A proxy server is a function that is used to obtain Web pages by other computers. It acts as a go-between from a computer to a target server. There is no communication between the computer and the server. Rather, the computer requests a Web page or a file housed on the target server. This request goes to the proxy server
Go, which, in turn, sends the request to the server. The proxy server then obtains the file and sends it to the requesting computer.
An example would be if you use your computer to request a Web page on the internet. The server requests the data and other files for you from the target server. When you type in a Web address, the request is sent to a proxy server. The server then sends the request to the target server that houses that particular website. Then the target server sends the Web page to the proxy server, which in turn, sends it to you. The target server sees the proxy server as the visitor, not you.
These servers improve the efficiency of your internet access. If you request a Web page or file, it is then stored on the proxy server. Once the data saves to the proxy server, it does not have to request the file again the next time you access it. The file automatically loads from the proxy server.
There are several types of proxy servers and uses. A proxy server that acts as the go-between for the requesting computer and server is a forwarding proxy. Another kind of forwarding proxy server is called an open proxy. You may use a public proxy if you want to conceal your IP address so that you remain anonymous during internet activity. An elite proxy offers the most anonymity. Not only does it not identify itself as a proxy, but also it does not reveal the IP address of the requesting computer.
A reverse proxy is different from the forward open proxies. With a forwarding proxy, the requesting computer is aware that it is connecting to a target server by way of a proxy, but a reverse proxy appears as an ordinary server. The computer thinks it is connecting to the target server when it is actually communicating with the proxy server.
Whatever kind of proxy you are using, remember that you must trust it. The proxy server provides both security and anonymity that is its job. However, the proxy must decode your information in order to send it through to the target server. This means that the proxy sees everything that you are doing, unless you are using SSL (Secure Sockets Layer) connections. This is security technology that establishes an encrypted link between a Web server and the browser. The SSL ensures that any data passed between the Web server and the browser stays private. Therefore, if you do not have an SSL connection, make sure that you trust the proxy that you use. It is the one thing that knows your real IP address.
So for more queries you can comment us below..
And you can also join us on Instagram and Facebook
In this Top 5 Wifi Hacking Tools we will be talking about a very
popular subject: hacking wireless networks and how to prevent it from
being hacked. Wifi is often a vulnerable side of the network when it
comes to hacking because WiFi signals can be picked up everywhere and by
anyone. Also a lot of routers contain vulnerabilities which can be
easily exploited with the right equipment and software such as the tools
included with Kali Linux. A lot of router manufacturers and ISPs still
turn on WPS by default on their routers which makes wireless security
and penetration testing even more important. With the following Top 5 Wifi Hacking Tools you are able to test our own wireless networks for
potential security issues. For most tools we’ve supplied a link to a
tutorial which will help you get started with the tools. Let’s start off
the Top 5 Wifi Hacking Tools with the first tool:
1 Aircrack-ng
Aircrack is one of the most popular tools for WEP/WPA/WPA2 cracking.
The Aircrack-ng suite contains tools to capture packets and handshakes,
de-authenticate connected clients and generate traffic and tools to
perform brute force and dictionary attacks. Aicrack-ng is an all-in-one
suite containing the following tools (among others):
– Aircrack-ng for wireless password cracking
– Aireplay-ng to generate traffic and client de-authentication
– Airodump-ng for packet capturing
– Airbase-ng to configure fake access points
The Aicrack-ng suite is available for Linux and comes standard with
Kali Linux. If you plan to use this tool you have to make sure your Wifi
card is capable of packet injection.
Number 2 in the Top 5 Wifi Hacking Tools is Reaver. Reaver is
another popular tool for hacking wireless networks and targets
specifically WPS vulnerabilities. Reaver performs brute force attacks
against Wifi Protected Setup (WPS) registrar PINs to recover the
WPA/WPA2 passphrase. Since many router manufacturers and ISPs turn on
WPS by default a lot of routers are vulnerable to this attack out of the
box.
In order to use Reaver you need a good signal strength to the
wireless router together with the right configuration. On average Reaver
can recover the passphrase from vulnerable routers in 4-10 hours,
depending on the access point, signal strength and the PIN itself off
course. Statistically you have a 50% chance of cracking the WPS PIN in
half of the time.
PixieWPS is a relatively new tool included with Kali Linux and also
targets a WPS vulnerability. PixieWPS is written in C and is used to
brute force the WPS PIN offline exploiting the low or non-existing
entropy of vulnerable access points. This is called a pixie dust attack.
PixieWPS requires a modified version of Reaver or Wifite to work with.
