What Is IP Spoofing And How Is A System Hijacked?

Posted by on Apr 29, 2011 | 1 comment

It should be no surprise to your that in the world of computer networking savvy computer technicians have the ability to mask their identity on the Internet with advanced techniques.  IP Spoofing, similar to caller ID blocking in telecommunications, refers to hackers disguising their IP address and network identification information to gain unauthorized access to other computers or networks.  When the targeted system is "spoofed" the system will display a message that a trusted source is trying to access their network.  Once the IP address is "spoofed" hackers can conduct criminal acts on your computer or network remotely. 

Internet Protocol spoofing initially became a problem in the 1980's.  While it was considered an accomplishment to crack an IP address and to conquer the protocol's weakness, it quickly became a problem and was a primary focus for security administrators thereafter.  In terms of spoofing, there are three different types of attacks:

Non-Blind Spoofing Attacks
When the attacker is actually on the same subnet as the system they are attacking this is considered a non-blind spoof.  This form of spoofing can cause session hijacking and can effectively allow the hijacker to bypass security to establish a connection using proxies and sequences. 

Blind Spoofing
Blind spoofing is a bit more advanced than non-blind methods.  Packets are sent to the machine the hijacker is targeting to get an idea of the sequence numbers in the network.  While sequencing is random, some hijackers can accurately predict sequences for access.  While some hijackers may not be able to gain a full connection, they can send data packets and viruses to the targeted machine.

Attackers are not concerned with completing full transactions on your network.  The primary focus of an IP spoofer is to consume bandwidth and resources.  By flooding the victim with packets of communication, traffic has effectively controlled your computer and a connection can be made. 

If you want to protect your computer or your network against IP spoofing it is important to take the proper precautions.  Proactive steps and security precautions are the only way to keep your IP address protected.  Ingress and egress filtering on your router is very important.  This will block private IPs and will not accept IP addresses with your sequence as the source.  Encryptions and authentication measures within your subnet are also important and can reduce attacks and vulnerability.  The truth of the matter is unless you are a spoofer yourself you are perhaps never fully protected.  Be aware of the security risks that exist and take proactive steps to protect your computer.
 

Read More

The Problems with Public Proxy Server

Posted by on Apr 14, 2011 | 0 comments

So you have found a nice free proxy server. Great! Well perhaps not!

There are many well known problems with free public proxy servers. Now it is true there are generally quite easy to find (especially if you know what you're looking) however the disadvantages can lead to an enormous waste of your time, and compromise your security and identity.

Free Public Proxy Server Are Almost Always Bad For SecurityThe biggest problem with public proxy servers they just are not reliable. Of course the principal reason for this is because so many people can use them, after all they are free proxy servers! With somebody people using them at the same time it's very easy for the server to get overloaded, thus leaving you with an extremely slow Internet connection. Even if you're lucky and managed to find a proxy server with very few users there is a strong chance that one of those few users is abusing it. Many Internet marketing packages include scrapers to find free proxy servers, packages such as scrapeboxand Xrumer need constant supply of proxies to operate. Just one extra user can easily swamp a single proxy. The fact that software packages such as Xrumer and scrapebox are using these proxies to spam the Internet means they are often blacklisted and can't be used for many websites.

Another major disadvantage of any public proxy server, and really the biggest disadvantage of all, is that they generally do not provide true anonymity at all. The reason for this is because so many public free proxy servers are actually run by hackers and spammers, or various other organisations determined to obtain your details. these people can see all the traffic that goes through their proxy server, and can therefore extract any information from that they require.

So if you have any concern for your online privacy you will not even consider using a free proxy server, and will instead subscribe to a paid service from a reputable company such as Identity Cloaker.

Read More

Content Filtering: Australia

Posted by on Jul 1, 2010 | 0 comments

Since its foundation, Australia has been seen as a fairly liberal country, with an easy-going attitude towards just about everything. However, this is all about to change under the current administration, who are trying to push forward the Clean Feed internet filter for Australian internet users.

