Disqus for Cyber Fort

Showing posts with label hacker's view. Show all posts
Showing posts with label hacker's view. Show all posts

Thursday, 13 February 2014

J.A.R.V.I.S : Artificial Intelligence Assistant Operating System for Hackers

Be The First To Comment

A group of Indian Hackers has designed Artificial Intelligence Assistant Operating System called 'J.A.R.V.I.S' , who recognizes them, answer questions, tweet for them and Collect information, scan targets for them.

Chiragh Dewan, a 18 year old student who is currently pursuing his BCA has taken the initiative to be the first Indian to complete this project J.A.R.V.I.S , which is inspired by Iron Man’s (movie) artificial intelligence assistant Jarvis.
With his team of 7 including Himanshu Vaishnav, Mayur Singh, Krishanu Kashyap, Vikas Kumar, Vinmay Nair and Sravan Kumar, they are about to finish the 3rd level of the project.
Their long term goal is to create an OS which could adapt itself according to the user's needs. Like if a doctor is using the OS, it will adapt itself so as it is capable of helping him out in his field like searching for new techniques, medicines, help in their research, etc. Add for architects, other professions. 
Project Task Completed: In the current version of Jarvis v1.0, it is capable of:
  • Answering questions asked by the administrator
  • Compile reports on any topic asked by the user.
  • Control lights by voice.
  • Basic interaction with the user.
  • Handling Facebook, Email and Social profiles of users
  • Using Twitter Account with voice control
  • Basic OS kernel is ready.
  • Can Scan targets for Hackers
  • Gathering Basic information about the target
All the above functionalities are completely controlled by voice. It has only been four months since they have started this project and have achieved a lot in this short period of time.

The team will announce the OS publicly soon after completion of phase 3, but for now Chiragh proudly shows off his creation on the J.A.R.V.I.S project website.

Read More

Top 7 Best Operating System For Hacking

Be The First To Comment


Hacking is not an art than can be mastered overnight, it requires dedication and off-course time. Have you ever thing why Hacking is possible because of “unaware developers and inappropriate programming techniques” . As a Ethical hacker i personally realize that You can never stop hackers to hack something, you can just make his task harder by putting some extra security. if you are really interested in Hacking, You need to be know Which Operating systems are used Hackers.

Today i want to say u that which is the best operating system for hacking a/c hackers .
1.  Kali Linux :-



Kali Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub.
2. BackTrack 5r3 :-

The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.
3. BackBox Linux :-

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.
4. Samurai Web Testing Framework :-

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
5. NodeZero Linux :- 
Best-operating-system-used-for-Hacking1
Penetration testing and security auditing requires specialist tools.The natural path leads us to collecting them all in one handy place. However how that collection is implemented can be critical to how you deploy effective and robust testing.
All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
6.  Knoppix STD :-
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.



7.  CAINE :-
Best-operating-system-used-for-Hacking1
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.



Read More

Monday, 13 January 2014

MIT University website defaced by Anonymous hackers in honor of Aaron Swartz

1 Comment

Today is January 11, 2014 and the last year on the same day a 26-year-old, young hacker, Reddit cofounder and the digital Activist, Aaron H. Swartz committed suicide. He found dead in his Brooklyn, New York apartment, where he had hanged himself.
Swartz was indicted by a federal grand jury in July 2011, accused of hacking the MIT JSTOR database and stealing over four million documents with the intent to distribute them.

He could have prison for 50 years and $4 million in fines by the Court, but before that he committed suicide in fear. Swartz's father, Robert, later blamed the MIT and the judiciary system for his son's death.

On the first Anniversary of Aaron Swartz, today the Anonymous group of hackers defaced the sub-domain of the Massachusetts Institute of Technology (MIT) website (http://cogen.mit.edu/) for about an hour as part of #OPLASTRESORT.

Defacement page was titled 'THE DAY WE FIGHT BACK'. The message posted on it, “Remember The Day We Fight Back, Remember. We Never Forget, We Never Surrender, Expect Us.”
At the time of writing, the domain was down. The attack on the website of MIT is a part of the tragic suicide of hacker Aaron Swartz to give him tribute.

