Prevention on Hacking.

What is Hacking?
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to
gain access. Example of Hacking: Using password cracking algorithm to gain access to a system

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to
gain access. Hackers are usually skilled computer programmers with knowledge of computer
security.
Hackers are classified according to the intent of their actions. The following list classifies hackers
according to their intent.

Symbol Description

Ethical Hacker (White hat): A hacker who gains

access to systems with a view to fix the identified
weaknesses. They may also perform penetration
Testing and vulnerability assessments.

Cracker (Black hat): A hacker who gains

unauthorized access to computer systems for
personal gain. The intent is usually to steal
corporate data, violate privacy rights, transfer
funds from bank accounts etc.
 Grey hat: A hacker who is in between ethical and
black hat hackers. He/she breaks into computer
systems without authority with a view to identify
weaknesses and reveal them to the system owner.

Here are some tips to prevent getting hacked:

1. Use strong passwords. The names of yourself, your spouse, parents, siblings or dog, or your
birthday, do not qualify. Use a mix of letters, digits and punctuation (but not blank spaces).
Use both capital and lowercase letters. The longer your password, the better. The shorter
your password, the easier it is to hack, especially if it’s a common word or name. A good
starting point is six characters, though 8, 10 or 12 are even better. If you have trouble
remembering, do something about that, else consider using an unusual phrase or combo of
words that only you or a few people might know, then substitute some of the letters with
digits and/or punctuation. Humorous combinations might make it easier to remember, but
otherwise write your password down in a SAFE place. Or just keep using the “Forgot
password?” option to reset your password.
2. Change your password regularly. By regularly I mean monthly or even weekly, not yearly.
Facebook’s “Forgot password?” option is one way, or you can go to your account’s settings.
3. Don’t friend everyone. That “hot chick” whom you don’t know and looks like some
Hollywood starlet might be a guy. Avoid the person who doesn’t even have a profile pic, let
alone any friends in common with you. If you haven’t met them, be cautious. Also, don’t
friend friends whom you know to use weak passwords. If their account is compromised,
hackers can still learn certain things about you from your profile, or could send you a
message via the friend’s account to lure you to a malware site.
4. Don’t click on links willy-nilly. If you click on a status update that a “friend” posted on
your wall and it looks fishy, don’t assume they actually did it. Their account could be
compromised. If your clicking takes you to a Facebook application that you’re unsure of,
there’s no obligation to click through. For example, AllFacebook Editor Nick O’Neill
recently posted about a fake ‘Like photo’ application.
5. Don’t believe all emails. Don’t forget that honest web services will never ask you to do
certain things in an email. For example, Facebook will NEVER send you an email asking
 you to change your password or enter personal details. If they need you to do that, they will
tell you where in your account settings you can go to do that. On a similar note, protect your
email account that you registered for Facebook with, else someone can succeed in resetting
your Facebook password.

1. Always Log Out

If you don’t log out of your account hacking your page is simple.
Don’t forget to log out if there is potential for someone else to use the same computer as you.

2. Enable Secure Browsing

Secure browsing (https) is a security feature that will encrypt your activity on Facebook where
possible, making it harder for anyone else to access your Facebook information without your
permission.
To change your secure browsing (https) setting:
1. Go to your Security Settings
2. Click on the Secure Browsing section
3. Check the box provided and save your changes

3. Enable Login Notifications

Here’s the description Facebook gives of login notifications.
Login notifications are an extra security feature. When you turn on login notifications,
we’ll send you an alert each time someone logs into your account from a new place.

1. Go to your Security Settings

2. Click on the Login Notifications section
3. Check the box next to the type of alerts you’d like to receive and save your changes
4. Remove Your Email Address From Your Profile
Since your email address doubles as your Facebook username you should change your privacy
settings to hide your login email address from your public profile.
Here’s how to do this.
1. Log in to your Facebook account and find the Contact Information section on your About
page.
2. Click the Edit button.
3. Find the email address that you use to log in to Facebook with and click the down arrow
beside the “Lock” icon, then place a check mark beside Only Me.
4. Next, click the down arrow on the right and place a check mark beside Hidden from
Timeline.

5. Create an Unguessable Password

Creating a strong password is one of the best Facebook security tips you can apply.
By creating a random password you increase your security by decreasing the chances that a person
or a software program will crack your password.
The most unguessable password would be a string of random characters like ‘$t6gxgku@mn,$L”A
% and the longer the password is the better.
Sure, a computer could eventually discover such a password using a brute force attack, but it gets
more difficult the longer you make your password.
For example, to crack the above password, if a billion passwords per second, it would take
10,533,833,066,248,927,000 years to look at all the possible combinations.
For a password that is 9 characters long it would take about 26 months to crack.
6. Enable Cell Phone Login Approvals
Login approvals are an extra security feature similar to login notifications, but with an extra security
step.
If you turn on login approvals, you’ll be asked to enter a special login code each time you try to
access your Facebook account from a new computer or mobile phone.
After you log in, you’ll have the option to give that device a name and save it to your account. You
will only have to do this once per device and then that device will become one of your recognized
devices.

