Social networking sites are the favorite haunt of online hackers and malware planters. These networking sites like Facebook, offer a veritable and large resource of accounts – over 250 million – that can be rigged. Hackers often use keyloggers and network sniffers to hack Facebook accounts.

Posts and messages on Facebook are all about personal communication. When anybody posts you a message, or you respond to your friends, the connection works on the basis of trust. You would rarely assume that the friend you are “talking” to via Facebook is actually not the real guy but someone who is acting as his proxy. Many a times, hackers posing as one of your known friends, ask for money on an urgent basis. If you are a Facebook user, however trustworthy you are of your friends, make sure you call them or meet them face to face before transferring any money. For all you know, you may end up a fool while the hacker laughs his way to the bank.

Many a times hackers not just change passwords, they change the entire Facebook profile of the user. To their shock, many users could not log into their accounts before figuring out that these have been totally overtaken and rigged.

Sadly, there are not too many known ways of how to reset your password after your Facebook account has been hacked. Since the fraudster is faceless and may be too far off to track, the best possible solution is to just sit back, stay off your Facebook account for a few weeks and then start afresh.

You may not be very successful in using tools such as Faceboos because if you have a few failed attempts at accessing, Facebook will block your IP address.

However, Curl is touted as a powerful command line tool that can help recover any Facebook account password that has been lost or forgotten.

To secure the user, there are alarms, laptop locks, stickers and labels that have been developed. Mere password locking is not sufficient to ensure data security. Full-disk encryption (FDE) is a widely used method to protect the laptop before the operating system starts up. FDE can be done by adopting a software-based approach or hardware-based approach or both.

Then there is the remote laptop security (RLS) with which access can be denied to a stolen laptop, thereby ensuring security of information. Also, there are programs that can be installed using which the owner of the stolen laptop can wipe financial or client-sensitive information from a remote location. There are also GPS tracking programs that can help to trace stolen laptops.

One of the smart things to do while traveling with laptops is to ensure that you have a back-up for everything you need and avoid accessing any financial information so that you do not leave a trail of your sensitive information.

However, there are doubts over the effectiveness of anti-theft measures that can prevent sensitive information from getting lost when a laptop is stolen. On both the Mac and PC, a laptop robber can get rid of many of the checks and balances that anti-theft and recovery software impose. The network connection can be turned off so you can never track the software’s location; the thief can even clear the hard disk.

If you are still keen to try out any recovery software, check out Undercover for the Mac (and iPhone). Nowadays it also comes with a WiFi-based positioning to help map where the stolen laptop may be possibly stored. Also, there’s the MacTrak software which transmits pictures and network with the help of e-mail or to a Flickr account.

For Windows, LoJack for laptops is popular. The software’s location can be traced via network connection daily. If the laptop is stolen, you can trace location changes every 15 minutes. You can also remotely wipe data.

The hacking was carried out by a novel method – SQL injection attacks – that cracks the security walls of a computer network and found credit and debit card data of users. The five corporate entities which fell to the security breach attack included Heartland Payment Systems, Princeton, NJ; 7-Eleven Inc. and Hannaford Brothers Co.

As part of the conspiracy, these hackers carried out offline and online surveillance of these companies to figure out their PoS system. Initially, the hackers crept into the websites of these corporate entities through proxy servers. Then, they parked malware in these systems and tested them vis-à-vis leading security products. The cover-up was so methodical that the malware did not leave any remnant of itself on the network whose security it was breaching. In a way, the onslaught was above par and not the conventional method of hacking with codes downloaded from the Internet. The hacking surveillance and operations started around October 2006.

These three hackers have been indicted of stealing sensitive data and sending it to computer networks as far and wide as Ukraine, the Netherlands, Latvia to next-door California and Illinois. These data were presumably sold to third parties who in turn splurged on fraudulent purchases. If found guilty, the hackers could face imprisonment of more than two decades for conspiracy and wire fraud. They will also have to cough up penalty of $1.25 million.

These cases bring to light that mere compliance with security procedures and protocols is not sufficient to protect against malware and hacking. What is required is a more alert and agile tracking system that keeps pace with the “cutting-edge” methodologies of hackers.

Fake YouTube links; fake CCN alert emails all tries to install the updated flash player to watch the movie. Out of curiosity to view the movie, most users simply press the upgrade button and link them selves to the hackers. Latest incident tricked the user using CNN email alerts regarding an imminent cease-fire in the Israel-Gaza conflict.  Last month Koobface virus on facebook sends virus to the friends list asking them to checkout one of the latest movie.  Clicking on the link directs the user to download a plug-in to watch the movie. These Trojan horse programs are designed to steal financial passwords and personal details from the victim’s computer and are very dangerous.

Wake up Adobe; we love your player but not these Trojans. Help us to get the genuine updates.

With its popularity grows the need of hacking into some one’s Orkut account. We are getting several pages of comments in this website on how to break into an Orkut account, how to break an Orkut password etc.  As always our humble reply, we don’t endorse hacking. We would neither help anyone out there to break into an Orkut account nor provide any help if they have forgotten the passwords.

