ComputerFlicks

PPTP PPTP stands for Point To Point Tunneling Protocol, which is also termed as P2TP, is a protocol designed by Microsoft to provide secure communication and it is a very common protocol being used from windows 95. It has some drawbacks like it is no more secure at all now. Although, it is easy to use and set up but vulnerable with lots of weaknesses. The major advantage of this protocol is that it is built-in with the Windows operating system. It has almost been obsoleted. It's better to go for an advanced and secure feature. OpenVPN OpenVPN is more secure than PPTP and also provides more flexibility like it can be mount on any port, so it is difficult for a firewall to block it properly. OpenVPN uses open technologies like OpenSSL encryption library and SSLV3 and TLS v1 protocols. It is most popular and can be more secure if it uses AES encryption rather than a Blowfish encryption technique. It is required to install a third-party software before configuring OpenVPN bec

LDAP Injection " LDAP(Lightweight Directory Access Protocol) Injection is a way to exploit in LDAP databases, which fails to sanitize or validate user's input at the client-side. This Injection is similar to SQL Injection but prior exploitation than SQL injection though uses the same method to exploit with databases and with LDAP directory structure. " LDAP which stands for Lightweight Directory Access Protocol is a protocol used to access the directory on a server in web browser applications to search, connect, and modify data on a server. It is based on TCP/IP, and It works on client-server technology. The LDAP injection is designed to exploit in databases and directories where LDAP fails to sanitize input given by the user to authorize themselves on the client-side. LDAP injection works in a similar way with SQL injection but SQL injection has some advanced features than LDAP injection. Both are used to inject queries into databases. LDAP injection can authoriz

Biclique Attack "Biclique attack is a publicly well known single key(symmetric key) attack on AES (Advanced Encryption Standard) cryptanalysis. Biclique attack is a MITM (Men In The Middle) attack variant. And uses biclique (complete Bipartite graph a mathematical concept) technique to increase or extend the number of rounds to decrypt AES encryption." Biclique is a well known attack which uses MITM(Men In The Middle Attack) technique by extending the overall attempt or rounds power to decrypt AES .The interesting thing is, it uses a mathematical concept called Biclique or complete Bipartite graph to extend the number of MITM attacks to break into AES cryptanalysis. Biclique attack breaks full AES encryption by using full attempts and ensure to provide computational complexity of the attack is 2^126.1, 2^189.7 and 2^254.4 for AES128, AES192 and AES256, respectively. Becauses this attack uses MITM as a base it has also used to break encryptions and hash functions . It h

Men In The Middle Attack "Men in the middle is a security attack, which is based on eavesdropping , being used to get sensitive information transmitting between user and server by means of getting access or entry in the middle with the help of relay/proxy to eavesdrop in sensitive information." MITM(Men In The Middle) is a very common attack, which is also termed as Meet In The Middle attack is a kind of eavesdropping attack to listen or gain access on private conversation or data being transferred between user and the server without user and server consent. Men In The Middle Attack is used to breach AES(Advanced Encryption Standard) algorithm used in encryption. Because AES works on Symmetric key encryption , so if an intruder takes place in between or middle he can sniff key to decrypt the data. How Does it work Men In The Middle attack works in a very simple manner, a hacker or an intruder gain access in between a private conversation or data transferring sessio

AES (Advanced Encryption Standard) "AES (Advanced Encryption Standard) is an algorithm used to encrypt data in a more powerful way. It is a highest degree technique for cryptography , which provides more protection than DES algorithm (Data Encryption Standard) technique." AES (Advanced Encryption Standard) is a successor of DES algorithm , which is basically designed to provide more security as compare to DES technique, because DES was limited to 64-bit encryption which is vulnerable from brute force attack . AES also works on symmetric key encryption technique but ensure more security than DES. AES was adopted by many government agencies to encrypt data and conversation, AES became the highest degree encryption standard in the market and it also overcome old DES technique. AES makes possible to encrypt data upto 3 levels 128-bit, 192-bit, 256-bit. where 128-bit takes 10 rounds, 128-bit 12 rounds and 256-bit takes 14 rounds to encrypt and decrypt the data. A round inv

DES (Data Encryption Standard) "when we speak about security, then it must be clear to us that what sort of algorithms are used to achieve such securities. DES (Data Encryption Standard) algorithm is one of them, which is used to achieve a genuine security level. DES also has a successor named AES (Advanced Encryption Standard)". DES(Data Encryption Standard) is an algorithm which is designed to achieve data security so that confidential data can be protected from hackers or unsolicited use. DES works on symmetric key encryption technique which uses same private key to encrypt or decrypt the data, and the private key is well known by both (sender or receiver). By means of this algorithm we can change or encrypt any data into a different or non readable form so that if hackers or intruders steal that data they could not understand it. Non encrypted data usually refer as plain text while the encrypted data is termed as ciphertext. DES was designed by IBM in early 1970 to

what is virtualization? "Virtualization is a technique which uses hypervisor technology to virtualize operating systems, network resources, servers and storage devices in order to save wastage of resources." It is a technique which is used to create virtual environment to utilize resources like CPU, storage, network devices, server utilization etc. This technique uses hypervisor technology. Which enables a user to run two or more operating systems simultaneously. In OS virtualization OS kernel is compromised to create virtual environment. Similarly a server's resources like CPU cycles, storage and RAM space are compromised to create more virtualized servers. So that they can perform as a sub server individually. It saves lots of money and space, just think about it that a client has an organization which may have thousands of server but not all servers are being utilized by the client completely. So he need a big space to keep those servers and resources like a t

