In today's article, we'll see 6 points that are often misunderstood by internet users and how to not make these mistakes.
1. HTTPS, secure or not?
HTTPS is the HTTP protocol coupled with an encryption layer as TLS.
So more colorful, this is to encrypt the information transmitted on the network.
With HTTP you see pass "in the clear" the data:
With HTTPs you see the figures go (and you can do nothing without possessing with the decryption key)
Only, and this is where the confusion: Safety must be ensured on several levels!
Here no one secures the network level but speaks only of "human" level or the "system" level.
Regarding the human level, these include the famous Phishing. And it is dangerous to say:
"If you see the padlock is that it's good you can buy! "
Because the Phishing page may very well be HTTPS too! Anyone can buy SSL certificates or even get for free.
Here is a site (which does not exist but that might exist) where one can distinguish the padlock and httpS:
Now here is the official website of Paypal:
There are several types of certificates, which is why one sees on the left in green "PayPal, Inc. (US)." But all https sites do not have this type of certificate, which would make the two examples identical except for the domain name.
The domain name (in black on the images above) is the element to look out here in addition to the "padlock" poypol not paypal. paypol either, nor poypal. You follow me? 😉
The second level we were talking about was the level "system."
Imagine the following example: We are in HTTPS (and on the official website!) But a person observes our password typed on the keyboard over our shoulders.
HTTPS or not, the password is recovered.
Keyloggers work the same way they recover what you type on your keyboard regardless of whether you're using HTTPS or not, at any site, regardless of open programs. Your information pass key system (on which the keylogger is running), then the system web site and web site network (via HTTPS but it's already too late, the hacker left with password ).
2. Encoding or encryption?
Do not confuse encoding and encryption when you want to share information securely.
Encoding Purpose:
Transmit information in an understandable format by all (standardized). This is for example the famous ASCII table whose "A" is 65 in decimal.
Base 64 is a popular coding, that is used for transforming binary information in characters. Indeed, if we transfer the "0" and "1", there are many ways to interpret them suddenly we create an easy to transfer coding (especially via URLs) and decoding.
You've probably seen URLs that contain characters like this:
aHR0cDovL3d3dy5sZWJsb2dkdWhhY2tlci5mci8 =
Although this seems incomprehensible, simply decode the original text to find:
http://www.depotekk.com
Purpose of encryption:
Transit data that only a transmitter and a receiver can see.
This time, if I give you the following (which nevertheless resembles base 64):
OrhDWPZlVC3D35cBLjgBVDgz1HwyJTwzY5IzYb
Can you read? Can you decipher it knowing it is encrypted using the RC4 encryption algorithm?
In both cases the answer is no (even with bruteforce it will be difficult if the encryption key is large enough).
It is only when you know the encryption key (here: "Key") that you can decrypt it.
If one still wants to go up a level, you can go through the hashes. It is a footprint of a text file, video, etc ... program that it is not possible to find a reversing the encryption process.
Typically, there is no algorithm to recalculate the initial text of the following hash:
a3fc36b1afe9bad4dc83547e72d763d7
And indeed even I can not remember! If anyone can do it, let me know!
The only way to find the original text was to recalculate the hash of a plaintext and compare it to this one. If it is the same, the original text was found. This is exactly what is happening with your Facebook passwords, etc ... Google: A fingerprint is stored even if the directors were looking in the database, they would not see your password and can not find it .
3. Change the password for any hacking or doubt
This advice seems very appropriate but lacks a big partie.recover password Photo
Take the typical case, one site visitors often face, namely: The hacked account or hacking attempt they just suffered.
Changing the password is a good idea that once one is sure where it is not immediately recovered!
To talk keyloggers, if you have one on your computer, you can change your password 45610 times, it will be immediately recovered by the hacker.
The board must be completed:
We must change the password for any hacking or doubt being sure to have a healthy computer when changing.
Example: Changing the password from another computer / smartphone as that suffered hacking or hacking attempt.
The same problem arises with cookies. If you delete cookies in order to "cover his tracks", we will have to re-enter passwords previously saved in the browser.
It's paradise for keyloggers because they are unable to recover the passwords already pre-registered in browsers. Some of them just disappear cookies on purpose to force the recovery of passwords.
I'm not saying you need to remember all the passwords, each principle has its advantages and disadvantages.
4. Remove the Trash file
We are talking rather of anonymity with the fact of wanting to disappear given file.
When you delete a file from the Recycle Bin, so when Windows tells you that the file will be deleted "permanently", it is in fact still on your hard disk. His memory has just been released, ie other files can be written over in the future to remove the really crushing.
So if you just deleted a file from the Recycle Bin you can try to find it by analyzing the memory in search of yet not crushed file.