Since this tools has become quite popular in little time, it earns
the number 3 in our Top 5 Wifi Hacking Tools list.
Wifite is an automated tool to attack multiple wireless networks
encrypted with WEP/WPA/WPA2 and WPS. On start-up Wifite requires a few
parameters to work with and Wifite will do all the hard work. It will
capture WPA handshakes, automatically de-authenticate connected clients,
spoof your MAC address and safe the cracked passwords.
Wireshark is one of the best network protocal analyzer tools
available, if not the best. With Wireshark you can analyse a network to
the greatest detail to see what’s happening. Wireshark can be used for
live packet capturing, deep inspection of hundreds of protocols, browse
and filter packets and is multiplatform.
Wireshark is included with Kali Linux but also available for Windows
and Mac. For certain features you do need a Wifi adapter which is
supports promiscuous and monitoring mode.
VPN i.e Virtual Private Network is a network that helps you to creates a virtual tunnel between your computer and a server to
exchange data. It is private because it is supposed to require a
username and a password to be accessed and it is a network because it
links more devices to one or more servers all over different locations. A
VPN helps you surf the web anonymously for two reasons:
the websites you visit, see the VPN server’s ip, not yours.
VPN basically encrypts all the traffic before ISP (internet service provider) can intercept it.
There are free versions and paid ones. But still the VPN provider can
read your traffic. So you have to trust someone one way or another. What
if you could set up your own VPN instead ? It would be totally free and
totally (really ?) secure.
There are many ways to setup a private virtual private network . Some softwares are also available that provide you to create your own network some of them are mentioned below :-
Concluding, always remember: if you do something stupid enough to anger
people with enough resources, there’s no hope for you to remain
anonymous. Anonymity is a fact of not carrying out a stupid action, more than worrying about how to hide that action.
So for more queries you can comment us below..
And you can also join us on Instagram and Facebook
For thousands of people, the first time they heard of “ransomware” was as they were turned away from hospitals in May 2017.
The WannaCry outbreak had shut down computers in more than 80 NHS organisations in England alone, resulting in almost 20,000 cancelled appointments, 600 GP surgeries having to return to pen and paper, and five hospitals simply diverting ambulances, unable to handle any more emergency cases.
But the outbreak wasn’t the birth of ransomware, a type of computer crime which sees computers or data hijacked and a fee demanded to give them back to their owners.
Some of the earliest ransomware claimed to be a warning from the FBI demanding a “fine”, simply tricking users into paying up, or blackmailing them with accusations of trafficking in child abuse imagery.
Their tactics didn’t work for long. Bank transfers were easily tracked, cash payments were difficult to pull off, and if any variant got successful, people would trade tips on how to defeat it rather than pay the bill.
The modern ransomware attack was born from two innovations in the early part of this decade: encryption and bitcoin.
The modern ransomware attack was born from encryption and bitcoin.
Ransomware such as Cryptolocker, which first appeared in the wild in 2013, didn’t just lock up the screen – it encrypted all the data on the computer.
The only way to get it back was to pay the toll in return for the unlock key.
Even if you managed to uninstall the ransomware itself, the data was still locked up.
Bitcoin suddenly meant ransomware authors could take payment without involving the trappings of the conventional banking system such as pre-paid credit cards.
For almost five years, so-called “cryptoransomware” bubbled below the surface, struggling to spread. Generally it was centrally controlled, attacking new victims through direct mail campaigns, tricking users into downloading it, or through botnets of computers infected with other malware– going in through the front door, so to speak, rather than using weaknesses in computer systems to spread.
WannaCry changed that.
Ransomworms
May’s ransomware outbreak was notable for a number of reasons: the scale of the damage; the unusual way in which it came to an end, with the discovery of a badly hidden “kill switch”; and the growing belief that its architects were not cybercriminals, but state-sponsored actors, most likely working for or with the North Korean government.
But the most important aspect is why it managed to go from unknown to taking out a significant chunk of the NHS in a matter of days.
WannaCry was the first “ransomworm” the world had ever seen.
A “worm”, in computing parlance, is a piece of malware able to spread itself to be far more damaging than your typical computer virus.
They self-replicate, bouncing from host to host, and obeying all the epidemiological rules that real diseases do, growing exponentially and taking off when they infect well-connected nodes.
As computer security techniques have improved, worldwide worm outbreaks have become rare.
It is hard to engineer a piece of malware that will automatically execute on a remote machine without any user involvement.
Before WannaCry, the last major worm to hit the wild was Conficker.
One variant spread to almost 20m machines in one month in January 2009, infecting the French Navy, the UK Ministry of Defence and Greater Manchester Police.
