What Is Doxing? - Doxing And It's Uses

lain what Doxing is. Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.


You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl (http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.


The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.


Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
Any hacker reading this, that didn't previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.


Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).


So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

Read More

Types Of Server Sides Risks?

People require high security for internet. Most of people find it convenient to manage their bank accounts and business with the help of the internet. In such situation, the web security becomes the most important field in the network security. The interactive forms are written in HTML. Users type the information and send the request to the server to store the information by the user. 

The request launches a script on the server that processes the data supplied by the user but the result may be much unexpected which raises the need for server side security. URL Manipulation, unexpected user input, cross site scripting, buffer overflows and heap overruns are all famous known server side risks. All of these risks will be explained in this article. 

1. Conventional security

Conventionally, a firewall is placed between the web server and the internet so all the HTTP traffic reaching the web server will be secured. The firewall will allow only that traffic to the web server which fulfills all the requirements of the firewall. In this way, the web server can be saved from attacks to a great extent. 

2. URL Manipulation

In URL manipulation, some parameters of URL are changed to get different results. The user id present in the URL can be manipulated to get the access of the account of any other user. If * is placed at the place of user id, one can get the list of all the members listed in the data base. Input of any user can be accessed and manipulated present on the page which is the great threat to security and privacy. If there’s a site about Medifast and Nutrisystem coupons containing personal details of different users, then you can manipulate the URL to access personal details of other users.

3.  Unexpected User Input

When the server gets the unexpected user input, crashing of the server is the best reaction. Otherwise it will provide the control of the server to the attacker. The attacker may then use the server for whatever he wants to do. He can corrupt your database, download complete database and delete your database. If you don’t have a backup, what are you going to do?

4. Cross site scripting

In cross site scripting, attackers place malicious script on the trusted host’s end. The user may download that malicious script from the trusted host without realizing that this code is dangerous for the security. Sometimes, the server displays error page but due to malicious code, it may appear as a normal login page to the user. The user will enter the required information which can be misused as it will be sent to the attacker.

5. Buffer Overflow

The attackers may launch the attacks which results in access violation, instability and code injection. It may destruct the data stored in the database, causes the malfunctioning of software and many other destructive actions could be performed.

But what’s the solution then? You need to consider a few points to overcome the server side risks. Cryptography should be used to send the whole data in the query string. On the server side, the user input should be filtered and all the characters which are used in the scripting language should be removed.

Read More

How To Sniff VOIP Session Using Cain

Voice over Internet Protocol (Voice over IP, VoIP) is one of a family of internet technologies, communication protocols, and transmission technologies for delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms frequently encountered and often used synonymously with VoIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.

Cain is an excellent software which can be used for sniffing a VOIP, There are couple of methods to sniff a VOIP session but in this tutorial I will explain you how you can use a Man in the Middle Attack with Cain and Abel to sniff a VOIP conversation.

Sniff VOIP Session With Cain

So here is how you can capture a VOIP session on your network:

Step 1 - First of all download Cain  and install it.

Step 2 - Once cain is successfully installed go ahead and launch it, Now launch the sniffer by clicking on a small green button just below the file option

Step 3 - Next click on the blue "+" at the top, choose "All hosts in my subnet" and click ok

Step 4 - This will show you all the active hosts on your network.

Step 5 - Next goto ARP tab at the bottom and press the blue "+" sign, select the hosts on which you want to you want to perform a man in the middle attack and click ok

Step 6 - Now just click on the little yellow "Microtoxic" button at the top to launch the ARP Poisoning attack which is the real name for Man in the middle attack..

Step 7 -  Next click VOIP tab at the bottom and if cain has captured a VOIP session, you will get similar results.

I hope you have enjoyed reading the post, I will write also write an article on protecting your VOIP sessions in the upcoming posts.

Read More

How To Find The Wordpress Version Of A Website/Blog

When ever a hacker tries to attack a CMS(Content managing system) the first thing which he usually does is that he tries to find out the version number of that CMS, So he could go and search on Exploit databases for possible exploits, In a wordpress blog by default you can easily find out some one's version number by just viewing the source of that particular blog.

 Now it's not a good idea to expose your version number because it will make your Website/blog more vulnerable to hackers, There are couple of ways through which you can hide your version numbers, The simplest one is to add the following code inside your functions.php file

remove_action('wp_head', 'wp_generator');

Moreover there are couple of other plugins which can help you hide your wordpress plugin, Just google for them.

Readme.html File Bug

Well even if any one is using plugins to hide their wordpress version number, it is still possible for a hacker to determine your version number, All the hacker has to do is to add "/readme.html" after the websites URL.

Countermeasures

• Use a good plugin that can hide your wordpress version number.

• Always update your wordpress to the latest version.

• Either delete readme.html file or change it to some thing like readme.php file.

I hope you have learned something new today, Feel free to comment.

Read More

Twitterfeed For Auto Tweet Tricks For Blogger And WordPress

Twitter is one of the best arrangement to boost traffic If you have twitter tab then I suggest you use twitterfeed to auto post your blog posts to twitter here there are four step tutorial.

Step 1 :The simplest way to involuntarily peep your blog posts is through Twitterfeed. Go to http://twitterfeed.com

Step 2:Login to Twitterfeed using your OpenID. If you have a Blogger tab, you will just need to point out Blogger from the list of doable logins and penetrate your username. For develop, if the URL of your Blogger blog is http://abcdefg.blogspot.com, then your username is abcdefg.

Step 3:With sorting in, you will be able to go to your Twitter feeds. This gives you the selection to penetrate a new feed. Click on “Start New Feed”. Penetrate your Twitter name and password, as well as the URL for your RSS feed. Adjust the settings for how regularly you want Twitterfeed to check your blog for new posts, and click “Start”.

Step 4:That’s it! Now, when you start a Blogger blog post, a peep will involuntarily be made and posted to your Twitter tab.

Read More