This is the job of Recuva, I made a guide to show you how to download and use.
If you now want to delete a file for good, you can use specialized programs and there are many.
Avast itself provides that (in the paid version I think). Eraser is a free program doing the same job.
You can download it here
5. "No one will find it"
Security through obscurity is a concept whereby what is hidden and difficult to find, is secure.
This is often wrong, because a given person usually finds what she is looking for.
The most telling example and the one on a file placed on a web site: No links point to it, it was never published anywhere and no one was aware.
Yet anyone can find it!
And the reason is this: Google was found.
For those interested, the second challenge deals with this topic. Bravo for those who are already successful in passing 😉
In fact, when speaking encoding the beginning of the article, it's the same here, not because it seems illegible or impossible to find / do, what it is.
Google is also a search tool that can be used very technical and professional way to find all kinds of documents precisely.
This is called Google Hacking (i will explain that in another tutorial).
6. The antivirus Case
I have already talked a lot and I do not want to repeat myself but one of the least understood issues concerning IT security antivirus.
There are two problems in an understanding of:
Those who trust the antivirus
These are all people who rely on their antivirus, and indeed they are right to do so because in theory there is no need to worry after a message like this:
So yes, the antivirus protects you and it does it very well. Only it has flaws that are only compensated by knowledge and distrust.
I said that all antivirus are involved at this level.
Those who only trust themselves
These are people who, confident, feel they do not need antivirus because "they know what they are doing."
This is a good sign indeed, but unfortunately there is always situations that escape us. Typically when a site that we know is healthy hack or when yet another hidden agenda. This same program would have hidden your antivirus detected it.
Recognizing also that the human being is one of the biggest flaws, I will not take the risk of disabling antivirus.
Attention, because speaking of human fault, it is also important not to fall in the opposite situation. Namely: Believing that one is hacked then that is a trap we trying to download suspicious programs.
Remember that the best support for this blog is to like and share our articles!
For more news, subscribe to the blog or newsletter , also have a look at Twitter, Google+ , Facebook and our youtube channel for other news.
1. HTTPS, secure or not?
HTTPS is the HTTP protocol coupled with an encryption layer as TLS.
So more colorful, this is to encrypt the information transmitted on the network.
With HTTP you see pass "in the clear" the data:
With HTTPs you see the figures go (and you can do nothing without possessing with the decryption key)
Only, and this is where the confusion: Safety must be ensured on several levels!
Here no one secures the network level but speaks only of "human" level or the "system" level.
Regarding the human level, these include the famous Phishing. And it is dangerous to say:
"If you see the padlock is that it's good you can buy! "
Because the Phishing page may very well be HTTPS too! Anyone can buy SSL certificates or even get for free.
Here is a site (which does not exist but that might exist) where one can distinguish the padlock and httpS:
Now here is the official website of Paypal:
There are several types of certificates, which is why one sees on the left in green "PayPal, Inc. (US)." But all https sites do not have this type of certificate, which would make the two examples identical except for the domain name.
The domain name (in black on the images above) is the element to look out here in addition to the "padlock" poypol not paypal. paypol either, nor poypal. You follow me? 😉
The second level we were talking about was the level "system."
Imagine the following example: We are in HTTPS (and on the official website!) But a person observes our password typed on the keyboard over our shoulders.
HTTPS or not, the password is recovered.
Keyloggers work the same way they recover what you type on your keyboard regardless of whether you're using HTTPS or not, at any site, regardless of open programs. Your information pass key system (on which the keylogger is running), then the system web site and web site network (via HTTPS but it's already too late, the hacker left with password ).
2. Encoding or encryption?
Do not confuse encoding and encryption when you want to share information securely.
Encoding Purpose:
Transmit information in an understandable format by all (standardized). This is for example the famous ASCII table whose "A" is 65 in decimal.
Base 64 is a popular coding, that is used for transforming binary information in characters. Indeed, if we transfer the "0" and "1", there are many ways to interpret them suddenly we create an easy to transfer coding (especially via URLs) and decoding.
You've probably seen URLs that contain characters like this:
aHR0cDovL3d3dy5sZWJsb2dkdWhhY2tlci5mci8 =
Although this seems incomprehensible, simply decode the original text to find:
http://www.depotekk.com
Purpose of encryption:
Transit data that only a transmitter and a receiver can see.
This time, if I give you the following (which nevertheless resembles base 64):
OrhDWPZlVC3D35cBLjgBVDgz1HwyJTwzY5IzYb
Can you read? Can you decipher it knowing it is encrypted using the RC4 encryption algorithm?
In both cases the answer is no (even with bruteforce it will be difficult if the encryption key is large enough).
