Computer Security

Bruteforce

SSL/TLS is a communications protocol (a strict set of rules) that enables encryption (an ordered method to scramble data involving the password so that no third party can understand it) to protect personal information such as identity information and financial information while transactions are being conducted.

The public key is associated with a key that is used in an entire program while a private key is only used within a function.

A normal password is a word of six to eight letters. Some sites require a number in the password. Regardless, they're easy to crack. While most people use such passwords, in comparison to a house, they're no more secure than locking your home but forgetting to lock all the windows.

A better password will be a random setting of capital and lower case letters mixed with numbers and characters on the keyboard. This should be no less than eight letters/numbers/characters long making it much harder to crack. However, a password cracking program will still be able to break it, but the longer the password, the more time it will take. DO NOT USE RECOGNIZED WORDS, BIRTHDAYS, ETC... In comparison with the above house example, this would be like locking all your doors and windows, turning on your home alarm system, and keeping a hungry and mean dog inside.

The best method for making a password is to use the random capital and lower case letters mentioned above in addition to adding special characters. These characters cannot be found located on your keyboard, so they must be created. This requires a keyboard with a number pad attached, as the numbers across the top of the keyboard will not work. To make special characters, you press and hold down the ALT key plus a series of three numbers on the number pad (AGAIN, YOU MUST USE THE NUMBER PAD). Man of these characters you can create CAN NOT be cracked by any password cracking program, making your password not only uncrackable, but one that would be virtually impossible to guess. These passwords do not need to be as long as many of the characters that can be made in this manner simply cannot be cracked, period. Keep in mind though, longer is always better. Using the house example as before, this would be like locking up your solid steel doors and impact proof windows, setting your alarm, and paying the Navy's SEAL Team Six to guard your house until you got back.

I have a list of which characters are uncrackable. I learned how to do this while working in Information Warfare while in the United States Navy. Using this method, you can create passwords the government can not break.

Using a custom Antivirus or the built in Windows Firewall, you can choose which ports to remain open and connect, and which ones are closed. Closed ports deny connection attempts made to them.

Nowadays, simply hashing the database does not provide enough encryption as hackers can run brute forcing software and/or dictionary attacks against them, also using hash decrypters.

With today's sophisticated GPUs, millions of hashes can be cracked a second with programs like John the Ripper and Hashcat. Salting the passwords and information is safer, but still not foolproof by a long way.

About the NSA's system of eavesdropping on worldwide electronic messages.

change password, change security question, change back-up email address.

Cookies get saved to your computer when visiting sites. So a cookie of a website can't be saved it you haven't visited that particular website.

The explanation for that may be that the site was visited a by user of silent through a virus and the history cleared but the cookie not deleted

There are many ways to encrypt a message in an image file.

The way I've seen people do this on YouTube is them just editing the image's hex coding.

Anyway, it depends on how the message is encrypted. If it is just regular text in the image, you have to get a hex editor, such as Hex Workshop, then load the image and parse the hex coding to find the message.

In most cases, it will be located in the first few lines of the hex coding and it will be just a regular string, unencrypted.

In more advanced cases I've seen, it could be located near the middle of the whole hex coding of the image, then encoded again using a method called "Base64". To decrypt this message, I had to open up the hex coding, find the Base64 encoded string (usually ends with two equal signs "=="), then I had to unencrypt the Base64 string, which is really easy. In PHP, it's just a simple command:

echo base64_decode("base64string");

?>

Once I unencrypted the base64 string, it output the hidden message.

Conclusion:

Just open the image up in Hex Workshop, and read a few lines of the hex coding. Usually the message can be found in the first few lines.

70BnMgcS

PC Preformer has been rated as a rogue spyware. It reports fake or mostly untrue (some true some fake) errors about your computer's registery to entice you to purchase their software, which doesn't actually fix anything. There are many, many free versions that are trusted such as CCleaner (yes, 2 C's) that actually do scan and fix your computer registery problems as well as other housework.

When a security standard conflicts with a business objective, there are a few questions that need to be answered before making a decision:

1) Is the standard a law? If it is, then the business objective needs to be changed to comply. For example: companies that have as an objective to spam the maximum number of people will find that they are in conflict with the law - they cannot legally achieve their objective. You could decide to just accept the risk of getting busted for failing to comply with the law, but that is extremely unethical.

2) What are the consequences of failing to apply the security standard? What vulnerabilities will the information systems have if the security standards are not adhered to? Get an unbiased analysis.

In addition to the consequences of breaking the law already mentioned, some other risks might include: liability issues, loss of business, loss of reputation, lawsuits for invasion of privacy, lawsuits for failure to protect personal information, loss of sensitive data, disclosure of sensitive information to unauthorized entities including competitors or opponents, loss of ability to enforce corporate policies for computer use - depending on the security standard not implemented a company may find they have no legal recourse against someone who misuses their computer resources, co-opting of computer resources by outsiders - company computers might become part of a bot-net, etc.

3) What are the sources of threats to the computer systems?

4) Once a risks and threats have been identified, quantify their impact if the risk comes to pass, or the vulnerability is exploited.

5) Quantify the likelihood of each risk becoming reality.

6) For each risk, combine the impact and likelihood to produce an overall risk.

7) Identify options for risk avoidance (fixing the problem), mitigating it (lessening the impact if it happens), or risk transference (such as insurance) .

8) Determine the cost of each option for dealing with the risk and compare it to the cost of accepting each risk - weighted by the level of risk.

9) Modify the business objectives to adopt the best risk management strategy to address the identified risks.

Generally if an independent, unbiased risk assessment is made, the costs of risk acceptance compared to avoiding, mitigating, or transferring the risks will dictate some changes to the conflicting business objective. Sometimes the conflict can motivate a business to examine technologies and methods they had not previously considered in order to resolve the conflict. Sometimes the conflict between security and the business objective drives innovators and inventors to resolve the conflict by developing new technologies that can satisfy BOTH the security standard AND the business objective.

Computer forensics is the acquisition, extraction, and analysis of information from computer hardware and networks to assemble information for legal proceedings and for purposes of troubleshooting computer problems. The goal of computer forensics is usually to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. It may also include capturing network traffic. Many different techniques and procedures are involved and the ones chosen depend on balancing speed, thoroughness, whether subject of the forensics is allowed to know about the investigation, cost, and whether the information is destined for legal proceedings.

Ive provided the link in the Discussion tab...

Unauthorized

1. Access control systems, such as key cards or biometric scanners, restrict entry to authorized personnel.
2. Security cameras monitor and record activities in specific areas to deter unauthorized actions and provide evidence in case of incidents.
3. Intrusion detection systems alert personnel to unauthorized entry or attempts to breach physical barriers.
4. Fencing and barriers create physical boundaries and help prevent unauthorized access to a facility or area.
5. Security guards patrol designated areas, engage in surveillance, and respond to security breaches or emergencies.