To turn on login approvals:

1. Go to your Security Settings page
2. Click on the Login Approvals section
3. Check the box and save your changes
Facebook also lists these few things to note:
• You need to have a mobile phone number listed on your account to turn on login approvals.
You can add one to your account when you turn on login approvals.
• If you haven’t named the device you’re using, you’ll be asked to do so when you turn on
login approvals. Don’t click the Save this device option if you’re using a computer that
other people use (ex: a library computer).
• After you turn on login approvals, we need to be able to remember your computer and
browser info so we can recognize it next time you log in. Some browser features block this.
If you’ve turned on private browsing or set up your browser to clear your history every time
it closes, you might have to enter a code every time you log in.
7. Only Access Facebook from Your Computer
If you access Facebook from your computer and phone only then you can rest assured that there is
likely not malicious software installed.
One class of malicious software you should be aware of is key-logging software. Key-logging
software records every key that is entered and can save and relay this information.

8. Inspect Your Web Browser for Spyware

An important Facebook security tip is to be careful about the extensions and plugins you add to
your web browser, because some of these can compromise your social media accounts.
A strong step in preventing against spyware is to download and use Google Chrome because
Chrome is the most secure and powerful web browser available.
If you have Chrome already you should periodically check your extensions to ensure no malware is
installed.
To check your extensions click the triple line icon in the top right corner and select “Settings.”
Then click “Extensions” in the top right. Now remove any extensions unless you absolutely need
them.
The fewer extensions you have installed the safer you are.

9. Run Anti-Virus Software

A Facebook security tip I’d be amiss not to mention is to use Anti-Virus software to scan your
computer.
Facebook recommends these free anti-virus solutions:

10. Build an Email List

If you implement the tips in this post your page should not be hacked, but it’s always smart to have

a back up plan.
The best back up plan is a strong email list. If your fans are also subscribers of your email list then
even if something were to happen to your Facebook page or if you wanted to start a new page all
you’d have to do is send an email to your list and let them know about your new page.
11. Don’t Use a Predictable Password
Below are the top 25 most used passwords.
A smart Facebook security tip is to avoid all simple and easy to guess passwords.
So don’t use any of the passwords below, or any other password that could be easily guessed.

12. Do Not Install Suspicious Applications

There are many Facebook applications which do not respect your wishes and post unwanted
material on your friends wall without your knowledge and permission.
Please refrain from those sort of applications.

13. Do Not Enter Your Login Info Into an App Inside

Facebook

Some applications on Facebook are malicious and will compromise your account.
Stay clear of any application which asks you to enter your Facebook username and password (or
your email username and password).
There are phishing applications which collect your account information and compromise your
account. These might look identical to Facebook but actually be a malicious site in disguise.
Whenever a site asks you for your login information check the URL bar of your web browser to
make sure the site is genuine.

14. Do Not Share or Save Your Facebook Password

Do not share your password with anyone, or save it in a document on your computer.
The best way to go is by memorizing a password that only you know.

15. Always Check the URL When You Are Logging In

Phishing scams are often executed with a fake login page that appears identical to the actual
Facebook login page.
A clear indication of a fake login page is found within the URL of the page.
Although hackers can create visually exact looking copies of the Facebook login page they are
unable to use the same URL.
A Case Study in the Hacking of Web
Applications
The Situation
Mr. Sima was hired to perform a web application penetration test to assess the security of a well-
known financial website. Equipped with nothing more than the URL of the main financial site, Mr.
Sima set out to find what other sites existed for the organization and began by using Google to
search for possibilities.
Mr. Sima initially ran an automated scan against the main servers to discover any low-hanging fruit.
This scan provided information on the web server version and some other basic information but
nothing that proved useful without further research. While Mr. Sima performed the scan, neither the
IDS nor the firewall noticed any of his activity.
Then Mr. Sima issued a request to the server on the initial web page, which returned some
interesting information. The web application appeared to be accepting many parameters, but as Mr.
Sima continued to browse the site, he noticed that the parameters in the URL stayed the same.
Mr. Sima decided to delete all the parameters within the URL to see what information the server
would return when queried. The server responded with an error message describing the type of
application environment.
Next, Mr. Sima performed a Google search on the application that resulted in some detailed
documentation. Mr. Sima found several articles and tech notes within this information that showed
him how the application worked and what default files might exist. In fact, the server had several of
these default files.
Mr. Sima used this information to probe the application further. He quickly discovered internal IP
addresses and what services the application was offering. As soon as Mr. Sima knew exactly what
version the admin was running, he wanted to see what else he could find.
Mr. Sima continued to manipulate the URL from the application by adding & characters within the
statement to control the custom script. This technique allowed him to capture all source code files.
Mr. Sima noted some interesting filenames, including VerifyLogin.htm, ApplicationDetail.htm,
CreditReport.htm, and ChangePassword.htm.
Then Mr. Sima tried to connect to each file by issuing a specially formatted URL to the server. The
server returned a User not logged in message for each request and stated that the connection must
be made from the intranet.

The Outcome
Mr. Sima knew where the files were located and was able to sniff the connection and determine that
the ApplicationDetail.htm file set a cookie string. With little manipulation of the URL, Mr. Sima hit
the jackpot. This file returned client information and credit cards when a new customer application
was being processed. CreditReport.htm allowed Mr. Sima to view customer credit report status,
fraud information, declined-application status, and other sensitive information.
The lesson: Hackers can utilize many types of information to break through web applications. The
individual exploits in this case study were minor, but when combined, they resulted in severe
vulnerabilities.
Caleb Sima was a charter member of the X-Force team at Internet Security Systems and was the
first member of the penetration testing team. Mr. Sima went on to co-found SPI Dynamics (later
acquired by HP) and become its CTO, as well as director of SPI Labs, the application-security
research and development group within SPI Dynamics.