One thing people forget is that Orkut like any other web based service stores the password in encrypted format and its just not possible to figure out the password even with the help of employees who are working there. How is it possible? Without going into technical details, let us explain things in a simple way.

When you register for a web-based service, you provide the password. One thing most trusted websites do is that it encrypts the password provided by you. The encryption is not reversible i.e. no one can decode the string back to the original format.

Suppose your password is “MyPassword”.  This password will be stored in Orkut (or any other server) in encrypted format… something like – MyPassword => khkjhd877e8q78e8634but3874@63. There are several encryption techniques available like MD5, SHA etc. These encryption algorithms are not reversible i.e. you can convert “MyPassword” to “khkjhd877e8q78e8634but3874@63” but “khkjhd877e8q78e8634but3874@63” can’t be converted back to “MyPassword”.

Whenever you enter the user name and password, the website converts your password into Md5 or SHA or what ever it is and cross check. So not even a Google employee can retrieve your password. Well, it can be reset. 

Orkut passwords could be compromised only if you are

• Using a computer with a key logger installed
• Using a computer affected with some Trojan or virus
• Using other websites where you have used the same password and which is not encrypted

So the next time you think of hijacking a girl friend’s Orkut account, remember it’s not going to be that easy.

Well, when we apply for our debit cards, the banks send us the PIN number along with the new card. Of course we are a little too careful while tearing up the PIN. However, we can to be careful while using the debit-card also. Debit cards are very attractive to would-be thieves because immediate cash is always more desirable than goods on a credit card. Here are some additional, simple steps for you to take to protect your PIN (personal identification number).

1. Never share the PIN with anyone. Do not share the PIN with anybody. Regardless of you sharing your PIN with your dear and near ones whom you trust, others might just come to know about the PIN if the person who uses on behalf of you is a little careless.
2. Never give out your PIN in response to e-mail or telephone requests. As you know, phishing will help those prying credit card thieves fish out your card information. Your debit card is not safe either. Look out for certified security logos on the pages while making payment which helps you make sure that you are safe. Also, the “https:” on the title bar will ensure that your payment details are encrypted.
3. Shield your PIN when using it. Cover your actions while typing your PIN in the ATMs or while making purchases. People can just look at everything. Well, we can’t take them for granted can we? Shielding your PIN will shield your bank account from leaking out of cash.
4. Choose a PIN password that is not obvious. Do not just use combinations of birth dates, anniversaries, etc. as your PIN number. Make combination’s which are difficult for people to think about while at the same time that stays in your mind.
5. Do not write your PIN down on the card, ever. Yes, people are not all that stupid to forget their PIN numbers. But, writing on the back of your card doesn’t make any sense as anybody can view it. If you must write it down, please write it somewhere where you know that it is – not on the back-side of your card.
6. Vary your PIN on different cards. Varying your PIN on different cards will help in case you lose your wallet completely. It makes using your cards a difficult task for those thieves.
7. Contact your bank immediately if your card is stolen or lost. Report your loss of card to your bank immediately. Failure to do so will give ample time for anybody to misuse your card.
8. Be proactive. If you suspect any fraudulent activity using a card still in your possession, apart from notifying the bank and the police, have your PIN changed immediately.

Have considerable precautious measures in place. Be safe; be aware. It’s your money.

“We recently purchased ABC Bank. Due to concerns for the safety and integrity of our new online banking customers, we have issued this warning message… Please follow the link below to renew your account information.”

“We recently acquired the mortgage on your home and are in the process of validating account information. Please click here to update and verify your information.”

“During our acquisition of XYZ Savings & Loan, we experienced a data breach. We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below to confirm your identity.”

Few such sample emails

From: Federal Deposit Insurance Corporation
To: jose@arbor.net
Subject: funds wired into your account are stolen

Dear bank account owner,

Funds wired into your account are stolen from innocent account holders
through Identity Theft. Please check your account statement (the statement
is attached to this letter) and contact your bank account manager.

Federal Deposit Insurance Corporation

One more

WACHOVIA CORPORATION NOTICE.

Citigroup announced a buyout of Wachovia brokered by the FDIC moments ago.
All Wachovia bank locations will be in the Citigroup merger to prevent
failure of Wachovia. The Citigroup/Wachovia would focus on upgrading
banks’ security certificates. All Wachovia customers must fill the forms
and complete installation of new Citigroup Standard digital signatures
during 48 hours. Please follow the installation steps below:

Read more here>>

Sincerely, Rodrick Baird.
2008 Wachovia Corporation.
All rights reserved.

More details here at FDC website : http://www.ftc.gov/opa/2008/10/bankphishing.shtm

• Its advised not to follow any link from emails to reach bank website.
• Look for SSL certificate before entering the user name and password
• Make sure that you arrived at the banking website by typing the URL at the address bar

Search for more such phishing scam at http://www.factandfiction.org

Physical card theft
Some people believe that their credit card is safe if they don’t use the cards online. Wrong! Eighty percent of credit card theft occurs offline and sometimes even in front of our eyes. Credit cards have to be handed over to the merchant’s employees and many times these employees with the help of some techies swipe the card to duplicate swiping machines. The card information is then duplicated on other plastic cards freely available in market.