Australian Internet Filter stops you from saying **** *** ****!Private internet filters have been around for the last decade or so, but Clean Feed, if passed by law, would be the first national filter in the world.

We will look at the details of Clean Feed and examine its pros and cons and the potential fall out.

The proposal is a blanket censorship of thousands of websites deemed inappropriate by the Clean Feed body. This would replace the current practise of allowing each household to set their own censorship levels appropriate to the ages of internet users in their house. The kinds of sites being discussed include obviously sensitive material like pornography and drugs, but webpages discussing euthanasia, “inappropriate” political parties and over 18 rated games have also been discussed as being “RC” (refused classification). The idea is still being kicked around the Australian government, but current behind-the-scenes opinion indicates that the legislation is unlikely to get to a vote before the next general election.

The pros of this system are fairly obvious at first viewing. It aims to cut down on the amount of illegal material that is being seen and downloaded in Australia. By restricting offensive websites, younger internet users can be protected from entering sites that they didn’t mean to enter, or shouldn’t be looking at. The blanket ban on these websites removes the responsibility from internet providers and families for installing their own filters. These filters are increasingly easy to get around, and at a basic level can be simply uninstalled by a determined competent computer user, whilst a filter imposed by the internet provider and backed up by the government will be much tougher.

The Australian Labor Party minister who is campaigning for Clean Feed, Stephen Conroy, says that the filter will be carefully monitored, and regular meetings will be set up to discuss the status of controversial pages.

Australian Internet Filter - Clean FeedThe cons of the Clean Feed filter are also fairly obvious. Campaigners against the programme call it “a kick in the teeth for civil liberties” and the filter has been likened to the 1984 Big Brother society, where the state controls what each individual is able to access. The general consensus amongst anti-Clean Feed protesters is that it should remain the responsibility of each family and each person to monitor their own internet usage, using their own moral compass for guidance as to what they should and shouldn’t be accessing. By allowing a higher organisation to dictate these classified sites, the general public are submitting to the moral standards of a select few non-elected individuals. The argument runs that these people are in no better and no worse position to choose what the nation should be able to access than anyone else in the country.

Another problem is where the line is drawn. In today’s increasingly sensitive society, where political correctness can cause situations to spiral way out of context, it seems unfair for the elected party to decide what counts as racism, or other inappropriate context.

Lastly, and possibly most damagingly, studies are being conducted into whether such a filter would actually provide any sort of protection. Claims that it would help tackle the rise in paedophiles using the internet as a tool for grooming have been rubbished, saying that most illegal communication happens privately, through social network sites and emails. Taking control of these would amount to a gross breach of civil liberties, and would constitute a criminal act by the government.

The potential fall out of a decision in favour of Clean Feed could be quite dramatic. Recent opinion polls have agreed with the notion of internet filters and making the web a safer places, but when asked if the government should be in charge of their internet usage, a large proportion of the interviewees said no. By pushing this legislation through, Stephen Conroy has the potential to kick up a hornet’s nest of angry Australians, which may cause the whole operation to backfire spectacularly.

 

As ever should Clean Feed ever get the go ahead our old favourite Identity Cloaker will be useful to break through the barrier and deliver a completely unfiltered Internet experience.

