Internet Myth Busted

We are on the internet at least for 5 hours in a day, probably even more. There are people with malicious intent who are only for 24 hours a day, trying ways to get illicit access to your computer, just for Fun or a specific reason. Well, you need to figure out what the reason is.

 

Here we are with some common myths that internet Users have, the very basic ones though.

Myth 1:  Firewall is useless it just blocks the  software  already there on my computer

There’s a common myth among us that a firewall is something which makes sure that no application  connects to Internet without our permission. However, that is not what it only does,that’s just an extra feature and not a firewall’s basic function

A firewall is something which blocks all the inbound connections, that is, the ping requests which hackers use  to check  which computers are alive or make inbound remote desktop connections, which can be brute forced and full access to your computer can be gained or other attack vectors!!

 

Myth 2:  I have a Firewall and an Antivirus so now I am safe

No, you are not safe There are other attack vectors as well, You are a part of an Attack on yourself, confused
Say hello to the world of Social Engineering,  you are the one who let those attackers get their Trojans and other sniffers or some other stuff on your computer.

You receive an email something like

You eagerly  download  the attached ppt and some mp3..bang! you have a Trojan on your computer. Maybe your antivirus detect it as a Trojan but you are too eager and desperate to see whats inside. Firewall says something is trying  to connect to internet, you ignore it and the hacker is notified that   another fool in trap .

Or take the case which I have observed used by some pakistani hackers to get Indian communities on Orkut.
They posted topics in the community became Internet Pals and then asked the community owner if he would like to hack his friends yahoo. Unsurprisingly, he said yes and the hacker sent him the Trojan, Community Owner downloaded it, He was notified by his  anti-virus  and firewall but he disabled them and fell into the trap. Now his activities were logged and all the passwords he typed that day were mailed to the hacker!!
Moral of the story is self deducing, don’t be fooled and don’t be over smart like those Community Owners.  One more possibility, if someone you trust is hacked, you are in deep trouble.

 

Myth 3:  I don’t trust people on the internet, i have a Firewall, I also have an Antivirus so now i am safe

Let me repeat myself, a BIG NO, the reason is because we are very techno freako people, we like  trying  new  software, by new I mean beta and alpha software  and the other not so tested  software, because they are not tested they have bugs and exploits in them like the beta firewalls. If someone is smart enough and able to figure out those exploits, you are boomed

Consider the case where a bug in MS Internet Explorer 7 was found and was sold for Millions of $$ to a  advertising site, with the help of which they were able to deploy Trojans on thousands of computers visiting there site and personal information was stolen, So use some genuinely tested stuff.

 

Myth 4: I have tested  software, I don’t trust people on the internet, I also have a Firewall and an antivirus, Now I should be safe.

Nope, you aren’t, with the fast growing technology and features, other attack vectors have surfaced.
Here I would like to point out to a attack CSS which is not cascade style sheets but cross site scripting or XSS. Now with increasing use of javascript in web applications(Web 2.0), these type of attack are increasing.
These attack have been used in Facebook, Twitter, myspace, meebo and many many other popular and trusted sites like even Gmail. A  vulnerable website can be injected with any html or  javascript code like in some one’s scrapbook or email or comment boxes, shout boxes or something else. Now when the victim visits the page containing this injected code, the code will execute and your cookie may be sent to attacker or  redirect  you to some other fake site.
So to protect yourself from these attack disable the javascript and trust your senses, like when you see some unusual link on the site or a flash file or something, DO NOT CLICK IT.

 

Myth 5:   So now I am safe!!

Probably yes for now until some new attack surfaces!!

 

So the first and last point is Trust Is A Weakness , be paranoid and keep exploring.
I hope this piece of information will help someone out there!!

 

Dhawal D