It was the MIT's role in the federal prosecution against an activist, which ultimately led to him committing suicide, but the U.S Government has not learned anything and they are planning to make laws stricter against hackers. Recently, The Senate Judiciary Committee Chairman 'Patrick Leahy' reintroduced a revamped version of the "Personal Data Privacy and Security Act" for tough criminal penalties for hackers. The new bill suggests 20 years in prison, rather than 10 years (currently) and also recommending to give same penalties for the hackers who even attempt to hack the systems, but doesn't succeed.
Read More

Wednesday, 1 January 2014

Snapchat Got Hacked 4.6million Users Phone Numbers Leaked Online

Be The First To Comment
Snapchat Got Hacked 4.6million Users Phone numbers Leaked Online. First biggest hack starting with this New Year 2014. ZDnet has reported earlier that, "The Australian hackers announced its publication of Snapchat's API and the two exploits on the GibSec Twitter account on Christmas Eve ".
After this report hackers  use this trick and create a Video to access Snapchat hacks.

video



 Snapchat is a photo messaging application developed by Evan Spiegel and Robert Murphy, then Stanford University students. Using the app, users can take photos, record videos, add text and drawings, and send them to a controlled list of recipients. These sent photographs and videos are known as "Snaps".

When cyber security researcher submits website exploit report to companies, they didn't take it seriously. If Snapchat took action on these exploits before, then this was not happened.

As before True caller database was also hacked in July 2013. we hope other social network website will learn from these hacks and will more secure their servers.

Now SnapchatDB.info has been suspended after this leaked.

Read More

Sunday, 8 December 2013

Attention: The NSA is Tracking Online Porn Viewers to Discredit

Be The First To Comment

Sitting on the wire, the NSA has the ability to track and make a record of every website you visit.  Today, the Huffington Post revealed that the NSA is using this incredible power to track who visits online porn websites, and to use this information to discredit those it deems dangerous. Their porn habits would then be "exploited to undermine a target's credibility, reputation and authority."   
The story was illustrated with six individuals, none of whom are designated terrorists themselves. Instead, they are deemed "radicalizers," people—two of which the NSA itself characterized as a "well-known media celebrity" and a "respected academic"—whose speeches and postings allegedly incite hatred or promote offensive jihad. 
The report raises the specter of abusing online viewing records to discredit other political opponents of the US government. The NSA document was reviewed not just by the NSA and counter-terrorism officials, but by entities like the Department of Commerce and the US Trade Representative. The USTR negotiates treaties (like the controversial Trans-Pacific Partnership), and one could certainly imagine that the leverage from this program could be useful in pushing for the US position. In fact, EFF and three dozen civil society groups have already asked the NSA to explain if they are spying on those advocating for the public interest in US trade policy.
Ed Snowden's latest revelation may leave SEC officials quaking as the NSA "has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches." Of course, as we have seen, this 'information' would never be used by the government for non-radical-terrorist suppressing reasons, as the ACLU notes, is is "an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information using tactics associated with the secret police services of authoritarian governments."
Via Snowden...
The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document.

The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target’s credibility, reputation and authority.

The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger.”
Full ACLU Statement:
The NSA considered discrediting six people by revealing surveillance evidence of their online sexual activity, visits to pornography websites, and other personal information, according to a report today in The Huffington Post. The article cited documents leaked by former NSA contactor Edward Snowden. The targets of the NSA’s plan were all Muslims whom the NSA characterized as “radicals” but who were not believed to be involved in terrorism. The documents say one of the targets was a “U.S. person,” a term describing American citizens and legal permanent residents, but all of the targets were reportedly outside the United States.

American Civil Liberties Union Deputy Legal Director Jameel Jaffer had this reaction:

“This report is an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information. One ordinarily associates these kinds of tactics with the secret police services of authoritarian governments. That these tactics have been adopted by the world’s leading democracy – and the world’s most powerful intelligence agency – is truly chilling.”

