Monthly Archives: December 2017

  • 0
Security flaw in WPA2

Security Flaw in WPA2

Category : Blog

 

Security Flaw in WPA2

Security flaw in WPA2, the security protocol for most modern WiFi systems could make it easily possible for the attackers to steal all sorts of sensitive data such as credit card numbers, passwords, emails etc – said by Researchers at Belgian university KU Leuven.

Security flaw in WPA2

Wifi systems could be vastly affected by the WPA2 flaw.

In fact the security flaw also could permit an attacker to vaccinate or influence information in the system, depending on the network configuration – for example, inoculate ransomware or other malware into websites being used only because of the security flaw.

wifi-wpa2

Widespread Impact

According to the researchers, a sequence of susceptibilities was found in Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other systems. Users will have to update affected products the moment patches become available, to fix the issue.

The research has been presented at the ACM Conference on Computer and Communication Security, which took place from October 30 to November 3 in Dallas, and will have its presence at the Black Hat Europe conference in December.

According to the company, it was wise to withdraw from disclosing the flaw in order to sanction other vendors some more time to develop and release updates.

As a proof of concept, the DistriNet researchers implemented a significant reinstallation attack (KRACK) against an Android smartphone, stating that Linux and Android 6.0 or higher were predominantly susceptible. Both operating systems can be conned into reinstalling an all-zero encryption key.

The focal attack is against the four-way handshake of the WPA2 protocol, according to the researchers. The handshake takes place when a user wishes to join a secure WiFi network and the protocol is used to approve that the client and access point have the accurate credentials.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


  • 0
Breach of personal data

Breach of personal data

Category : Blog

Breach of personal data

Breach of personal data by online hackers has jeopardized the online user’s life in a great way. It’s usually the weakest link that hackers go for at first to gain access to your online accounts.

Breach of personal data

Over 1.4 Billion plain texts leaked passwords dispersed online

Reusing the same password across multiple channels gives hackers opportunity to break into the online user’s other online accounts by using the credentials gathered via breach of personal data.

Researchers from security firm 4iQ have now discovered a fresh group of the database on the dark web (released on Torrent as well) that comprises of a massive 1.4 billion usernames and passwords in clear text.

We downloaded a copy to verify its authenticity a few days ago, from a post on Reddit that gained more publicity. Even though the links to download the collection were already circulating online over dark-web sites from last few weeks.

The 41GB gigantic collection, as shown below, comprehends 1.4 billion usernames, email, and password arrangements—well fragmented and organized into two and three level handbooks said by researchers.

The combined databank covers plain text credentials leaked from Pastebin, Bitcoin, MySpace, LinkedIn, YouPorn, Netflix, Zoosk, Last.FM, RedBox, Badoo, games like Runescape and Minecraft, as wells as credential lists like Exploit.in, Anti Public.

Password selecting policies

 

Password selecting policies are important to follow while selecting passwords for your various online websites. The only rule to follow password selecting policies is to mix and match and create a unique & precise password that you can remember.

The databank has been tidily structured and indexed alphabetically so that hackers with basic knowledge can quickly search for passwords.

While some of the breach cases are somewhat old with stolen credentials circulating online for some time, the accomplishment ratio is still high for lawbreakers, due to user’s mean habit of re-using their passwords through diverse platforms and selecting easy-to-use passwords.

It is still uncertain who is accountable for uploading the databank on the dark web, but whoever it is has incorporated Dogecoin and Bitcoin wallets for any user who wishes to contribute.

In order to safeguard yourself, it is highly advised to stop using the same passwords across multiple websites and also to retain complex and strong passwords. We also follow the password selecting policies to create hack-proof passwords.

For example, you can easily use the “LEET” language to select your unique password like, convert “Sneha likes swimming” into “$N3#@|!K3$$WMM!N&” this is shown just for example. You can create various short passwords using the same method or can also find resources online to help you encode the password you have chosen.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Show Buttons
Hide Buttons