This document summarizes common internet security threats and countermeasures. It describes how automated tools are used to try all possible password combinations to gain access to accounts. Phishing involves creating fake websites to steal user passwords, credit card numbers, and other sensitive information. Trojan horses hide unauthorized programs inside authorized ones to access and steal victim's data. Cross-site scripting and SQL injection are security vulnerabilities that allow hackers to inject malicious code and access restricted resources. The document provides tips to secure accounts, such as using strong and unique passwords, updating software, and avoiding suspicious links and attachments.

2. Common
Internet User
Security
Objective
Modus
Operandi
Countermeasures

3. Uses internet for his credit managing his day
Blogsinternet banking for card transactions.
Uses Uses social networking sites as well as
on internet for professional like
Usesex. Citibank, ICICI bank, HSBC etc
For Emailpersonal purpose. well as
orkut,myspace,facebook.
to day professional as
for finance activity
personal communication. For ex. Gmail,
Yahoo or Corporate webemail

4. How to secure the elements like
username, password, credit card
number ,etc for a particular web
resource (Gmail /Yahoo/Banking
website etc)

7. In this form of attack, an automated tool is used.All possible combinations of
letters,numbers and symbols are tried out one by one for an username till the
password is found out.

8. Phishing is the act of creating fake page of any legitimate web-service and hosting
them on web server in order to fool the user to get the passwords, credit card no.,
social security no. etc

10.  TROJAN …The Name Tells It All !!
A Trojan or Trojan Horse is a program which carries out an unauthorized function
while hidden inside an authorized program. It is designed to do something other
than what it claims to and frequently is destructive in its actions.
These trojans give the attacker a
total access to victim's machine.
Looks for other passwords entered &
then send them to a specific mail
address.
They only log the keystrokes of
the victim & then let the attacker
search for sensitive data.

14. • web cookies are parcels of text sent by
a server to a web browser and then
sent back unchanged by the browser
each time it accesses that server.
Used for login or registration
information, online “shopping cart”
information, user preferences, etc.
Cookie stealing can be effectively
done with knowledge of javascripts,
ajax, xss ,html ,php etc.

15. Vulnerabilities are open security holes that can allow other applications to connect
to the computer system without authorization.

16.  Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by web
users into the web pages viewed by other users.
 Examples of such code include JavaScript code.
Stored Attack Reflected Attack

17. XSS
www.mailprovider.com
 Hacker finds out www. mailprovider.com
suffers from XSS.
Mail
Users get mail asking to click a hyperlink
for getting a free gift Click here
For free gift
When the user click
malicious script gets executed.
www.mailprovider.com/default.asp?name=<script>evilScript()</script>
Your browser correctly interprets this as
Vulnerable
Web browser
script and runs the script
site
If this script instructs the browser to send a cookie ,
to the hacker's computer, it quickly complies.
May take the user to a fake web page
of his online banking site.

19.  It is basically a security exploit in which
attacker injects SQL code through a web
form input box,to gain access to resources
and make changes to data.
 SQL Injection attacks can often be executed from
address bar, from within application fields,
and through queries and searches

20. var sql = quot;select * from users where username = ' username ' and
password = ' password ' quot; ;
Username: anything‘ or 1=1--
Password:
quot; select * from users where username = 'anything' or 1=1--'and
password ='' quot;;

22.  Try to use combination of alphabets both upper and lower case, numbers and
special characters for assigning a password and change it at regular intervals.
 While creating a email id it is a good practice to give fake information .
 Use updated version of software.
 Now a days some site advisor software are available .
 Don’t accept any kind of files from anonymous users in chat rooms.
 If required hide your IP address for anonymous browsing.
 Don’t blindly believe emails as they can be sent without authentication.
 Don’t reveal your password in any kind of email.
 While logging in give a close look to the domain name.
 Try to avoid running scripts in the address bar of your web browser .
 Extra care has to be taken with files of .exe extension.
 Always use your common sense.

23. Presented By
Preetish Panda
preetish88@gmail.com