What is a Botnet? " Botnet is a network of infected computers, which are being controlled by hackers or intruders in order to spread Ddos(Denial Of Services) attack and spam mails. It infect or make a computer zombie by sending special type of Trojan to a targeted computer. Network of infected computers called 'Zombie Army'". Botnet is a term, which is created by two words 'Robot' and 'Network'. It is basically a huge network of zombie computers(a computer which has been infected called zombie), which is created or raised by hackers to achieve cyber crimes. These botnet network is used in order to distribute a severe Ddos attack and to send multiple Spam mails to millions of users. The worst thing about Botnet is that the infected machine or computer user remain unaware all the time about its machine infection. Network of infected computers also called 'zombie army'. Hackers also sell these zombie army to other hackers or cyber crimin

What is Cloud Computing? "Cloud Computing is a technology used to share computer or server resources like CPU cycles, free memory storage, CPU idle time and other network resources. Cloud Computing enables you to use services provided by a vendor, to ignore having personal resources and its maintenance. Which helps to save money and resource wastage up to a lot of extent." Cloud Computing is a technology which is being developed just to save computer or server resources and to utilize a computer or server component and devices fully, in order to stop wastage of CPU cycles and idle time, full memory usage and all devices connected in a network in a complete manner. Cloud Computing also saves client's money because a client or user no need to buy or maintain their own resources, and space, people to maintain those resources like servers and network devices. Cloud Computing provides or includes three services which are described below, SaaS (Software As A Service

what are PAP and CHAP? "PAP stands for Password Authentication Protocol, whereas CHAP stands for Challenge Handshake Authentication Protocol. Both are Protocol suits used to authenticate a person over an Internet channel or network." PAP PAP stands for Password Authentication Protocol, a protocol used in authentication of username and password over a network. It is a networking protocol that authenticates a user’s credentials and maintains a table where all credentials stored in an encrypted format, this table is used to match credentials entered by the user. The main disadvantage of this protocol is, it doesn’t transmit data in an encrypted format over the Internet. Therefore, it can be breached by hackers or intruders. Credentials are transmitted in plain text because it uses HTTP protocol to transmit data. The solution is CHAP. CHAP CHAP stands for Challenge Handshake Authentication Protocol, a successor or an alternate of PAP, it also does the same authenticatio

what is Code Injection? "Code Injection is an exploitation of a computer bug, which usually caused by processing invalid data. It is a kind of attack used by hackers to exploit mainly in databases and software applications." Code Injection as the name implies is a sort of online attack used by hackers or intruders to exploit mainly in databases and applications. This attack takes place while computer generates a bug on processing invalid data, which deviates from code standardization. There are several types of code injection attacks which are used by hackers to exploit. SQL Injection Shell injection Script injection (Cross Site Scripting) Dynamic evaluation attack how does it work? Code Injection basically done through web pages, or web forms. For instance, login page is used to send and exploit with databases on to the servers. Malicious code is sent by the hacker or intruder to inject it into data base which generates an error and display an error messa

what is HTTPS? HTTPS stands for Hyper Text Transfer Protocol Secure, is a way to encrypt a channel over Internet to provide secure and encrypted communication, while sharing and accessing some personal information, like assessing a bank, social media page or providing your credit card, CVV in online shopping and transactions. HTTPS can be identified by a green padlock symbol in a browser’s URL bar. HTTPS means you can trust an organization because it has SSL certificate. HTTPS is a successor protocol of HTTP which stands for Hyper Text Transfer Protocol, whereas HTTPS stands for Hyper Text Transfer Protocol Secure. HTTPS ensure user’s security by providing an isolated and encrypted channel for data or information transfer. HTTPS uses SSL and TLS encryption methods to encrypt data which uses asymmetric key encryption technique. In HTTP data is send with URL in plain text, which can be read or break by a hacker easily, whereas HTTPS encrypt data so that if a hacker break it he

What is Drown Attack? Drown is a serious and vulnerable attack which targets HTTPS and affects TLS and SSL (protocols used in encryption of data) which are based on HTTPS, so that no third party can read your data, across the Internet while communicating with server to authenticate your identity or to send messages, files and emails to a particular server. To breach that encryption or secure channel, drown attack is used. Drown is a vulnerable attack which is designed to target HTTPS protocol suite system like SSL and TLS , these protocols are used for encryption purpose while communicating over Internet, these protocols provides a secure channel to communicate with server . When a user communicates with server and enters its sensitive information like Credit card number, CVV, Pins and other data like emails, instant messages, all of these are encrypted over a channel to provide customer security, so that no third party or intruder can breach the security to gain access on it or