December 2019: Distributed Denial Of Service (DDOS) Attack Mitigation

DDOS attack mitigation services matter to businesses. DDOS attacks are a common thing now, and not even a day passes by that you don’t hear about another DDOS attack. Cyber hacking attacks use malicious codes to change the computer code, data or logic in order to steal or manipulate the data, or to crash a system.

DDOS attacks are different from hacking attacks, but DDOS mitigation services matter for businesses because they can prevent the overwhelming a website that would otherwise put a business's website offline to customers.

Since most enterprises and businesses today operate on a technology-dependent network, these breaches can seriously compromise the system and the data security of the entire organization. And not only of that organization but of the people who rely on and use services of that organization as well.

What is a DDOS attack?

A distributed denial-of-service (DDOS) attacks are one type of cyberattack that renders the websites and other online services unavailable to its users. A DDOS attack is an attack where numerous compromised systems attack one target which in turn causes a so-called ‘denial of service’ for users using that system. The incoming messages from these compromised sources cause the system to basically shut down.

How is DDOS different from the DOS attack?

Before we move on, let’s see how these two differ. In a DOS attack, an attacker uses one internet connection to either take advantage of a computer’s vulnerability or send an overwhelming flow of fake requests so as to cause a server to crash by exhausting its resources.

Distributed denial of service (DDOS) attacks, on the other hand, are carried out from various connected computers. There is usually more than one person involved and since the attacks are coming from more than one device at the same time it is more difficult to dodge the attack. DDOS attacks target the network in an attempt to overwhelm its resources with immense amounts of traffic.

How does a DDOS attack happen?

In this type of attack, a perpetrator can use your malware-infected computer (and many more malware-infected computers) to remotely target another device.

An attacker must first hijack computers by installing malware to remotely control them. This is accomplished by exploiting a target computer’s disadvantages, such as a low-security system or other weaknesses they can find. Then, through these computers, they can send system overwhelming amounts of data to the target website or system overwhelming amounts of spam to a particular email address or addresses.

It is called a ‘distributed’ attack precisely because the attacker is using several computers, including yours, to trigger the DDOS attack.

What are the main types of DDOS attacks?

The Internet has played a leading role in economic rise and prosperity, but everything great comes with a price. One such price is the rise of the DDOS attack, which stands for Distributed Denial of Service. DDOS attacks have evolved over the years and today there are various types of DDOS attacks.

There are many different acronyms and terms which can sometimes be confusing. But that’s why we are here to clear the mystery for you.

Let’s take a look at the most common and most dangerous types of DDOS attacks:

UDP Flood

Image Source: DDOS-guard.ir

A User Data Protocol Flood (UDP) attack floods the ports on the target device with IP packets that contain UDP datagram – which is a connectionless networking protocol. By flooding the random ports on a remote host, this type of attack is making the host device to listen for applications on those ports and respond with an ICMP packet. This eventually dries out the sources and renders the system inaccessible to its users.

SYN Flood

Image Source: hackforums.net

This type of DDOS attack focuses on the “three-way handshake” – a defect in the TCP connection sequence. Syn Flood – aka TCP SYN, uses this weakness to exploit all the resources of the target server, therefore, making it unavailable. What basically happens here is that the perpetrator sends TCP requests extremely fast and the target device can’t process them which causes the crash in the system.

Ping of Death

Image Source: hackerstreehouse.net

Ping of Death attack or POD happens when the offender sends malicious or oversized pings to crash or freeze the target device. The maximum length of the IP packet is 65,535 bytes. However, there are limits to maximum sizes per each frame, so a larger IP packet always has to split between many IP fragments. But when POD strikes, since the fragments are malicious and oversized, the target machine ends up with packet bigger than 65,535 bytes which in turn causes the device to freeze or stop working.

Slowloris

Image Source: Infosecinstitute.com

Slowloris attack is a powerful DDOS attack where a single device can take down a whole web server. This type of attack is simple yet extremely effective as it requires minimal bandwidth to target the web server, without harming other services and ports. As the name itself indicates, Slowloris is slow but steady. Slowloris is known to be used by many ‘hacktivists’ to attack government websites.