The administration keeps on attempting to justify the NSA spying by claiming there is oversight from the other branches of government. But, as Pentagon Papers whistleblower Daniel Ellsberg noted in the Why Care About NSA Spying video, spying makes a mockery of that separation. How can that oversight be meaningful if the NSA's huge storehouse of information contains the private viewing habits of every senator, representative, and judge? When the only protection against abuse is internal policies, there is no serious oversight. Congress needs to take action now to rein in the spying.


Read More

Saturday, 7 December 2013

2 million Facebook, Google, Twitter passwords stolen

Be The First To Comment
Times of India |1 day ago |Posted By: landmarkvacanc ymanagemen
Security experts have uncovered a trove of some 2 million stolen passwords   to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe. 

Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the "Pony botnet." 

The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers' credentials it had found on the server. 

The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims' were from the United States, Germany, Singapore and Thailand, among other countries. 

Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached. 

SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down thePony botnet server. 

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was "123456," which was used in nearly 16,000 accounts. Other commonly used credentials included "password," "admin," "123" and "1." 

Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack. 

"People are using very dumb passwords. They are totally useless," he said.

Read More

Monday, 25 November 2013

Top 5 Beautiful Female Hackers in the World

Be The First To Comment
Hacking has traditionally been a man’s world, but women are quietly breaking into the hacker subculture. Take a look at top 5 female hackers in the world.

1. Kristina Vladimirovna Svechinskaya



Kristina Svechinskaya, a New York University student is one of the most common names in the hacker’s world. She is Russian money mule maker who was arrested on November 2010 and accused of breaking into millions of dollars from several banks in Britain and America and for usage of multiple fake passports. Svechinskaya was dubbed "the world's sexiest computer hacker" for her raunchy, but casual appearance.


Svechinskaya used Zeus trojan horse to attack thousands of bank accounts along with nine others and opened at least five accounts in Bank of America and Wachovia to disburse the theft money. For all her hacking activities and for using the passports fraudulently it is said that she may have to pay huge penalty of 40 years of imprisonment. It is estimated that with nine other people Svechinskaya had skimmed $3 million in total.


2.Joanna Rutkowska

Joanna Rutkowska

Joanna Rutkowska is a Polish woman who is interested in the world of hacking security. Her name first became known as the Black Hat Briefings conference in Las Vegas, August 2006. Rutkowska presented during which the attack she had done to the security system windows vista. Not only that, Rutkowska also been attacked Trusted Execution Technology and Intel's System Management Mode. 

Early 2007 she formed Invisible Things Lab in Warsaw, Poland. A company that focuses on OS security research and consulting services as well VMM internet security. The year 2010 also Rutkowska with Rafal Wojtczuk form Qubes, an Operating System that is very full protect security. Rutkowska also open to advise Vice President of mikocok Security Technology Unit to further tighten the security system in windows vista. Waw, Rutkowska is a hacker who is very welcome to work with.


3. Ying Cracker

Ying Cracker

Cracker ying, a teacher from Shanghai China. SHe taught about the basic process of hacking guide, how to change the IP address or manipulate office password, wow!
She is also an expert in making software hackers.
In a forum titled Chinese Hackers Hottie, his name is much discussed and it makes its popularity gaining altitude. In the forum she's also got a lot of fans members. It was the beginning credibility soar.


4. Raven Alder

Raven Alder

Raven graduated from high school at the age of 14 and college at 18. She was the first woman to give a presentation at the DefCon hacker’s conference. Adler an half ISP engineer, half security geek, is a contributing author to several technical books, magazines and a frequent speaker at conferences She designs, tests and audits intrusion detection systems for large federal agencies. She has worked as a Senior Backbone Architect and Senior Security Consultant in IT security. Her interest in securing networks end-to-end has led her to examine and pioneer standards in the security of network infrastructure.




