E-mail account cracking is indeed one of the hottest topic on internet security
. Although there is no particular guaranteed method of breaking into
victms account, there are definately few promising techniques that are
commonly used by attackers namely
1)PASSWORD GUESSING
2)FORGOT PASSWORD ATTACKS
3) BRUTE FORCE PASSWORD ATTACKING
4)PHISHING ATTACK
5)INPUT VALIDATION ATTACK
6) SOCIAL ENGINEERING
PASSWORD GUESSING
.LOW LEVEL THREATS
.EASILY EXECUTED
.VERY COMMON BUT NOT VERY EFFECTIVE
The succes rate of this method is very lowbut is most commonly used in it user gather information about the victim and use it to guess the password the information is like birth place, date of birth etc.
2) Forgot password:
The above described method is the ancestor of the forgot password technique. in it the gathered information is used to answer the security questions used in retrieve the passwor option provided by maximum n.o of service provider. for example yahooo required ZIp code , birthday and country to reset the email account
3) Brute force password attacker
Brute force is one of the oldest technique used by hackers community.It is ultimate technique if all the techniques failed In this attack an automatic tool or script tries all possible combinations of available keys of the keyboard as victms password.Such as hit and trial method of trying all the available permutation and combination the password will be cracked sooner or later while doing so remember the following to avoid above keep following the below decribed things while choosing your password
1) Try to use combination of n.o alphabets an special characterstics
2) Try to use lower and upper case
3)Try to use a password not available in dictionary
4)keep changing the password
5) Donot use same password toall account
4) PHISHING- If we use email account for too long some time we have been timed out,wherein your connection with your email service provider times out and you are asked to login again Then most user immediately login again with there username and password but in truth it is an phishing attack
.In phishing a fake login or time out screen is made by attacker and send it to the victm hoping for victim to be a fool and enter username and password.This information reaches the user by a script, while user is redirected to the email service provier
5) Social engineering is a art of talking to people and win their trust and make them reveal the private information an extremly large n.o of attacks on internet are done using Social engineering.
6) Input validation attack- Input validation attack existed in microsofts hotmail.
1)PASSWORD GUESSING
2)FORGOT PASSWORD ATTACKS
3) BRUTE FORCE PASSWORD ATTACKING
4)PHISHING ATTACK
5)INPUT VALIDATION ATTACK
6) SOCIAL ENGINEERING
PASSWORD GUESSING
.LOW LEVEL THREATS
.EASILY EXECUTED
.VERY COMMON BUT NOT VERY EFFECTIVE
The succes rate of this method is very lowbut is most commonly used in it user gather information about the victim and use it to guess the password the information is like birth place, date of birth etc.
2) Forgot password:
The above described method is the ancestor of the forgot password technique. in it the gathered information is used to answer the security questions used in retrieve the passwor option provided by maximum n.o of service provider. for example yahooo required ZIp code , birthday and country to reset the email account
3) Brute force password attacker
Brute force is one of the oldest technique used by hackers community.It is ultimate technique if all the techniques failed In this attack an automatic tool or script tries all possible combinations of available keys of the keyboard as victms password.Such as hit and trial method of trying all the available permutation and combination the password will be cracked sooner or later while doing so remember the following to avoid above keep following the below decribed things while choosing your password
1) Try to use combination of n.o alphabets an special characterstics
2) Try to use lower and upper case
3)Try to use a password not available in dictionary
4)keep changing the password
5) Donot use same password toall account
4) PHISHING- If we use email account for too long some time we have been timed out,wherein your connection with your email service provider times out and you are asked to login again Then most user immediately login again with there username and password but in truth it is an phishing attack
.In phishing a fake login or time out screen is made by attacker and send it to the victm hoping for victim to be a fool and enter username and password.This information reaches the user by a script, while user is redirected to the email service provier
5) Social engineering is a art of talking to people and win their trust and make them reveal the private information an extremly large n.o of attacks on internet are done using Social engineering.
6) Input validation attack- Input validation attack existed in microsofts hotmail.
No comments:
Post a Comment