NTP Amplification

Image Source: cisco.com

NTP Amplification attack is basically a type of reflection attack – only amplified. In this type of attack, attackers elicit a response from the server from a fake IP address. The attacker uses the publicly accessible Network Time Protocol (NTP) servers to attack and overwhelm the target UDP (User Datagram Protocol) traffic.

Cited from Identity Theft Scout by the Technical Support Department.

Read More security,

November 2019: Enable These Hidden Security and Performance Features in Chrome 79

Chrome 79 is here. Before you do anything else, click the triple-dot icon in the upper-right corner of your desktop browser, click on Help, click on “About Google Chrome,” and summon that update for your system. (Go ahead and update your Android or iOS apps, too.)

While that chugs along, here’s a quick look at all the different settings you can tweak in order for Chrome 79's new performance and security enhancements to work. These settings are vague and, in some cases, completely buried, so it’s worth spending a few minutes to check and make sure you’re set up to take advantage of Chrome 79's latest tweaks.

Password Leak Detection

This feature, previously an extension, then a website, now runs a quick check whenever you type a new login into Chrome. Assuming you’re signed in to your Chrome account first, look for the “Warn you if passwords are exposed in a data breach” option in the Sync and Google services section of Chrome’s settings. If you don’t see it there, it’s possible you don’t have it yet; Google is rolling this feature out because that’s how Google does things.

Illustration for article titled Enable These Hidden Security and Performance Features in Chrome 79

Screenshot: David Murphy

If you’re impatient, like me, you can type chrome://flags into your address bar, search for “password leak,” enable the detection feature and restart your browser. You should then see this setting appear in the aforementioned “Sync and Google services” section of your settings.

Real-Time Phishing Protection

While you’re probably smart enough to avoid websites that are blatant misrepresentations of actual websites you’d want to visit, it never hurts to have all the protection against phishing you can get. You never know when some websites might be just clever enough to confuse you into giving up your account credentials or payment information.

While Chrome already comes with built-in phishing protection, Google is making it even better in Chrome 79. As the company describes:

“Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases.”

To make sure you’re getting these phishing updates as quickly as possible, you’ll want to enable the ambiguous “Make searches and browsing better” option in the “Sync and Google services” section of your Chrome Settings.

Freeze unused tabs so they stop sucking your system resources

A fun new “tab freezing” feature in Chrome 79 will help prevent your browser’s overflowing tabs from running background actions and eating up your CPU. They’ll still use system memory, so be diligent about how many tabs you really need to keep in your browser. This automatic “freezing”—which kicks in after five minutes of inactivity on a tab—won’t happen unless you flick on a Chrome flag, though.

Illustration for article titled Enable These Hidden Security and Performance Features in Chrome 79

Screenshot: David Murphy

Pull up chrome://flags and search for “Tab Freeze.” You’ll then see a number of options in the drop-down menu:

  • Enabled
  • Enabled Freeze - No Unfreeze
  • Enabled Freeze - Unfreeze 10 seconds every 15 minutes
  • Disabled

I’d keep the setting on “Enabled” myself, but if you want your browser to temporarily “warm-up” sites at a regular interval, try the third option.

Speed up page-loading times when skipping forwards or backward

This little gem, which I found in a report from ZDNet, allows Chrome to load pages from its cache whenever you click on the forward or back buttons in your browser (or do what I do, and let your gaming mouse’s extra buttons send you back and forth in your history). This should help the page load even faster, and all you have to do is enable this little flag in your browser: chrome://flags/#back-forward-cache 

Heed Google’s warning, though: “NOTE: this feature is highly experimental and will lead to various breakages, up to and including user data loss. Do not enable unless you work on this feature – Mac, Windows, Linux, Chrome OS, Android”

Cited by the Technical Support Department from LifeHacker  

Read More internet,

October 2019: Cross-site scripting

What is cross-site scripting (XSS)?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

How does XSS work?

Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.

What are the types of XSS attacks?