5. Xiao Tian 
 Xiao Tian
Xiao Tian, just out of her teenage became famous after forming China Girl Security Team, a group of hackers especially for woman which is China's largest today, the group has over 2,200 members. Tian created the now-infamous hacking team because she felt that there was no other outlet for teenage girls like herself in the male-dominated world of hacking. Its time to Move over male Asian nerdy computer geeks, female Asian nerdy computer geeks are here to stay.

Read More

Saturday, 26 October 2013

The NSA’s Website (NSA.gov) Is Down

Be The First To Comment
The National Security Agency’s website has been down for at least 30 minutes. Officials have acknowledged the outage, but won’t say if it was hacked. At least a few Twitter accounts that sound like the elite hacktivist contingent, Anonymous, are taking credit.
Official Anonymous channels are just making fun of the outage:
To be sure, The NSA’s website has been hacked before. But, we won’t speculate, for fear of perpetuating the kinds of rumors implied by this delightful XKCD comic:














While we’re all waiting to figure out what went wrong, feel free to add your own Healthcare.gov jokes in the comments.
Update: LOLZ

Read More

Friday, 18 October 2013

"LeaseWeb" Hacked by KDMS Team

Be The First To Comment
World's Largest Web Hosting company "LeaseWeb" Hacked by KDMS Team




LeaseWeb is one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team. LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that Leaseweb had deleted all Megaupload user data from 690 servers without warning.

The hacker group replaced the Homepage of the website for just a few hours with an Anonymous Palestine, homepage titled "You Got Pwned" and the defacement message says:

     Hello Lease
     Web Who Are You ?
     Who is but the form following the function of what
     and what are you is a hosting company with no security
     KDMS Team : Well ,, We Can See That :P

We noticed that Attacker has just changed the DNS server to point the Domain to another server at 67.23.254.6, owned by the attacker. At the time of writing, Leaseweb team resolved the issue and get their Domain back to the original server.

But because the hack was done just a few hours back, Google DNS cache still pointing to domain to the attacker's server. Change your their DNS server to 8.8.8.8 and access LeaseWeb site again, you will be able to see the defaced page, as shown above.

The hacker also posted on the homepage,"Do You Know What That Means ? We Owned All Of Your Hosted Sites Index On Your Site Is The Prove ;)".

It seems a DNS hijacking only, But Hackers told The Hacker News, "We owned Leaseweb  Servers and kept some of their servers for us. But we only changed the DNS Server for now, because we faced some problems with the company website. Here, all what we need .. is to add our signature on their homepage to prove that there is not Completely Secure. If we can pwn them, we can hack other big providers too.,"

The hackers didn't claim that they get hold on customers' information or Credit card numbers. Stay tuned with us for further updates on this hack Story.

Update (9:35 PM Saturday, October 5, 2013 GMT): We contacted and ask LeaseWeb to provide an official statement over the Hack and claims by Hacker.

Update (5:51 AM Sunday, October 6, 2013 GMT): LeaseWeb confirmed the hack and tweeted, "Website should be back to normal in a few hours. No customer data compromised. We continue to investigate."

Hackers exploited a Zero-day SQL Injection flaw in Web Hosting software WHMCS used by LeaseWeb also.
 
Read More

Sunday, 13 October 2013

Top 10 Most Hacking Countries

Be The First To Comment


1. China


The Chinese may not always guilty, but have a share of 41% of hacker attacks. Just one year before the Republic of China was responsible for only 13% of cyber attacks according to Akamai, and share in the third quarter was 33%.

2. U.S.A

Every tenth hacker attacks worldwide originated in the United States.

3. Turkey

Bronze medal for Turkey, accounting for 4.7% of global cybercrime.

4. Russia

Russia is considered to defuse the situation from 6.8% to 4.3% October-December 2012.

5. Тaiwan

Taiwanese are responsible for 3.7% of computer crimes at the end of 2012

6. Brazil

Brazil registered a decline of hacking attacks - from 4.4% at the end of 2011 to 3.8% in the third quarter of 2012 and 3.3% - in the fourth.

7. Romania

The seventh is Romania with a share of 2.8%.