But since Conficker, major worms had been rare other than the Mirai worm and botnet infecting badly-designed Internet of Things devices such as webcams.
WannaCry had a helping hand to break through. In April 2017, a mysterious hacking group called The Shadow Brokers released details of a weakness in Microsoft’s Windows operating systems that could be used to automatically run programs on other computers on the same network.
That weakness, it is believed, had been stolen in turn from the NSA, which had discovered it an unknown period of time before, code-naming it EternalBlue.
EternalBlue was part of the NSA’s toolbox of hacking techniques, used to attack the machines of US enemies – before one of them turned the tables.
The true identity of the Shadow Brokers is still unknown, although every piece of evidence points strongly to them being affiliated with the Russian state.
The Shadow Brokers first made themselves known in public in August 2016, auctioning a job-lot of cyber weapons which it said were stolen from the “Equation Group” – code-name for the NSA’s hacking operation.
Four more leaks followed including EternalBlue in April.
Microsoft fixed the EternalBlue weakness in March, before it was released by the Shadow Brokers, tipped off by the NSA that it was likely to be made public. But two months later, many organisations had yet to install the patch.
Outbreaks
A message demanding money on a computer hacked by a virus known as Petya in June 2017.
Ultimately, WannaCry was too successful for its own good, spreading so fast that security researchers were tearing it apart within hours of it appearing in the wild.
One of them, a young Briton called Marcus Hutchins, discovered that affected computers tried to access a particular web address after infection.
Curiously, the address wasn’t registered to anyone, so he bought the domain – and just like that, the malware stopped spreading.
It’s still unclear why WannaCry included this kill switch. Some researchers think it was because the authors had watched the progression of Conficker, which attracted undue attention.
Others speculate the version of WannaCry “accidentally” escaped the network it was being tested on.
Even with the kill switch active, the outbreak caused enormous damage. A report released in October focusing just on the effects on the NHS concluded that “the WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients”.
It said that WannaCry “was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice” such as installing the fixes that had been released in March.
“There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
A month later, one of those attacks arrived dubbed NotPetya, due to an initial, erroneous, belief that it was an earlier variant of ransomware called Petyna.
The malware was clearly built on the lessons of WannaCry, using the same EternalBlue weakness to spread within corporate networks, but without being able to jump from one network to another.
Instead, NotPetya was seeded to victims through a hacked version of a major accounting program widely used in Ukraine.
It still took out companies far and wide, from shipping firm Maersk to pharmaceutical company Merck – multinationals whose internal networks were large enough that the infection could travel quite far from Ukraine.
NotPetya had another oddity: it didn’t actually seem created to make money.
The “ransomware” was coded in such a way that, even if users did pay up, their data could never be recovered. “
I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” UC Berkley academic Nicholas Weaver told the infosec blog Krebs on Security.
That realisation meant the focus on Ukraine took on a new light. The country has long been at the forefront of cyberwarfare, constantly trading digital blows with its neighbour Russia even while the two countries trade actual blows over the Crimea.
If a nation state were to write malware with the aim of crippling the economy of its target, it might look a lot like NotPetya.
More to come
With Eternalblue slowly being patched, the age of the ransomworm might be over until a new, equally damaging vulnerability is found.
Instead, it looks like old-school ransomware will begin to take back the limelight – with a twist.
“People have become desensitised to common ransomware, where it just encrypts your files,” says Marcin Kleczynski, the chief executive of information security firm Malwarebytes.
Widespread backing up of data means fewer are willing to pay up.
So instead of just locking data away, attackers are threatening the exact opposite: publish it for all the world to see.
Such attacks, known as “doxware”, have already been seen in the wild, but currently just at a small scale or carried out manually, as when a Lithuanian plastic surgery clinic saw its files published for ransoms of up to €2,000 (£1762).
Now in today's fast growing technologies where people want more outcome in less duration of time Artificial Intelligence is playing an important role. Now today I am going to tell you about some high tech advance technologies till yet in Artificial Intelligence.
Natural Language Generation: Producing text from computer data. Currently used in customer service, report generation, and summarizing business intelligence insights. Sample vendors: Attivio, Automated Insights, Cambridge Semantics, Digital Reasoning, Lucidworks, Narrative Science, SAS, Yseop.
Speech Recognition: Transcribe and transform human speech into format useful for computer applications. Currently used in interactive voice response systems and mobile applications. Sample vendors: NICE, Nuance Communications, OpenText, Verint Systems.