There are three main types of XSS attacks. These are:

  • Reflected XSS, where the malicious script comes from the current HTTP request.
  • Stored XSS, where the malicious script comes from the website's database.
  • DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

Reflected cross-site scripting

Reflected XSS is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.

Here is a simple example of a reflected XSS vulnerability:

https://insecure-website.com/status?message=All+is+well.

Status: All is well.

The application doesn't perform any other processing of the data, so an attacker can easily construct an attack like this:

https://insecure-website.com/status?message=<script>/*+Bad+stuff+here...+*/</script>

<p>Status: <script>/* Bad stuff here... */</script></p>

If the user visits the URL constructed by the attacker, then the attacker's script executes in the user's browser, in the context of that user's session with the application. At that point, the script can carry out any action, and retrieve any data, to which the user has access.

Read more

Reflected cross-site scripting Cross-site scripting contextsCross-site scripting cheat sheet

Stored cross-site scripting

Stored XSS (also known as persistent or second-order XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

The data in question might be submitted to the application via HTTP requests; for example, comments on a blog post, user nicknames in a chat room, or contact details on a customer order. In other cases, the data might arrive from other untrusted sources; for example, a webmail application displaying messages received over SMTP, a marketing application displaying social media posts, or a network monitoring application displaying packet data from network traffic.

Here is a simple example of a stored XSS vulnerability. A message board application lets users submit messages, which are displayed to other users:

<p>Hello, this is my message!</p>

The application doesn't perform any other processing of the data, so an attacker can easily send a message that attacks other users:

<p><script>/* Bad stuff here... */</script></p>

Read more

Stored cross-site scripting Cross-site scripting contextsCross-site scripting cheat sheet

DOM-based cross-site scripting

DOM-based XSS (also known as DOM XSS) arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.

In the following example, an application uses some JavaScript to read the value from an input field and write that value to an element within the HTML:

var search = document.getElementById('search').value;
var results = document.getElementById('results');
results.innerHTML = 'You searched for: ' + search;

If the attacker can control the value of the input field, they can easily construct a malicious value that causes their own script to execute:

You searched for: <img src=1 onerror='/* Bad stuff here... */'>

In a typical case, the input field would be populated from part of the HTTP request, such as a URL query string parameter, allowing the attacker to deliver an attack using a malicious URL, in the same manner as reflected XSS.

Read more

DOM-based cross-site scripting

What can XSS be used for?

An attacker who exploits a cross-site scripting vulnerability is typically able to:

  • Impersonate or masquerade as the victim user.
  • Carry out any action that the user is able to perform.
  • Read any data that the user is able to access.
  • Capture the user's login credentials.
  • Perform virtual defacement of the web site.
  • Inject Trojan functionality into the web site.

Impact of XSS vulnerabilities

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

  • In a brochureware application, where all users are anonymous and all information is public, the impact will often be minimal.
  • In an application holding sensitive data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
  • If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users and their data.

Read more

Exploiting cross-site scripting vulnerabilities

How to find and test for XSS vulnerabilities

The vast majority of XSS vulnerabilities can be found quickly and reliably using Burp Suite's web vulnerability scanner.

Manually testing for reflected and stored XSS normally involves submitting some simple unique input (such as a short alphanumeric string) into every entry point in the application; identifying every location where the submitted input is returned in HTTP responses; and testing each location individually to determine whether suitably crafted input can be used to execute arbitrary JavaScript.

Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser's developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable. However, other types of DOM XSS are harder to detect. To find DOM-based vulnerabilities in non-URL-based input (such as document.cookie) or non-HTML-based sinks (like setTimeout), there is no substitute for reviewing JavaScript code, which can be extremely time-consuming. Burp Suite's web vulnerability scanner combines static and dynamic analysis of JavaScript to reliably automate the detection of DOM-based vulnerabilities.

How to prevent XSS attacks

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:

  • Filter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input.
  • Encode data on output. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.
  • Use appropriate response headers. To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.
  • Content Security Policy. As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.

