IP spoofing is the attack used by hackers to steal a user’s IP address. IP spoofing involves spoofing a Transmission Control Protocol (TCP) connection, since IP Addresses are passed within TCP packets. When two hosts want to establish a TCP session, they must synchronize their connection using a TCP mechanism called "3 way handshake". This mechanism is composed of three phases:
I have recently started a course on Database Security and had some difficulties in deciding whether to use MySQL or Oracle as the Database system for lab assignments. I got into the MySQL vs. Oracle debate that has been going on since before the web started. As you might imagine, the reasons to use either database over the other can fill entire books, so I tried to compare them based on their main feature sets.
A friend of mine logged into her account yesterday after 2 weeks of being off facebook, and was devastated to see that she had shared pornographic images with friends and family; I had a good laugh about it, but she was madd... After seeing an outburst of facebook accounts being hacked, including lots of my friends accounts, i have decided to share some knowledge on things you can do to reduce the risk of your facebook account being hacked. So there are several things you can do to protect your account from being hacked, we will go through each one of them in detail here, and how to implement each one.
Kochure is a module i developed as part of my final year project based on "Mitigating HTTP Session Hijacking", This article is a discussion of the module we came up with, the implementation of this model in the form of an apache module, and the testing and results of this module. Whe
Secure Socket Layer
In a perfect world, persons using the internet would be browsing websites without hackers being able to gain access to their information. However, this world is not perfect and internet users are vulnerable to attacks carried out by hackers; On the internet, and data you send can be seen and manipulated by others. The currently used solution for this problem is websites allowing their users to use Secure Connections to browse the internet.
This is a tutorial that demonstrates just how simple it is to get access to facebook accounts without the user's password or username. This tutorial demonstrates Session Hijacking (discussed here: http://www.cleverlogic.net/tutorials/session-hijacking-0). This is a simple attack done on an unsecured wifi network with the permission of all users on the network.
The aims of this tutorial are:
Firesheep is a Firefox extension that demonstrates HTTP session hijacking attacks over unsecured wireless networks. Firesheep is a simple module, and has no spectacular functionality other than a simple and easy to use user interface that allows end users to carry out session hijacking attacks. This module was implemented in 2010 with the aim of educating users about the insecurities of plain HTTP connections and unsecured wireless networks (GmbH, 2011).
Stealing session information using proxy servers involve tricking the user’s browser into connecting to a server different from the one she thinks she is connecting to. An email message might, for example, offer a special 50% discount (for carefully selected users only, of course) on anything at Amazon.com, with a convenient link to that site—except, of course, that link is actually to the attacker’s own server, something like this:
“<a href="http://reallybadguys.com/gotcha.php">Click here for a 50% discount at Amazon.com!</a>”
Cross site scripting is an attack carried out by injecting malicious scripts into vulnerable web applications (including trusted websites and those using secure connections). An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script.
Cross site scripting is one of the attacks that can be used to steal user’s session information, since these scripts can be injected into the user’s browser and can be used for anything including returning user’s session information and session fixation (OWASP, 2010).