Security Countermeasures

--Originally published at Don't Trust Humans, Trust Computers

We live in an era, where everybody has some kind of digital device. Most of us have at least 2 of this devices, if not more. We interact with them in a daily basis; in our work, in our home, at the school, at entertainment centers, etc. This gadgets are taking over the world, but most importantly our lives. And if this devices are being an essential part of our lives, well… we are very likely to have some security threats on our way. In our lives, we are always expose to some kind of threat, even if we like it or not, and if we have a digital device, we are expose to a different new kind of threat, that it didn’t exist before.

Security concept: Closed Padlock on computer keyboard background

There exist so many cyber security threats out in the world, and we need to be prepared if we encounter one. So here I am going to list you some of the most common threats and some countermeasures to those problems.

  1. Spoofing user identity.- using a fake authentication to gain access to a system.
    • Countermeasures:
      • Do not store passwords in files.
      • Use a strong authentication.
      • Do not send passwords over the internet.
  2. Tampering with Data.- unauthorized modification of data.
    • Countermeasures:
      • Use digital signatures.
      • Use data hashing and signing.
      • Use strong authentication.
  3. Information Disclosure.- unwanted exposure of data.
    • Countermeasures:
      • Use strong encryption.
      • Use strong authentication.
  4. Phishing.- making use of a fake email or webpage so user can put personal information
    • Countermeasures:
      • Delete suspicious email.
      • Enter to verify websites.
      • Look for digital signatures.
  5. Malicious Code.- software that cause malfunctions inside a system.
    • Countermeasures:
      • Turn off automatic downloading.
      • Block malicious websites.
      • Stay current with OS updates.
  6. Weak and Default Passwords

All your passwords are belong to us

--Originally published at Miss F.

Passwords, the ones that keep our stuff safe. Or do they? In this particular blog post, I’ll be discussing the most known/common methods for cracking passwords.

magic word

It’s not uncommon for us to hear someone complaining about how an account of theirs was “hacked”. What they usually mean by that is that someone gained access to their profile and changed stuff while being there. In order to gain access into any system, you need to first crack the password. The following are 10 methods for obtaining someone’s password:

  • Brute-force
    • This is the most common method of them all. It consists of trying several alpha-numeric combinations until you get the right one.
    • It’s simple to program, but it can be very slow if your GPU isn’t your ally.
    • Examples of programs that use this methodology are:
      • Wfuzz
      • Medusa
      • Rarcrack

hacker glove

  • Dictionary
    • As its name says so, this method uses a file which contains words typically stored in a dictionary (and some others like the most used passwords) to search for the real password you’re trying to crack.
    • While it’s faster than the brute-force method, this one’s calculating time may vary from immediately to billions of years. This depends on the password’s length, combination and character usage.
    • Examples of programs that use it are:
      • Cain and Abel
      • John the Ripper
      • L0phtCrack
  • Rainbow Tables
    • Rainbow tables are a very elegant way for cracking a password. They consist of a series of lists of pre-compiled hashes (click the link to read more about hashing). These lists are the hashes of all possible password combinations for any hashing algorithm.
    • It takes way less time than the two previous methods, however it requires a LOT of GPU power. If a password is salted (with random extra characters), it may be impossible for a Rainbow Table to crack it.
    • giphy
      hackers mainframe
      surf
      strong_passwords_time
      Continue reading "All your passwords are belong to us"