It is only when you know the encryption key (here: "Key") that you can decrypt it.
If one still wants to go up a level, you can go through the hashes. It is a footprint of a text file, video, etc ... program that it is not possible to find a reversing the encryption process.
Typically, there is no algorithm to recalculate the initial text of the following hash:
a3fc36b1afe9bad4dc83547e72d763d7
And indeed even I can not remember! If anyone can do it, let me know!
The only way to find the original text was to recalculate the hash of a plaintext and compare it to this one. If it is the same, the original text was found. This is exactly what is happening with your Facebook passwords, etc ... Google: A fingerprint is stored even if the directors were looking in the database, they would not see your password and can not find it .
3. Change the password for any hacking or doubt
This advice seems very appropriate but lacks a big partie.recover password PhotoTake the typical case, one site visitors often face, namely: The hacked account or hacking attempt they just suffered.
Changing the password is a good idea that once one is sure where it is not immediately recovered!
To talk keyloggers, if you have one on your computer, you can change your password 45610 times, it will be immediately recovered by the hacker.
The board must be completed:
We must change the password for any hacking or doubt being sure to have a healthy computer when changing.
Example: Changing the password from another computer / smartphone as that suffered hacking or hacking attempt.
The same problem arises with cookies. If you delete cookies in order to "cover his tracks", we will have to re-enter passwords previously saved in the browser.
It's paradise for keyloggers because they are unable to recover the passwords already pre-registered in browsers. Some of them just disappear cookies on purpose to force the recovery of passwords.
I'm not saying you need to remember all the passwords, each principle has its advantages and disadvantages.
4. Remove the Trash file
We are talking rather of anonymity with the fact of wanting to disappear given file.
When you delete a file from the Recycle Bin, so when Windows tells you that the file will be deleted "permanently", it is in fact still on your hard disk. His memory has just been released, ie other files can be written over in the future to remove the really crushing.
So if you just deleted a file from the Recycle Bin you can try to find it by analyzing the memory in search of yet not crushed file.
This is the job of Recuva, I made a guide to show you how to download and use.
If you now want to delete a file for good, you can use specialized programs and there are many.
Avast itself provides that (in the paid version I think). Eraser is a free program doing the same job.
You can download it here
5. "No one will find it"
Security through obscurity is a concept whereby what is hidden and difficult to find, is secure.
This is often wrong, because a given person usually finds what she is looking for.
The most telling example and the one on a file placed on a web site: No links point to it, it was never published anywhere and no one was aware.
Yet anyone can find it!
And the reason is this: Google was found.
For those interested, the second challenge deals with this topic. Bravo for those who are already successful in passing 😉
In fact, when speaking encoding the beginning of the article, it's the same here, not because it seems illegible or impossible to find / do, what it is.
Google is also a search tool that can be used very technical and professional way to find all kinds of documents precisely.
This is called Google Hacking (i will explain that in another tutorial).
6. The antivirus Case
I have already talked a lot and I do not want to repeat myself but one of the least understood issues concerning IT security antivirus.
There are two problems in an understanding of:
Those who trust the antivirus
These are all people who rely on their antivirus, and indeed they are right to do so because in theory there is no need to worry after a message like this:
So yes, the antivirus protects you and it does it very well. Only it has flaws that are only compensated by knowledge and distrust.
I said that all antivirus are involved at this level.
Those who only trust themselves
These are people who, confident, feel they do not need antivirus because "they know what they are doing."
This is a good sign indeed, but unfortunately there is always situations that escape us. Typically when a site that we know is healthy hack or when yet another hidden agenda. This same program would have hidden your antivirus detected it.
Recognizing also that the human being is one of the biggest flaws, I will not take the risk of disabling antivirus.
Attention, because speaking of human fault, it is also important not to fall in the opposite situation. Namely: Believing that one is hacked then that is a trap we trying to download suspicious programs.
Remember that the best support for this blog is to like and share our articles!
For more news, subscribe to the blog or newsletter , also have a look at Twitter, Google+ , Facebook and our youtube channel for other news.
I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.
Related Post
Creating an effective USB blocking GPOSeveral people spent several hours reading technet tutorials, and other various how-to/guide/tutori
Any website can get your real IP address even if you use a VPNUntil that moment you think your IP address is anonymous when using a VPN..
Daniel Roesler, a compu
Detect the WiFi squatters with your Android SmartphoneFrom the time that I'm talking about the security of your Wi-Fi network, we saw how to crack a WiFi
The most dangerous programming errors
The "Common Weakness Enumeration" developed by MITRE, includes the list of most dangerous progr
ConversionConversion EmoticonEmoticon