Virtual Agents: “The current darling of the media,” says Forrester (I believe they refer to my evolving relationships with Alexa), from simple chatbots to advanced systems that can network with humans. Currently used in customer service and support and as a smart home manager. Sample vendors: Amazon, Apple, Artificial Solutions, Assist AI, Creative Virtual, Google, IBM, IPsoft, Microsoft.
Machine Learning Platforms: Providing algorithms, APIs, development and training toolkits, data, as well as computing power to design, train, and deploy models into applications, processes, and other machines. Currently used in a wide range of enterprise applications, mostly `involving prediction or classification. Sample vendors: Amazon, Fractal Analytics, Google, H2O.ai, Microsoft, SAS, Skytree.
AI-optimized Hardware: Graphics processing units (GPU) and appliances specifically designed and architected to efficiently run AI-oriented computational jobs. Currently primarily making a difference in deep learning applications. Sample vendors: Alluviate, Cray, Google, IBM, Intel, Nvidia.
Decision Management: Engines that insert rules and logic into AI systems and used for initial setup/training and ongoing maintenance and tuning. A mature technology, it is used in a wide variety of enterprise applications, assisting in or performing automated decision-making. Sample vendors: Advanced Systems Concepts, Informatica, Maana, Pegasystems, UiPath.
Deep Learning Platforms: A special type of machine learning consisting of artificial neural networks with multiple abstraction layers. Currently primarily used in pattern recognition and classification applications supported by very large data sets. Sample vendors: Deep Instinct, Ersatz Labs, Fluid AI, MathWorks, Peltarion, Saffron Technology, Sentient Technologies.
Biometrics: Enable more natural interactions between humans and machines, including but not limited to image and touch recognition, speech, and body language. Currently used primarily in market research. Sample vendors: 3VR, Affectiva, Agnitio, FaceFirst, Sensory, Synqera, Tahzoo.
Robotic Process Automation: Using scripts and other methods to automate human action to support efficient business processes. Currently used where it’s too expensive or inefficient for humans to execute a task or a process. Sample vendors: Advanced Systems Concepts, Automation Anywhere, Blue Prism, UiPath, WorkFusion.
Text Analytics and NLP: Natural language processing (NLP) uses and supports text analytics by facilitating the understanding of sentence structure and meaning, sentiment, and intent through statistical and machine learning methods. Currently used in fraud detection and security, a wide range of automated assistants, and applications for mining unstructured data. Sample vendors: Basis Technology, Coveo, Expert System, Indico, Knime, Lexalytics, Linguamatics, Mindbreeze, Sinequa, Stratifyd, Synapsify.
So today I have today you something about some hottest technologies .
For any queries you can comment us below.
And you can also join us on Facebook and Instagram.
We are getting many requests through emails, messages and on social media people are very much confused asking about how there passwords gets encrypted , and how does this encryption works, what are the algorithms used behind this encryption. So here i am going to tell you about one of the most widely used algorithm used for encryption known as MD5 or Message Digest Algorithm Before we proceed to MD5 i want to tell you something about Cryptographic Hashing.
Cryptographic Hashing
MD5 stands for Message Digest
algorithm 5, and was invented by celebrated US cryptographer Professor
Ronald Rivest in 1991 to replace the old MD4 standard. MD5 is simply the
name for a type of cryptographic hashing function Ron came up with, way
back in ’91.
The idea behind cryptographic hashing is to take an
arbitrary block of data and return a fixed-size “hash” value. It can be
any data, of any size but the hash value will always be fixed.
Cryptographic hashing has a number of uses, and there are a vast number
of algorithms (other than MD5) designed to do a similar job. One of the
main uses for cryptographic hashing is for verifying the contents of a
message or file after transfer.
If you’ve ever downloaded a particularly large file (Linux
distributions, that sort of thing) you’ll probably have noticed the
hash value that accompanies it. Once this file has been downloaded, you
can use the hash to verify that the file you downloaded is in no way
different to the file advertised.
The same method works for
messages, with the hash verifying that the message received matches the
message sent. On a very basic level, if you and a friend have a large
file each and wish to verify they’re exactly the same without the hefty
transfer, the hash code will do it for you.
Hashing algorithms also play a part in data or file identification. A good example for this is peer to peer file sharing networks, such as eDonkey2000. The system used a variant of the MD4 algorithm (below) which also combined file’s size into a hash to quickly point to files on the network.
A signature example of this is in the ability to quickly find data in hash tables, a method commonly used by search engines.
