Open Secure Wireless
Hani Samimi

Most wireless hotspots use open, unencrypted wireless networks. Guests using these networks risk information disclosure and system compromise. Operators risk registration portal bypass and in the case of pay registration systems, potential sensitive data loss. Copyright concerns, including new legislation in the United Kingdom and a court case in Germany, may increase the pressure on providers to provide secure registration services.

I am proposing a solution that would have the encryption benefits provided by WPA/WPA2-Enterprise without the requirement for client authentication. This is possible using a novel (but RFC compliant) application of the existing EAP-TLS standard. The effect is similar to a web browser connecting to an HTTPS web site - the server certificate is validated, but a client certificate is only needed if the server is configured to require client authentication.
0 comments |
Facebook Apps redirecting to Phishing Site
Hani Samimi

It's a common case for us that we always can see this form when we are using Facebook , What is this form actually ?
Don't simply add whatever Facebook application that appear from unknown person. You will redirecting to phishing site like below ... At last, change your Facebook password ASAP after you realized.I think this tool easily can help us when we are using facebook because Facebook wants to protect our information .


1 comments |
Data Recovery
Hani Samimi

3 years ago , A guy in Iran called Sara found a problem with her computer . She found that her laptop had a problem from its CPU and it had to repair . So she went to a computer repair service to repairing it .She was really worried about her personal data and pictures into the laptop. That's why she copied all pictures in a flash disk and after that she deleted them . Also she removed them from recycle bin .
Sara went to the office and after 2 days they repaired her laptop .
After 1 year Sara heard that her personal pictures are in internet , She searched about them and unfortunately she found her personal pictures in so many websites . She found that the repair man stole her information .

What's your idea about this ? How did he this ?

--------------------------------------------------------------------------

There are so many DATA RECOVERY SOFTWARES can recover your data.
These softwares can easily ensure :

  • Recovery of deleted files
  • Recovery of data after you formatted the hard drive
  • Recovery of data after you re-created the partitions
  • Recovery after emptying of the Recycle Bin
  • Recovery after disk corruption
  • Recovery of corrupted data that happened due to power fluctuations
So :
  • Be careful about these softwares.They can easily recover you data even you format them .
  • If you want to sell your computer you had to take your hard disk . It's not safe
6 comments |
Is Yahoo messenger webcam secure?
Hani Samimi
Is Yahoo messenger webcam secure?

No !
Unfortunately there is a way that anybody can see your webcam without your permission . Only way to get into someone else's webcam is by sending a trojan to the intended camera host. This is new trick to hack web cam of Yahoo messenger. Hacker can view the other persons Yahoo Webcam, Who is always denying us . By these steps :

  • Open the following location C:\Program Files\Yahoo!\Messenger
  • You will find the file ” res_msgr.dll “. Delete this file.
  • Download a cracked file called YInfoGrabber .

Can someone intercept the webcam if you don't give permission ?

Fortunately Yes !
A program exists and works great , You have to download Y!tunnel from internet and install it on your computer if you want to protect your information .

In conclusion I have to say : Be careful ! Your webcam is not safe .
14 comments |
Is it possible to hack emails?
Hani Samimi

Yes! As a matter of fact, almost anything can be hacked. The following are the things you should be aware of.

1. There is no ready made software that can hack emails and get you the password just with a click of a button. So if you come accross any website that claims to sell such softwares, I would advise you not to trust them.

2. Never trust any email hacking service that claims to hack any email for just $100 or $200. Most of them are no more than a scam.

3. With my experience , I can tell you that there exists only 2 foolproof methods for hacking email. All the other methods are simply scam or don’t work. The following are the only 2 working and foolproof methods to hack any email.

1. EASIEST WAY TO HACK EMAIL

The easiest way to hack an email is by using a keylogger (Also known as spy software). A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. To use it you don’t need to have any special knowledge. Anyone with a basic knowledge of computer can use it. With my experience I recommend the following keyloggers as the best for hacking email.

2. OTHER WAYS TO HACK EMAIL

The other most commonly used trick for hacking email is by using Fake Login Pages. Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details(username & pw) are redirected to remote server and we get redirected to some other page. Many times we ignore this but finally we lose our valuable data. However creating a fake login page and taking it online to successfully hack an email is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. So I recommend the usage of keyloggers for hacking email since it’s the easiest one.

