states where there are no oversight agencies. Further, existing

regulations must be tightened and made uniform nationwide, perhaps by federal law.

Private investigators must be held to strong standards regarding their access to and

use of sensitive personal information. They should be held accountable when they

misuse personal information.

this article is quit interested to the every one in the digital age...hope u like this article so leave this comment ...

Read More