Common questions about cross-site scripting

How common are XSS vulnerabilities? XSS vulnerabilities are very common, and XSS is probably the most frequently occurring web security vulnerability.

How common are XSS attacks? It is difficult to get reliable data about real-world XSS attacks, but it is probably less frequently exploited than other vulnerabilities.

What is the difference between XSS and CSRF? XSS involves causing a web site to return malicious JavaScript, while CSRF involves inducing a victim user to perform actions they do not intend to do.

What is the difference between XSS and SQL injection? XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.

How do I prevent XSS in PHP? Filter your inputs with a whitelist of allowed characters and use type hints or typecasting. Escape your outputs with htmlentities and ENT_QUOTES for HTML contexts, or JavaScript Unicode escapes for JavaScript contexts.

How do I prevent XSS in Java? Filter your inputs with a whitelist of allowed characters and use a library such as Google Guava to HTML-encode your output for HTML contexts, or use JavaScript Unicode escapes for JavaScript contexts.

Compiled by:

Tech Support Department

Read More security,

September 2019: VPN! What do you know about VPNs?

Definition of VPN

VPN stands for virtual private network. It is an encrypted tunnel between two devices that lets you access every website and online service privately and securely via your computer or mobile device.

How does VPN tunneling work?

VPN tunneling creates a point-to-point connection between two devices, often the VPN server and your device. Tunneling encapsulates your data into standard TCP/IP packets and safely transfers it across the internet. Because the data is encrypted, hackers, governments, and even internet service providers cannot see or gain control of your information while you are connected to a VPN server that’s why you are able to access the censored site in your country or any other country.

Get ExpressVPN 

Why do I need a VPN?

From enhanced security to saving money, there are many benefits that come from using a VPN. Check out these five amazing things a VPN can do for you!

  1. It can keep you safe while online
  2. It can help you defeat censorship
  3. It can help you save money
  4. It can encrypt everything for you so no sniffing can happen to your content
  5. It can help you extend your coverage i.e. it can change your geolocation and you will be able to access the products that are not currently available in your country.

There is more to what a VPN can do to you check them out online

How is a VPN different from a proxy?

When you connect to a proxy server, it becomes an intermediary between your device and the internet. All of your internet traffic gets rerouted through the proxy server, making it appear to have come from the proxy server’s IP address.

Connecting to a proxy server masks your IP address and allows you to access censored content. However, proxy servers do not encrypt your traffic, so any information that you exchange over the connection can be intercepted by others who are also connected to the server, such as hackers or identity thieves.

A VPN offers all the benefits of a proxy server but also secures and encrypts the data between your device and the internet, allowing you to go online without fear of having your information intercepted or stolen.

How is a VPN different from DNS?

In addition to its main VPN service,  some VPNs such as ExpressVPN also provides a way to change your DNS settings such that only certain content goes through its servers, leaving the rest of your network traffic to be handled by your regular ISP.

However, like a proxy server, this DNS service does not include secure tunneling for your network traffic, which makes it slightly faster but leaves it prone to third party interference. Additionally, changing your DNS settings does not hide your IP address, since not all of your traffic is rerouted through the DNS server. If you want to remain anonymous and protect the information you exchange online, you need a VPN.

Learn more about ExpressVPN’s private DNS servers.

How is a VPN different from a firewall?

A firewall is a barrier that analyzes data packets from the internet that try to connect to your computer and only allows those that meet a predetermined set of rules to get through.

Using a firewall is a great way to protect your device from threats such as virus attacks and worms. However, a firewall can only protect your device from dangerous incoming traffic. To secure and protect the network traffic leaving your device, you need a VPN. A firewall does offer complementary benefits to a VPN, however, and using the two together provides optimal online security.


 

Get ExpressVPN 

What is the difference between a VPN app, a VPN plugin, and a VPN browser?

VPN browsers or browser plugins only protect your web browser traffic. The rest of the network traffic from your device is still exposed to internet service providers and potential hackers. A VPN app will encrypt and protect all network traffic from your device.