In my opinion, if you want to have a secure E.mail you should define a strong password .I know that it's difficult for us that make a long password because we can not remember it but we have to know that the strength of a password depends on the different types of characters that you use, the overall length of the password, and whether the password can be found in a dictionary. It should be at least 14 characters long.If you want to check that your password is strong you can use Password Checker , It's a software that test the strength of your passwords.
8 comments |
Norton AntiVirus
Hani Samimi

Norton AntiVirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include e-mail spam filtering and phishing protection.

Symantec distributes the product as a download, a box copy, and as OEM software. Norton AntiVirus and Norton Internet Security, a related product, held a 61% US retail market share for security suites as of the first half of 2007. Competitors, in terms of market share in this study, include antivirus products from CA, Trend Micro, and Kaspersky Lab.

Norton AntiVirus runs on Microsoft Windows and Mac OS X. Version 17.5.0.127 is the latest Windows build. Windows 7 support is in development for versions 2006 through 2008. Version 2009 has Windows 7 supported update already. Version 2010 natively supports Windows 7, without needing an update. Version 11.1.1 is the latest Mac build.

Version 2010 (Version 17.0)

Version 2010 is now available. It was released on September 9, 2009 Several features have been updated in this release, including SONAR, now dubbed SONAR 2. It now uses more information to determine if an application is truly malicious. Norton Insight can present users with information about the origins, activities, and performance of applications along with reputation data. A new feature codenamed Autospy helps users understand what Norton did when malware was found. Previous releases removed threats on sight and quietly warned users, potentially confusing when users are deceived in downloading rogue security software. Much of this information is placed on the back of the main window; a toggle button switches between the sides. Symantec has also added Windows 7 support. Aside from that, Symantec has also added the Norton Download Insight to prevent drive by drive downloads.

My Opinion:

I used 2 versions of Norton Anti Virus (2004 – 2007), This software can protect information and it’s a famous software in information security , but I had some problems with Norton :

- The price of this software is high in compare to other anti viruses.

- If you have old system boot up takes over 10 minutes.

- When antivirus is scanning for virus, speed of computer is low because it needs high memory

- I think McAfee of Kaspersky is better than Norton antivirus specially in internet security.

- When I had this antivirus it couldn’t recognize Blaster virus and it can be a big problem.

1 comments |
Avoiding Credit and Charge Card Fraud
Hani Samimi

A thief goes through trash to find discarded receipts or carbons, and then uses your account numbers illegally.

A dishonest clerk makes an extra imprint from your credit or charge card and uses it to make personal charges.

You respond to a mailing asking you to call a long distance number for a free trip or bargain-priced travel package. You're told you must join a travel club first and you're asked for your account number so you can be billed. The catch! Charges you didn't make are added to your bill, and you never get your trip.

Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.

It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.

Guarding Against Fraud

Here are some tips to help protect yourself from credit and charge card fraud.

Do:

  • Sign your cards as soon as they arrive.
  • Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.
  • Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.
  • Keep an eye on your card during the transaction, and get it back as quickly as possible.
  • Void incorrect receipts.
  • Destroy carbons.
  • Save receipts to compare with billing statements.
  • Open bills promptly and reconcile accounts monthly, just as you would your checking account.
  • Report any questionable charges promptly and in writing to the card issuer.
  • Notify card companies in advance of a change in address.

Don't:

  • Lend your card(s) to anyone.
  • Leave cards or receipts lying around.
  • Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.
  • Write your account number on a postcard or the outside of an envelope.
  • Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.

Reporting Losses and Fraud

If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.

If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.
2 comments |
Information security management system
Hani Samimi

An information security management system (ISMS) is, as the name implies, a set of policies concerned with information security management. The idiom arose primarily out of ISO/IEC 27001.
The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security (usually summarised as confidentiality, integrity and availability).
As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. ISO/IEC 27001 therefore incorporates the typical "Plan-Do-Check-Act" (PDCA), or Deming cycle, approach:
  1. The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
  2. The Do phase involves implementing and operating the controls.
  3. The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
  4. In the Act phase, changes are made where necessary to bring the ISMS back to peak performance.
The best known ISMS is described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC.
Another competing ISMS is Information Security Forum's Standard of Good Practice (SOGP). It is more best practice-based as it comes from ISF's industry experiences.
Other frameworks such as COBIT and ITIL touch on security issues, but are mainly geared toward creating a governance framework for information and IT more generally.
2 comments |
Information security - Introduction
Hani Samimi

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.
For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.
The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, to name a few, which are carried out by Information Security Consultants
0 comments |