Introduction to Cryptography

What is Cryptography?

Cryptography derives its name from the Greek word “Kryptos,” which means “Hidden Secrets.” Cryptography is the practice and study of hiding information. It’s the Art or Science of converting a plain intelligible data into unintelligible data and again re-transforming that message into its original form. It provides Confidentiality, Integrity, Accuracy.

Encryption
The process of converting plain text into an unintelligible format (cipher text) is called Encryption.

Decryption
The process of converting cipher text into a plain text is called Decryption.

What’s Key?
In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text. The length of the key is a factor in considering how difficult it will be to decrypt the text in a given message.

What is a Block Cipher?
A method of encrypting/decrypting data. Key is used for encryption/decryption. Same size of I/P and O/P

What is Initialization Vector?
An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.
It is a group of hex values.

Types of Cryptography

1. Symmetric Key Cryptography (Secret Key Cryptography)

2. Asymmetric Key Cryptography (Public Key Cryptography)

3. HASH FUNCTION

1. Symmetric Key Cryptography (Secret Key Cryptography)

a). The Same Key is used by both parties

b). Simpler and Faster

2. Asymmetric Key Cryptography (Public Key Cryptography)

a). Two different keys are used  Users get the Key from a Certificate Authority.

b). Authentication in asymmetric cryptography is more secured but the process is relatively more complex as the certificate has to be obtained from the certification authority.

3. HASH FUNCTION

a). Uses mathematical transformation to irreversibly encrypt information.

b). It is a one-way encryption

c). Uses no key for encryption and decryption.

Things to do, When Your Computer Gets Hacked.

As the news of several accountants’ computers being hacked by criminal gangs, the security of your computer on Internet is again under scanner. As the use of Internet is increasing, the chances of your computer getting hacked are also increasing dramatically. There is plenty of file sharing and web surfing that is being done, which makes your computer vulnerable for attack. But this article will help you in deciding what steps to take if your computer gets hacked.
How to Find if Your Computer is Hacked?

It is important to know when your computer has been actually hacked and when it is just behaving weird:

Sometimes it’s just simple and the hacker may leave some note or warning to prove that your computer is actually hacked.
You are not able to access your various mails and social media accounts or at worst you are not able to access your computer.

Steps to Take if Your Computer Gets Hacked:
1. Check the Impact of Damage

After using your computer for some time you would know what type of infection you are facing whether it’s malware, virus, trojan, keylogger (spyware) or anything else. In case a keylogger application is installed, you can use a good antispyware program to remove the infection. However, formatting the hard drive is a better option if the infection is severe. You should try to back-up all the important and confidential files that you may have in your computer before formatting.
2. Damage Control

You should run antivirus programs to determine the extent of damage. Users of Windows OS can run “Malware bytes” which can be found freely and recognizes various harmful applications which antivirus cannot. Sophos Mac antivirus is a free application which can be used by Mac users.
3. Removal

After running several scans you will know what is the extent of damage you are facing. After making the list of viruses and malware that have infected your computer, next thing you need to find is what the impact of damage is. For that you must check the details about those viruses and malware programs to know how they rank in terms of damages they can have in your computer. You must carry out the searches from a neutral device which is not hacked and search for removal tools for those malware programs which have infected your computer. Unfortunately, if after several tries you are not able to clean your computer then the only option left is to re-install your operating system.
4. Offline Hacking

This is true that Internet is the most common way to hack a computer, but it is possible that anybody can hack your system using USB devices. The process of removal of the infection is the same in this case as well. The best precaution you can take to avoid such situations is to password protect your computer OS and BIOS. This makes it difficult for anyone to gain access to your computer.
Conclusion:

The best thing that you can do is to protect your computer by using fully updated antivirus and a good firewall. It is also wise to have a protection tool for windows registry. To protect your files, you can use encryption tools so as to encrypt the data on your hard disk. As there is no 100% foolproof way to prevent hacking it is always better to take precautionary measures.

