This is a must rd post for the beginners and newbies who have just started exploring and for laymen who aren't interested in lrning but needs somebody's account anyhow. I want you to aware about common misconceptions regarding Email/Social Networking Sites accounts .
Otherwise those thoughts/misconceptions can seriously put you in trouble.
We usually start like googling this, "how to gmail" , "
soft for orkut","how to facebook" etc
but unfortunately rch some malicious websites,
follow stupid instructions and our own accounts get compromised.
Yes I wasn't any different and had been a foolish when I was a beginner
Okay talking in eral ,
suppose you just have signed up for an account(gmail,yahoo or any other reputed website)
Your is stored only at two places
1.In website's database
2.In your mind
(Dont say a stupid thing that it is also saved in a text file on your
PC or in your girlfriend's mind etc)
Fetching your credentials (Id/) from website's database is almost impossible.
They are paynig million of dollars for securing their systems.
Here I should remind you that, I am talking only about the reputed companies like ,google,facebook etc.
Hard Core s might get success in compromising their systems.
Now talking about your mind, its might be rlly very simple to do this. Shocked ?
At this ponit,
I must say that an email account depends strongly on carelessness/foolishness of victim.
FAQs or misconceptions regarding the same:-
Does any free/paid software/program/ exist to such accounts ?
No .You might get less free or preminum soft which claim to email accounts.
The soft just ask you to enter victim's email and start /erating .
I have alrdy told you about two places where one's is. From where the hell ,these soft would bring s for you ? .
This kinda stuff is undoubtedly scam/rubbish.
Is there any free/premium online service to such accounts ?
No.You might have logged on to many websites that claim to any
email account for some amount of money.
They are completely fraud and be aware of them. Dont lose your money there !!
An Other type of fraud-You might have come across many tutorials/s that instruct you
to compose an email to something@something.com.
You are asked to write victim's email ID, your
email ID,your and are assured that you would get requested within 24 hours.
Needless to say, it is an id of befooling innocent people .
Ofcourse,your own account gets compromised.
Beleive me , you cant imagine the of people who become victim of such rubbish things
They
lose their money,time,accounts but get nothing in return. So take care.
How to these accounts ?
Every method directly/indirectly involve victim's carelessness/lack of knowledge.
Non-Technical-
While signing up for an account, we are asked to set a security question like our nickname,
birthday place etc so that we could recover our account in case we forget our .
Many innocent people sets the correct asnwer which they are not supposed to do.
Gather some information about victim and try to guess the answer of security question.
Technical-
1. Phishing-The most common way of them is phishing.
The common type of phishing is Fake Login Page.
The victim is anyhow anyway made to enter his credentials in fake login page which resembles the uine login page and gets .
2.Malicious files-The victim is given a malicious file.
It could be binded with or hidden behind a uine file.
It is usually a logger or trojan.
A logger secretly records everything you type and sends to attacker.
Obviously records your s too.
3.Stling Sessions-Talking in simple language, whenever we sign into an accountit erates a unique piece of string.
One copy is saved on server and other in our browser as cookie.
Both are matched everytime we do anything in our account.
This piece of string or login session is destroyed when we click on 'Sign Out' option.
An attacker can stl that session by convincing victim to run a piece of in browser.
Attacker can use that stolen session to login into victim's account without providing any username/. This attack is very uncommon because when the victim clicks 'Sign out' ,
session gets destroyed and attacker too also gets signed out.
Note-You might be thinking that one could sniff the credentials sitting in same network.
But I should remind you that,
they would be encrypted ones and the SSL encryption is almost impossible.
Conclusion-
Sign up for an account at gmail/yahoo/facebook/orkut/hotmail.Now forget its and recovery options
Never login into it . Can anyhow the be /.?? Answer is big NO.
No comments:
Post a Comment