Another
use for hashes is in the storage of passwords. Storing passwords as
clear text is a bad idea, for obvious reasons so instead they are
converted to hash values. When a user inputs a password it is converted
to a hash value, and checked against the known stored hash. As hashing
is a one-way process, provided the algorithm is sound then there is
theoretically little chance of the original password being deciphered
from the hash.
Cryptographic hashing is also often used in the generation of passwords, and derivative passwords from a single phrase.
Message Digest Algorithm 5
The
MD5 function provides a 32 digit hexadecimal number. If we were to turn
‘abc.com’ into into an MD5 hash value then it would look like: 64399513b7d734ca90181b27a62134dc. It was built upon a method called the Merkle”“DamgÃ¥rd structure (below), which is used to build what are known as “collision-proof” hash functions.
No security is everything-proof, however and in 1996 potential flaws
were found within the MD5 hashing algorithm. At the time these were not
seen as fatal, and MD5 continued to be used. In 2004 a far more serious
problem was discovered after a group of researchers described how to
make two separate files share the same MD5 hash value. This was the
first instance of a collision attack being used against the MD5 hashing
algorithm. A collision attack attempts to find two arbritary outputs
which produce the same hash value – hence, a collision (two files
existing with the same value).
For more queries you can comment us below. or you can visit our social media links.
You have heard of this term IP Address many times in day-to day life
if you belong to IT sector, yes as soon as you heard about the term IP
only one thing that stucks in your mind is the IP of a computer which
you people might have seen. But what this IP actually is….?? IP address, or “internet protocol address”, is a unique
identifying number given to every single computer on the Internet. Like a
car license plate, an IP address is a special serial number used for
identification. NOTE:- An IP Address is different from a MAC Address or an Domain Name address
Any machine connected to the Internet has an IP
address Xbox games, cell phones, fax machines, and even soda pop
dispensers have IP addresses. In every case, the IP address acts both
like a car license plate and like a telephone number: it shows
ownership, allows the machine to be located by other machines, and
empowers authorities to track and protect people’s safety, if need be.
How IP addresses look:
IP addresses have two common formats. IP version 4 addresses are comprised of four numbers-only segments separated by dots:
e.g. 127.0.0.1
e.g. 253.16.44.22
e.g. 72.48.108.101
IP version 6 addresses are more complex. IPv6 addresses are comprised of 8 segments:
e.g. 3ffe:1900:4545:3:200:f8ff:fe21:67cf
e.g. 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A
Related: Read more about how IPv6 is different from IPv4.
IP address is not the same as www domain name addresses:
For nearly every web server, the IP address is invisibly translated
into a natural English “domain name” for ease of use. But technically
speaking, the IP address is the true identifier of a web server…the
domain name is simply a redirector pointer to help people find the web
server. Here are three IP addresses, with their corresponding domain names. Both the IP address and domain name URL can be used to connect to the same web server:
Your ISP has a block of IP addresses to lend:
Internet authorities allot large bundles of IP address numbers to
regional internet service providers. Those ISP’s, in turn, assign the IP
addresses to every server and every internet user who logs on. Yes,
there are millions of IP addresses active at any instant.
More about IP addresses:
Trivia point 1: before the World Wide Web became
popular in the 1990’s, every computer was assigned a fixed (“static” IP
address). But with so many millions of internet users today, ISP’s now
choose to “lend” IP addresses from a pool of numbers. This is much like
dealer license plates being shared amongst test drive vehicles at a car
dealership. This loaning of IP addresses is called “dynamic IP
addressing”, and is proven to work better for individual users.
Trivia point 2: often, it is possible to identify where a user is in the world by their IP address. Web sites like www.whatismyipaddress.com/ can read your computer’s IP address, compare it to its database of ISP’s, and attempt to guess your location on the planet.
Trivia point 3: it is possible to mask or digitally
alter the appearance of your computer’s IP address. You would do this
for the sake of privacy or to avoid authorities tracking your online
habits.
Trivia point 4: within office networks, each office
computer is given an “internal IP address”. As soon as an office
computer accesses the internet, it then borrows the office’s main IP
address. This works much like office telephone numbers: a unique
internal extension number is assigned to every user, but as soon as any
person dials out of the office, call display will only show the office’s
main phone number. This is known as internal vs. external IP
addressing, and is a necessary technique to reduce the number of IP
addresses on the internet.
Trivia point 5: as of April 2013, the internet is
switching from IP addressing standard Version 4 (aka “IPv4”) to a new
generation of addresses called IPv6. The biggest change is in the number
of available addresses. Instead of 4.3 billion possible IP addresses,
IPv6 will bring us 34,000,000,000,000,000,000 billion possible IP addresses.