Beware of Password Hacking Scams and Fake Tutorials

In the era of Internet, emails and social networking have taken a prominent role in almost everyone’s life, especially when it comes to the exchange of information and personal messages. So, hacking the password of an email or social networking account alone can reveal a lot of personal details about the person. Even though hacking is considered illegal, some people are left with no other option. This can be a parent wanting to gain access to the child’s email or someone who need the password of their partner’s social media account.

Well, this post is not about teaching you how to hack! But, it is about making you aware of some of the password hacking scams and fake hacking tutorials that are waiting to exploit those people who are in desperate need of hacking someone’s online password. Here is a list of some of the online scams that you should be aware of and always stay away from:

1. Password Hacking Services:

Many of the scam websites have managed to rank on top of Google for some of the most popular keywords about hacking. As a result, these websites attract a lot of people (who are in need of someone’s password) and promise them to give what they want! As most people do not have any knowledge about hacking, they often believe what is mentioned on these websites is true. Taking this factor as an added advantage, these websites (the so called hacking services) rip off money from the people and never keep up their promise.
Why password hacking services do not work?

The big reason behind why these services never work is that, most of them are owned by those scammers and noob hackers who do not have sound knowledge of how the hacking process actually works. Also, with the level of security adopted by the services like Gmail, Yahoo or Facebook, it is near impossible to to hack their database to obtain the password. Unlike, what is mentioned on most of these websites, it is not possible to use the brute force approach as well. Here is a list of some of the false claims made by most hacking services (in their own words):

We are a group of elite hackers working behind this site capable of cracking any password.
We have found out a certain vulnerability in the Facebook or Gmail servers using which we crack the password.
We use brute force approach to crack the password.
After a long time of research and hard work, we have managed to develop a program that can crack any password with just a click of a button.

If you come across a site making claims as mentioned above, it is a clear sign of a scam service. To identify them more clearly, here is a list of additional signs that you can look for:

Even though some websites claim that their service is free, they demand users to take up an online survey in order to avail the service. In reality, these websites are created to earn money by forcing people to participate in a survey program.
These websites accept payment only through services like Western Union and Money Gram but not via credit card. This is a clear sign of fraud as the money sent through these services cannot be tracked and refund cannot be claimed later.

So, the bottom line is that, if you come across a website that seems too good to be true or show some signs as mentioned above, it is always a better choice to stay away from them.

2. Fake Hacking Tutorials:

This is another type of scam that most teenagers fall victim for, because most teenagers do not have enough money to afford the hacking services and hence go in search of free options and hacking tutorials that can easily get them the password they want. This is where the fake hacking tutorials come into play.

This tutorial is designed cleverly to trick users and make them believe it is true. But, in reality, when someone follows the method prescribed in the tutorial, they lose their own password in attempt to hack someone else’s password. Here is a small example of how this fake tutorial goes:

Here is an easy way to hack any Gmail password. This method was revealed by a professional hacker to me which when tried was successful.

Log in to your Gmail account and compose a new email.
In the subject, type exactly as follows: “password retrieval”.
In the body of the email, type your username followed by your password in the first line.
Leave exactly 3 lines of gap and type in the target username that you want to hack.
Then send this email to: passretrieve2013@gmail.com.

When you do this, the Gmail server gets confused and will send the target password to your inbox within the next few hours.

Now, let us carefully look at how the above trick works. This trick is designed intelligently by a noob hacker and is often posted on many forums and low quality websites. Here, the creator of this tutorial tells a lie to the people that there exists a bug in the Gmail system that can be exploited by using the tutorial. However, by following this trick, innocent victims are sending their own password to the hacker’s email address (passretrieve2013@gmail.com) and thus get trapped.

This is another type of scam that seems too good to be true. Unfortunately, most people would follow this trick and end up handing over their login details to an unknown person. If you’ve ever tried this method, it is a wise option to change your password immediately in order to prevent any further damage.

I hope you like this post. 🙂