The ExpressVPN browser extension for Chrome and Firefox is different. It works in partnership with the ExpressVPN app to protect your entire device.

Read more about why you should use a VPN app instead of a standalone VPN plugin or VPN browser.

Where can I get a VPN?

ExpressVPN makes safe internet browsing easy

Get an account.

Choose your plan.

Enjoy the internet with privacy and security!

Compiled and approved by the Technical department WOUGNET read more here from ExpressVPN

Read More security,

August 2019: How to transfer all contacts from your old Android or iPhone to a new smartphone

When buying a new smartphone, transferring the entire phonebook from your old phone to your newly purchased smartphone could be a big task. Here’s how you can make it a seamless process.

HIGHLIGHTS

  • Many people face the tough challenge of transferring data from the old phone to the new one.
  • If you don't manage to transfer your contacts, it becomes difficult to make calls, send messages, use WhatsApp and make payments.
  • If you have just bought a new phone, here's how you can make sure your entire phonebook is cloned to the new phone.

With a myriad of smartphones coming out every month across various price ranges, consumers have started upgrading phones at a faster pace than before. With an increase in demand for new and convenient features in smartphones, the manufacturers are coming up with new models that house sophisticated features - for example, the periscope camera with 5X zoom in the Huawei P30 Pro or the rotating pop-up selfie camera on the Samsung Galaxy A80. With tempting features like these, it's hard not to give in to the temptation and make an investment into these smartphones

However, while making the purchase decision isn't hard, many people face the tough challenge of transferring data from the old phone to the new model. While most app data can be backed up on their native services, the most important data around which your connected life revolves is the phonebook. If you don't manage to transfer your contacts, it becomes difficult to make calls, send messages, use WhatsApp and make payments.

If you have just bought a new phone, here's how you can make sure your entire phonebook is cloned to the new phone. And don't worry, we have solutions for both Android and iOS platforms.

Transferring contacts from Android to Android:

--Go to Settings in your old Android phone and navigate to Google.

--Inside the Google section, search for backups and open it.

--By default, your Google account automatically takes a backup of all your contact on a frequent basis. You have to make sure that the auto backup option is enabled. If it isn't, turn on the backup and wait for the phone to sync it to your Google Drive.

--While saving a new contact, Android phones always ask where you want to save the contact. A wise decision is to select your Google account.

--On your new Android smartphone, simply login to your Google account and wait for the device to synchronize. After a few minutes, your phonebook should reflect all your contacts synchronized with your Google account.

--If you don't prefer or are unable to back up your data to Google's cloud, then most Android phones offer a way to share all contact details as a VCF file. You can share it over Bluetooth to your new device and simply install the file to get all your contacts.

Transferring from Android to iPhone:

--On your Android device, you need to backup all your contact to your Google Drive. Head over to the Google section and navigate to backups in the Settings menu.

--By default, your Google account automatically takes a backup of all your contact on a frequent basis. You have to make sure that the auto backup option is enabled. If it isn't, turn on the backup and wait for the phone to sync it to your Google Drive.

--On your iPhone, head over to Settings and navigate to Passwords & Accounts. Tap on Add account.

--Your iPhone will show all popular services, including Google. Tap on Google and log in with your password.

--Once you log in, tap on your Google account under the Passwords & Accounts option. Turn on synchronization for contacts.

--Wait for few minutes to let the device synchronize with the Google account. After a few minutes, your phonebook should reflect all the contacts from your Android phone.

Transferring from iPhone to Android:

--On your iPhone, navigate to Passwords & Accounts and head over to your Google account. Switch on the synchronization of contacts.

--On your new Android phone, simply log in with your Google account during the setup process.

--By the time your Android phone is set up, all your contacts will be transferred to your new Android device.

Transferring from old iPhone to new iPhone:

--Most iPhones backup your data, including contacts by default to iCloud. If you switched off the backup, head over to Settings and navigate to iCloud to turn on synchronization for contacts.

--On your new iPhone, once you log in with your Apple ID, all contacts are transferred to the device by the time the device finishes the setup.

Read More Computer,