Here are the ways of the most common and most frequently used: ... ..
[1]. Social Engineering
[2]. Keylogger
[3]. Web Spoofing
[4]. Facing Email
[5]. Password Cracking
[6]. Session hijacking
[7]. Being a Proxy Server
[8]. Utilizing User Negligence FiturBrowser In Use
[9]. Googling
[1]. Social Engineering
Social Engineering is the name of a technique of collecting information by exploiting loopholes victim psychology. Or maybe it should also be regarded as 'fraud' Social Engineering requires patience and caution to the unsuspecting victims. We are required to be creative and able to think like a victim.
Social Engineering is the art of 'force' people to do things according to your expectations or desires. Of course, 'coercion' that do not openly or outside of normal behavior is usually done with the victim.
[2]. Keylogger
Keylogger is a software that can record user activities. The results of the tape used to be stored in the form of text or images. Keylogger work on pounding the keyboard user. This application is able to recognize these forms as sensitive as a password form.
There are safe ways to avoid keyloger:
1. Use passwords with special characters such as !@#$%^&*(){}[].
2. Prepare a password from home, store it in text form. When you wish to enter a password, copy-paste tingal ajah. But this way is somewhat risky. Why? because when you do copy, your data will be stored in the clipboard. Currently, many found free software that can display the data in the clipboard.
[3]. Web Spoofing
Still remember the case pecurian customer of Bank BCA account number? Yes, that's one obvious example of Web spoofing. The essence of this technique is to take advantage of user error when typing a website address in the address bar. Basically, Web Spoofing is an attempt to dupe victims into thinking he is accessing a particular site, but it's not.
In the case of BCA, the perpetrator makes the site very similar and identical to the original site so that the victim is deceived will not hesitate to fill in sensitive information such as user name and password. In fact, because the site is a scam site, then all the valuable information was recorded by a fake webserver, which is owned by the perpetrator.
[4]. Facing Email
Facing an email? Yes, and very easy to do this. One way is to use mailsnarf contained in dsniff utilities. How it works is by blocking mailsnarf data packets through the Internet and compile them into an email intact.
Dsniff and mailsnift is a software to work on the basis of WinPcap (equivalent to libcap on Linux) is a library that captures data packets. Captured packets will be stored in a file by Windump, while Dsniff and mailsnarf went further that analyze the data packets and display the password (dsniff) or email content (mailsnarf).
[5]. Password Cracking
'Hacking while sleeping. " That phrase is usually used by people who perform password cracking. One of the software used to do this is by using Brutus, one type of software remote password crackers are quite famous. Brutus works with engineering dictionary attack or bruce-force attack against ports http, POP3, ftp, telnet, and NetBIOS.
Dictionary Attack works with tried out the words in the dictionary passwords. While the brute - force attack works with try out all combinations of letters, numbers, or characters.
Brute Force Atack working very slow and takes a long time depending on the type of computer specifications and character length password. When this has been a lot of sites that blocked access to access to the login attempts are continually unsuccessful.
[6]. Session Hjacking
Session hijacking today's increasingly prevalent among the attackers. Session hijacking usually done by imitation cookies. So basically, we should be able to mimic the cookies of the victim to get their login session.
Then how do I get the victim's cookies?
1. With Cookies analysis.
This method is relatively difficult.
2. Stealing cookies.
For example the attacker wanted to get an account of the A. The attacker can easily make some kind of script that inserted Java script in the email to be sent to korban.Saat victim opens the email, without conscious cookies will be stolen and recorded into a webserver by using a PHP script.
I have tips for this:
1. Do not use the Internet Explorer browser
When you wish to open other people's profiles, do not use Internet Explorer. Note the address intending profile you can see, the first logout of your account and clear out all cookies, then open the destination Friendster profile.
2. Check the source code
When receiving a testimonial, please check your source code. Are there foreign script or words that are synonymous with piracy, such as:
'HACKED', 'DEFACED', 'owned' .. etc. ..
If in doubt ... .... ajah reject ..
Actual session hijacking can be prevented if only the service providers pay attention to the following:
1. Assign a unique session identifier
2. Establish a system patterned random identifier
3. Session identifier is independent
4. Session identifiers can be mapped to the connection
client side.
[7]. Being a Proxy Server
We can gather information with a proxy server for victims to be able to surf. With a proxy server, the identity of the surfer can be ours.
[8]. Utilizing user Negligence in the use fixture browser
Each browser must have features intended to ease and convenience of users in the surf. Among them is the presence of the cache and Password Manager.
On the Internet of course, many a website whose content is not changed within a few days (for example spyrozone.tk Well, for sites like these caches become very useful. Cache will store the files so it will browse if you come again to the site the browser no longer have an ad ***** d for the second time from the server so that every page of sites you have open before will open more quickly. All that is usually governed by the header time to live.
Well, what about the sites news providers are always up to date? For sites like that, time to live it will be set = 0 so that later you will continue to do every time an ad ***** d visit.
Quite convenient is not it? Yes, but the threat began to emerge. Try it now you explore the options related to the cache in your browser. Sure you can see that there are facilities to determine how much the temporary files that can be stored on disk. Search also the location where the files will be saved.
Try to open the folder, you will find the files html & image files from sites you have visited. In the IE browser, you can view the location of the cache files by exploring the menu Tools - Internet Options - Settings
So what can be obtained? yet only the files 'junk'? Hmm ... now you try to copy all the files there into a folder. Then open one of the HTML file. If it is a public computer, you can find any site that is accessed by the person before you.
just by looking at your temporary files can even see the password and etc.. I met many sites store passwords and display them on the url. Of course, you also must have read it many times in various tutorials.
Most browsers today have facilities to store passwords. For example when receipts Mozilla Firefox, you'll often receive a confirmation dialog box asking if you want your password saved or not by PasswordManager. Most users tend to choose the YES option, either consciously or they did not know (read: do not want to know) what the purpose of that dialog box.
Others who then use the browser it can very easily get the password the victim by entering the menu Tools - Options - Security - Saved passwords.
Another example is the wand password facility owned by the Opera browser. When you enter a user name and password in a form and press the submit button, opera by default it will ask for confirmation to you whether you want the browser to store your id and password or not. Again and again ... mostly netter careless, they tend to choose the option 'YES'.
[9]. Googling
Google.com. Many sites already on the decline, passwords and numbers - credit card numbers are stolen as a result of the act of someone who miracle Formerly, this is easily dilakukan.Hanya by typing in certain keywords associated with a user name and password, you can harvest hundreds of passwords a user via google. But now it looks like you have to bite the fingers if you use the above manner
Do not be sad before because Google has just spawned a new product, the Google Code Search. The new threat began to arise, 'the smart' is now able to crawl up to the archive file that is located in a public web server directory. Be careful who had a habit to store important information in it (passwords, and valuable info) should start the habit now, it is removed.