Sometimes the employees are not educated enough that they swipe the card two or three times which result in duplicate charges. Lost credit cards are also misused within hours resulting in huge transactions. Customer needs to pay the charges till the card is canceled which can be done easily by contacting the card issuing bank.

Online card theft
Credit card is used online without physically presenting the card and is authenticated by entering the correct user name, date of expiry and CCV number. Growing numbers of credit card fraud are reported online. The hackers usually trap the customer by sending email or sending them to fake websites which asks for credit card information. Most of the time they disguise themselves are from bank or some legitimate sources where the customer has previously carried out some transaction.

Credit card information is also stolen when the website where the customer entered the credit card number is hacked and the information is leaked. Many websites store the credit card information without any encryption and the information is easily accessed by prying eyes. These types of activities can easily be stopped with little caution from the customer end. Depending on trusted payment providers like PayPal, Google checkout etc will help to some extend as they never expose the credit card information to the online merchant. Looking for SSL (https) on pages where we enter the card number will also help to protect the card information online.

Here are some common scenarios of credit card theft

• Wallet theft
• Disguise as employee from bank or some other well known organization
• From old discarded credit card statements
• Colleagues/ Friends accessing your computer
• Fraudulent emails, phone calls etc
• Hacked personal emails
• Shared/ compromised computers

What do I do if my card is stolen?

• The first and the most important step that you have to do is to contact the credit card issuing bank.
• Raise the complaint with the bank and wait for their response
• File complaint at the local police station or the cyber crime wing

Be aware – and enjoy the benefit of the plastic money. More later…

A friend of ours asked us “is it possible to retrieve yahoo password”.  On further discussion we found out that he was waiting to get the password from an old password recovery scam. We wonder why people tend to still believe that these type of tricks work. He told us that he got the link from Google, curious to find how many scams are out there, we also did the same. Shockingly we find so many scams on the internet and many of these ranks number one in Google. “Hacking yahoo password”, “yahoo password recovery” “hotmail password recovery” etc gave us so many results and many of them with bogus write ups like this. Let’s explain why you should not believe in such scam

The write up starts like this in page filled with advertisement. We are sure that the person behind this is making so much money out of this.

Need to hack yahoo passwords?

[this phrase goes as the main title and html title. Good way to listed number one in google and gain good ranking for this keyword.]

It is possible and it is easy. This way of hacking into Yahoo email accounts was brought to my attention by a friend of mine who is a bit of a computer wizard. I have tried the method a least a dozen times and it has worked on all but 2 occasions, I don’t know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done:

[Convincing with a good story]

STEP 1- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.

[He just don’t want us to make a new test ID and try. This 30 day clause will tempt us to try with our working IDs. Tricky man… tricky]

STEP 2- Once you have logged into your own account, compose/write an e-mail
to: RETRIVE_PASS_KEY_CGI_BIN@yahoo.com This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them.

[It's cheating! Why should yahoo makes a mail box listen to password request?. It can do it with a simple webpage. So it’s the hackers email id. Yahoo wont allow users to create email ids with “yahoo” string any where in the email. You will see several variations of this email like yah00 etc. So its not a legitimate email id of yahoo]

STEP 3- In the subject line type exactly: ” PASSWORD RECOVERY”

[Obvious … May be he wants to filter the number of fools]

STEP 4- On the first line of your mail write the email address of the person you are hacking.

[Waooow]

STEP 5- On the second line type in the e-mail address you are using.

[why so? I want to break someone else id.. Why mine?]

STEP 6- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a JavaScript from your account in the Yahoo Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status.

[Very funny… An email with #3 as password. This is the one line which should make you suspicious, else … sure you need some check up ]

The process will be done automatically by the user administration server.

[Good, nice server]

STEP 7- The final step before sending the mail is, type on the fourth line the following code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}

[Well, yea adding lil technical stuff to gain user confidence. ]

so for example if your yahoo id is :
David_100@yahoo.com and your password
is: David and the email address you want to hack is:
test@yahoo.com then
compose the mail as below:

To: RETRIVE_PASS_KEY_CGI_BIN@yahoo.com
bcc: cc: (Don’t write anything in cc,bcc field)
Subject: ” PASSWORD RECOVERY ”
test@yahoo.com
David_100@yahoo.com
David
cgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}

[Thank you for that nice example.]

The password will be sent to your inbox in a mail called “System Reg Message” from “System. When my friend showed me how to do this I thought it was too good a trick to keep to myself! Just try and enjoy!

[Hahaha … don’t wait its not going to come in the near future and instead, someone else is going o break into yours. Beware …]

Anyway our friend has just reset his password just in time…

Update : Friends, read the above article carefully, it explains why you should not send emails to such scam.