How hackers breach security??

ports and the ip address leads to a network getting hacked.

hacking passwords is a young boy's game which atleast am not interested in.

try your hands on big things. instead of making your network getting compromised its very important to have a right device and right knowledged to help you.

Ports and ip address can help you getting in anywhere. In my personal opinion one should use a network based ips(intrusion prevention system) instead of host based.

IPS/IDS can be used in the network with the firewalls to make the network secure.

Cross side scripting and sql injection is the widely used ways to break the login and to get inside verified session. One tries to explore the vulnerability of sql query in the script and use it to create an identifed session. XSS is mainly used to hijack cookie value so that one can use it to enjoy an unexpired session.

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Hello every one,

In the website http://www.xssed.org you can find list of all websites which are vulnerable to attack and by seeing the example one can have practical view of how the website gets hacked.

Let us not Social engineering is the key to start hack, what you think?

Dear Saurabh,

It seems today that Cross-Site Scripting (XSS) holes in popular web applications are being discovered and disclosed at an ever-increasing rate. Take a glance of all bug tracks etc.

Here are some of the solutions :-

As a web application user/common user , there are a few ways to protect yourself from XSS attacks. The first and most effective solution is to disable all scripting language support in your browser and email reader. If this is not a feasible option for business reasons, another recommendation is to usereasonable caution when clicking links in anonymous e-mails and dubious web pages.

Additionally, as a last resort, proxy servers can help filter out malicious scripting in HTML,although commercial systems have a long way to go in this regard.

Web application developers and vendors should ensure that all user input is parsed and filtered properly. User input includes things stored in GET Query strings, POST data, Cookies, URLs,and in general any persistent data that is transmitted between the browser and web server. The best philosophy to follow regarding user input filtering is to deny all but a pre-selected element
set of benign characters in the web input stream. This prevents developers from having to constantly predict and update all forms of malicious input in order to deny only specific characters (such as < ; ? etc. we call it metacharacter ).

A web application is vulnerable in terms of hacking threat. Here the discussion point are not in terms of network security but application security. The loose ends of an application can be explored by

1. XSS attack.

2. SQL Injection.

3. Cookie poisoning.

XSS Attack: XSS or cross site scripting is the most potential threat. A web application has two avenues of control. Server end and client end. When a user requests a page, the request goes to server and the server prepares the page and sends it to the browser. Now, in the browser end all dynamicity is brought by client side script like javascript. Now think of the a situation where a user injects malicious script through your form input which gets stored in the database and the script fired when the server fetches data and throws it to browser. The script then can get activated and can steal vital information and can send to other sites. This is XSS attack.

The most effective solution is to decativate HTML display by converting into HTML entities. Like an HTML tags starts and ends with < > symbol. if it is converted into &lt; and &gt; it would still display but will remain inactive.

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed

If you use GET method that leads to database inserts, you are very vunerable. And you did all this to just save time for yourself.

One should first make sure there is no insider in the security breach because now a days organizations are more vulnerable to this threat.The history shows more attacks are generated from inside the network.The organization should make their employees are aware of the security trends.And the most important thing is to have a good administrator who will keep a vigil eye on the network and he should update his knowledge of the vulnerabilities till date.

Hacking, cracking, and cyber crimes are hot topics these days and will continue to be for the foreseeable future. However, there are steps you can take to reduce your organization's threat level. The first step is to understand what risks, threats, and vulnerabilities currently exist in your environment. The second step is to learn as much as possible about the problems so you can formulate a solid response. The third step is to intelligently deploy your selected countermeasures and safeguards to erect protections around your most mission-critical assets. This white paper discusses ten common methods hackers use to breach your existing security.

1. Stealing Passwords

2.Trojan Horses

3. Exploiting Defaults

4. Man-in-the-Middle Attacks

5.Wireless Attacks

6. Doing their Homework

7. Monitoring Vulnerability Research

8. Being Patient and Persistent

 9. Confidence Games

10.Already Being on the Inside

http://www.securityfocus.com/infocus/1527

account using net banking facility.

The Court directed the bank to pay account holder money that has been stolen , with 8% interest and legal expenses amounting to Rs. 25,000 for mental agony that has been caused to account holder

Case details

Mr. Nikhi Futan , an account holder of HDFC , was shocked to find on Oct. 2008  that Rs. 4.6 lakhs had been transferred from  hearing the  account to two accounts with – to a Shukla in Lucknow and Rajiv in Vijayawada

Bank did not take cognition of the complaint and he registered a police complaint

Both Shukla and Rajiv were arrested and only Rs. 70,500 were recovered

Bank’s version

Futan went to the Consumer Court in April 2009 . Bank argued that the money has been transferred after a request from Futan and that it had alerted Mr. Futan through SMS and e mail and he had failed to respond

Unauthorized transaction had taken place only if the customer had shared account details, used  a shared computer or had malicious software.

Futan  version

 Not received any message or email from bank

Court Version

The court accepted his contention that the bank had no evidence to prover there was malicious software  or viruns in his computer

The court cannot assume customer’s assent  if does not reply to text message  or e mail intimating his assent for transfer

The bank has not taken precaution as per RBI guidelines

Securing web application can occur in many ways, what I use to implement I have mentioned below.

1. Use URL rewrite to hide application pages or control flow.
2. If you are using IIS then it is better to apply URL scan. or IIS Lockdown tool
3. Change server header
4. Block not required ports and services.
5. Frequently check your application with various vurnability detection tool
6. Change default Eroor message
7. Never show detailed error message to end user
8. To secure your application from Man In Middle attacks, spoof client mac address and use it in cookies
9. Never relay on HTTPS (Port 443) connections, do encryption at client end with your own developed logic (Not only MD5 or any other algorithm).

Its not that simple to make this short.Anyway we need to secure our network,system,application,database and classify data according to the severity and give different layers of protection based on the classification.

So we need to keep ourselves update with new security flows and the preventive measures.eg:secunia,cert,symantec threat report etc.

Some hacker enter the sql injection which will destroy or explore the  tables of your website. Or they enter to your account without entering the actual pass word . i have some trick but due to some reason i will not explaing those trick here...

Through My Point of view,,,,The Hacking is the art of technics..there are many and alots of  hacking,,eg,(email hacking,password hacking,websites hacking and windows hacking, etc,,,),The many ways to hack these to use of some software ,batch programms and net tools,,available in the internet,,

And Cracking the is technic which is used to crack any trail software to register version,,,to use of registry editor ,, and resources hacker,ollydebug and many other softwares for  used to cracking and also you can cracked software through online,,,,,,

They do it using combination of one or more skills and methods. These generally include :

using automated tools : many are freewares

write scripts and send them hidden inside an otherwise good payload or header encapulation : this is called obfuscation or malforming packets

sniffing application and session layer information

scanning tools etc

hackers don't crack the security network..

they read and think above the mind of the security expert ..

hacker is the best in the hand of security agencies ( but are difficult to handle as 99.99% are insane nerds)