8. India

India is responsible for 2.4% of hacking attacks worldwide.

9.Italy

Italy's share falling to 1.6%.

10. Hungary

Hungary is responsible for 1.4% of cyber attacks in late 2012.

Read More

Saturday, 12 October 2013

Google Prevails in Legal Dispute Over Browser Tracking

Be The First To Comment


A legal dispute over Google's practice of tracking users to create targeted advertisements ended Wednesday as a federal judge ruled in the company's favor.
A class action lawsuit, titled Google Inc. Cookie Placement Consumer Privacy Litigation, was brought by web browser users who alleged that Google avoided browser security settings, using cookies to track usage on computers and mobile devices. The plaintiffs alleged that the company wrongfully maneuvered its way through browser security. They further claimed that this tracking information informed Google's use of targeted ads.
The lawsuit, which also named online advertisers Vibrant Media and Media Innovation Group, was thrown out by a federal judge in Delaware on Wednesday. Judge Sue Robinson acknowledged the fact that the companies in question avoided browser security, tracking the users, but said the plaintiffs did not prove they suffered damage from this action.
In an official document reproduced by CNET, the judge explained the reasons for the decision. Chief among these is the argument that "the transfer of inputted information (which would have occurred regardless of Google's placement of cookies) does not rise to the level of a serious invasion of privacy or an egregious breach of social norms."
What do you think of the ruling? Tell us your opinion in the comments below.
[via Wall Street Journal, CNET]
Image: Flickr, Victor1558

Read More

Friday, 11 October 2013

Some Unwanted Computer Security Threats

1 Comment
Computer security threats are relentlessly inventive. Masters of disguise and manipulation, these threats constantly evolve to find new ways to annoy, steal and harm. Arm yourself with information and resources to safeguard against complex and growing computer security threats and stay safe online.

image credit - www.schoolcounselor.com  


                          
Computer Virus Threats

Perhaps the most well known computer security threat, a computer virus is a program written to alter the way a computer operates, without the permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process. Learn how to combat computer virus threats and stay safe online.

Spyware Threats

A serious computer security threat, spyware is any program that monitors your online activities or installs programs without your consent for profit or to capture personal information. We’ve amassed a wealth of knowledge that will help you combat spyware threats and stay safe online.

Hackers & Predators

People, not computers, create computer security threats and malware. Hackers and predators are programmers who victimize others for their own gain by breaking into computer systems to steal, change or destroy information as a form of cyber-terrorism. What scams are they using lately? Learn how to combat dangerous malware and stay safe online.

Phishing Threats

Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. How can you tell the difference between a legitimate message and a phishing scam? Educate yourself on the latest tricks and scams.

Read More

Saturday, 17 August 2013

How to protect yourself from apps that make Wi-Fi hacking simple

Be The First To Comment
 
 
It's not paranoia: Using public or open Wi-Finetworks without taking your security into consideration is a bad idea. You don't even have to crack the network's passwords to grab tons of data from unsuspecting users on the network-We've shown you how to do it, and how to stop it from happening to you. Now, dSploit, a security toolkit for Android, makes that process so simple anyone can do it. Here's how it works, and how to protect yourself. 

What is dSploit ?
dSploit is actually a suite of security tools bundled together in one application. It runs on rooted Android (2.3+) devices, its code is freely available at GitHub, and it's actually a great utility if you're a security professional or otherwise enjoy the ins and outs of network security, hacking, and penetration testing. We want to be clear that we're not villainizing the tool here; unlike apps like Firesheep, Faceniff, and Droidsheep, dSploit isn't made for the sole purpose of cracking networks or hijacking user sessions. It can certainly sniff out passwords transmitted in plain text on an open network, and it can crack poorly secured Wi-Fi networks. It can also scan networks for vulnerabilities, crack keys on common routers, and of course, hijack browser, website, or social network sessions and hold on to them. You can see a full list of the tool's features here. 