Read More

e-Whore – The 21st Century ‘Lady’ of the Night

Posted by on Mar 27, 2010 | 0 comments

E-whoring is a term that refers to a new brand of money-making schemes on the web. Most people know now not to listen to mass emails from Nigerian Princes or banks promising them money if they help them, but new and more subtle forms of money scams have emerged.
If you or someone you know has fallen subject to an e-whore you are more familiar with this phenomenon. Perhaps you think you know enough not to get fooled again. Still, educate yourself and read as much as possible, and don’t stop reading this. You never know if you could get fooled in a new and different way.
If you have never, as far as you know, fallen prey to an internet e-whore scam then this information is still more important than you might think. Nobody is airtight and the internet is far from a secure place, with billions of users and very little security.
E-whores will try to get or earn money from someone interested in meeting or talking to someone but will appear so attractive and deceptive that you might just let them walk away with your money.
Still not convinced? It could happen far more easily than you think. If I could be obvious for one second, never let anyone have your credit card number. Everyone knows this, everyone has heard this, and likely you know too. But also don’t give out your credit card number to verify who you are.
What? Don’t be insulted. Scammers will hide behind what looks like credible-looking sites rather than asking outright for your credit card number. These sites may claim or appear not to charge you and may even seem like real companies but once they have your number the small print will kick in. Commonly the small print will read that unless you do something your credit card will be charged $XX in the next 3 days. The tasks that you need to do change, however in some cases these tasks include submitting your credit card to several different sites. These sites will have a similar scheme going on and you will be facing even greater charges.
 E-whores love to troll dating sites and pretend to be interested in you. Sure, she looks pretty. Um, he.  S/he will tell you she doesn’t like to use this site and to sign up for her favourite social/networking or possibly a  xxx site. It requires a credit card to sign up, but offers a free trial that you can cancel before it charges you. If you give your credit card number, you will soon find that they are charging large monthly membership amounts and are impossible to cancel.
Yay.
Okay, so you stop giving out personal information on the internet. What about taking it? Seems idiot proof enough, doesn’t it? Pretty “ladies” on dating sites will often give out cell numbers and say they are never on the computer but would really love to meet you! If you text these numbers you will be automatically signed up for a monthly service and charged a fee every month that you cannot cancel.
This give a whole new meaning to “do not talk to strangers”.
Another expensive lesson learned. The third method you won’t notice is a pay-per-click link. It doesn’t cost you any money to click on the ad, but it does make the pretty lady some money, in the form of an advertiser paying pennies per click on a link the “e-whore” posts on every website, forum, and yes, your dating profile, and so benefits them to pose as an attractive lady that you really would like to get to know better.
I am always telling you to hide your online identity with software, but in this case software will not help. You must always remember that people are out there to con you, there are software packages available for sale which automate much of this process. So the lovely s/he you are falling for could quite possibly not even be human…
Oh and no Ivan has not been caught out!
Read More

Protecting Your Online Privacy By Using Encrypted Connections though Proxy Servers

Posted by on Oct 8, 2009 | 0 comments

Too many people take it for granted that what they do online is private and protected, but the truth is that most people have data that is vulnerable, all too ready for sophisticated people to capture.

Even people who work on private networks are at risk, but for those using public networks the risk is even greater. Keeping data secure is crucial for anyone who wants to avoid the damaging loss of personal or critical business information.

The simple act of hitting “Reply” on an email is task fraught with risk.

There are many safe guards that can be put in place, but one of the most secure ways to protect your online privacy is by using encrypted connections when working through a private proxy server.

Encryption, in terms of moving information, is the process by which data is put through a complex algorithm which makes it unreadable to anyone who does not have the key to decrypt it. Encryption can be used to protect data on computers and storage devices and is the first round of defense for those wanting to keep their personal data private when working online.

Another weapon in the arsenal of those wanting to protect their online privacy is the use of a private proxy server. A proxy server is a computer or application that serves as go-between for information requests between servers. Requests can be for information such as a web page, a file download, or other services and these are made through a proxy server rather than connecting directly to the server that houses the actual data.

The proxy server has two primary purposes, one is to maintain anonymity of the computer behind it for security reasons and the other reason is to speed access to a data resource.

There are numerous types of proxy servers including a caching proxy, a reverse proxy, a tunneling proxy, and a content filer proxy server. All of these different type servers provide different functions and features.

Many public proxy servers will accept unencrypted information and this can create a security risk because the data could be collected and thus make it vulnerable. It is important that those who use proxy servers know the integrity of the proxy servers they connect to, which is why the use of a private proxies with a good reputation is advised.

In some cases, malicious proxy servers have been intentionally set-up to record all unencrypted data and this data can later be harvested and used by those that have captured it. The key to protecting your personal data is encryption and this applies whether you are on a private or public network and specifically when accessing data through a proxy server. Using an encrypted connection can provide a great line of defense against internet hackers who employ packet sniffers and other sophisticated means of capturing private data.

Read More