Rajitha Akwaththa

Breaking and Entering. >Phishing< Have you ever had the nightmare of breaking and entering to your house???? The same process may apply to your sensitive information such as username, password and credit card information which are using in web by an intruder. Phishing is kind of a tool used by cyber criminals to steal personal information from another person. This is popular since it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer's defenses.   Let's get some idea of how to make a phishing site. I'm using Twitter social network login page as an example. Step 1 Go to the website that you want to make a phishing page. As i mentioned above , I'm using Twitter here. Step 2 Click right on the page and save page as complete web page.  Step 3 Then open the saved page and open it in a notepad. Step 4 Press "CTRL+F" and click Find Next to search for &q

1. Returning more data than expected Envision a developer needs to demonstrate the record numbers and equalization for the present client's id as gave in a URL. They may compose (in Java): Under normal operation, the user with ID 984 might be logged in, and visit the URL: https://bankingwebsite/show_balances?user_id=984 This means that accountBalanceQuery would end up being: This is passed to the database, and the accounts and balances for user 984 are returned, and rows are added to the page to show them. The attacker could change the parameter “user_id” to be interpreted as: And this results in accountBalanceQuery being: When this query is passed to the database, it will return all the account numbers and balances it has stored, and rows are added to the page to show them. The attacker now knows every user’s account numbers and balances. Repair The developer could easily repair this vulnerability by using a prepared sta

IMPLEMENTING A GOOD INFORMATION SECURITY PROGRAM PC, system, and data security depends on three columns: secrecy, respectability, and accessibility. In my business as a data and digital security, business progression and fiasco recuperation specialist, I see each day how different estimated and sorts of organizations address these three ranges. Some exceptionally well, some not all that well, and some truly ineffectively. Given every one of the controls and guidelines (like HIPAA, SOX, NERC-CIP, FISMA, PIPEDA, and so forth.), created and distributed in the course of the most recent five years you would feel that business and government ought to improve in securing their registering frameworks and system foundations. In any case, in light of the on-going occasions conspicuous in the press and exchange diaries practically consistently this does not appear to be the situation. We keep on being educated that administration offices and private area organizations keep on h