For a security professional, an amateur looking for an affordable way to learn more about network security (or who's been tasked by their office to secure their Wi-Fi but can't afford professional pen-testers), or someone looking to protect their own network, dSploit can be a valuable resource. It can also be a valuable resource for people looking to steal your data. That's why we're going to talk about how it works and how you can protect your passwords and private data from anyone else using it. 

How dSploit (and other apps like it) work
dSploit makes it easy to do two things: Sniff out passwords being sent unencrypted, and hijack active browser sessions so you can masquerade as someone who's already logged in to a site or service. In both cases, they're really one-touch operations once you have the app installed. The former is easy to do. If someone is visiting a site, or logging in to a service without using HTTPS or SSL, your password is likely being sent in clear text. Anyone sniffing packets on a network can capture them without having to do any real kind of packet inspection, and once they have it, they'll try it on as many sites and services as possible to see if you use it for other accounts. The video above, from OpenSourceGangster, explains how the app works in detail, and how to use it. 

The latter is a bit more intricate. If you're not familiar with session hijacking, it's the process of capturing cookies to exploit a valid active session that another user has with a secured service in order to impersonate that other user. Since no sensitive data like a login or password is transmitted in the cookie, they're usually sent in the clear, and in most cases they're used by web sites and social networks as a way of identifying a user with a current session so the site doesn't forget who you are every time you reload. This is the most common attack vector for apps that sniff out passwords and sessions via Wi-Fi. We showed you how this works when Disconnect, one of our favorite privacy protecting browser extensions, added protection against widget jacking and session hijacking, if you want to see an example. 

dSploit approaches session hijacking in a similar manner to the other tools we've mentioned, mostly because it works well. The folks over at MakeUseOf explain how the app works in further detail, including some of the things you can do with it. Many web sites just encrypt your username and password, and once that handoff is made, everything else is unencrypted. While many sites have moved to HTTPS (and there are tools to help that we'll get to a little later), most require you to activate their HTTPS features. Many other sites haven't bothered moving to HTTPS universally at all. 

What's the real risk here ?
The real risk from tools like this varies. The odds of you encountering someone in your local coffee shop running dSploit, Firesheep, or any other app like them to capture passwords and hijack sessions is pretty slim, but as we've mentioned, it only takes one person to ruin your day. 

Someone could just capture as many Facebook or Twitter sessions as they can (after which they can change a user's password and keep the Facebook account for themselves), hijack Amazon shopping sessions and grab address and credit card information, read your email and chats, and so on. The risk goes up with more and more tools available that are easy for anyone to use, and with the number of people out there who simply don't protect themselves by encrypting their data. 

How can I protect myself ?
Protecting yourself from these tools like it is actually remarkably easy if you put in the effort to actually do it: 

* Turn on HTTPS on every site that allows you to connect with it, and install HTTPS Everywhere. This will make sure you're using HTTPS at all times, whenever possible, and none of your web browsing traffic is sent unencrypted. 

* Get a privacy-protecting browser extension like Disconnect, which also protects against widget jacking or side-jacking. Disconnect is our favorite, but it shouldn't be the only tool in your toolkit. 

* Use a VPN when browsing on public, free, or other open networks. We've explained why you should have a VPN before. We've even explained how to tell if a VPN is trustworthy. Using a VPN is the best way to make sure all of your data is encrypted and safe from anyone else on the same network, whether it's wired or wireless, public or private. 

* Use your head, and practice good internet hygiene. Hone your phishing and scam detection skills, turn your BS detecter up to max, and learn how to protect yourself from online fraud. Someone doesn't have to hijack your session or passwords to get to you-they could just as easily replace the website you're on with one that looks like it but insists you give it a ton of data first. Be smart. 

* It doesn't take much to use HTTPS everywhere you can, fire up a VPN if you're going to be working from the library, or just not to use public Wi-Fi and wait until you get home or tether to your phone instead (that's always another option). However, if everyone did it, unscrupulous use of tools like these wouldn't' be an issue and only the people who needed them would use them. However, as long as they're so effective, it makes sense for you to take the necessary steps to protect yourself.


Read More