Hey let me out of

it, now its turn of

Email IDs to be
hacked !!
 Content
o Working of Email
o What is an Email
o How to send an Email
o Configuring Email Server
o What is Email Server
o How to `install and Configure Email Server
o Sending mail via Configured Server
o Fake Email Sending
o How to send a fake mail
o Sending mail using script
o Sending mail using third party websites
o Mail Bombing
o How to do mail bombing
o Email Forgery

2
o Proving Fake Mail
o Tracing Email Sender’s
o How to trace IP & its Location
o Cracking Email password
o Phishing
o Desktop Phishing
o Hijacking Authenticated Sessions
o Cookies Stealing
o Countermeasures

3
 What is an Email
Electronic mail – often abbreviated as e-mail or email is any
method of creating, transmitting, or storing primarily text-based
human communications with digital communications systems.

E-mail systems are based on a store-and-forward model in which

e-mail server computer systems accept.

4
Forward, deliver and store messages on behalf of users, who only
need to connect to the e-mail Infrastructure, typically an e-mail
server, with a network-enabled device for the duration of message
Submission or retrieval.
Originally, e-mail was always transmitted directly from one user's
device to another's nowadays this is rarely the case.

5
 How Does Email Work
Email works by sending a text message to a file that the intended
viewer can then download and read.

Email is different from most Internet services in that it does not

result in information being sent back to the client computer for
display.

While a (typically) non-displayed confirmation is sent to the client's

computer, the user who sends Email does not receive a response,
except if the recipient sends a response message.

6
Email is sent when a user utilizes an "Email client"
program/computer to compose and send an Email message to
another user. This message has to be properly addressed to the
Email address of the recipient. And example of a proper Email
address is: eric@chernoff.org.

Email addresses have two parts, separated by the @ symbol. These

parts are:

•The "username" that identifies the user on the Email Server. In the
above example it is “James."
•The Domain Name of the Email Server. In the above example, it is
“xyz.org."

7
When Email is sent, the client computer has to resolve the IP
Address of the Domain for the targeted Email, as explained in Part
Three.

This time, however, the client computer also has to find the IP
Address of the Email Server for the Domain. This information is
provided by the Domain's DNS server.

Once the client computer knows the IP Address of the Email Server
for the Domain, it will send the Email message to that Email
Server, using the procedure explained in Part Two.

8
Like the procedure in Part Three, the sending of Email message
must utilize the appropriate protocols for Email.

When the Email Server receives the Email message, it will locate
the file that has been designated for the recipient's Email, and it
will save the message to that file.

9
E-mail (electronic mail) is the exchange of computer-stored
messages by telecommunication. (Some publications spell it email;
we prefer the currently more established spelling of e-mail.) E-mail
messages are usually encoded in ASCII text.

We can also send non-text files, such as graphic images and sound
files, as attachments sent in binary streams. E-mail was one of the
first uses of the Internet and is still the most popular use.

10
Next
 What is Email servers
Email Server Email Sending and Receiving is controlled by the
Email Servers.

An email client or email program allows a user to send and

receive email by communicating with mail servers.

11
Email Servers or any other servers are not special or
extraordinary Computers, they are also the same as we use.
For creating a Email Server, we just need to install a specific
Software so that this Computer can reply requests.

Once the Servers are ready to go, Users from across the World
register in to these Email Servers and Setup Email accounts

12
Some of the free Email Hosting Servers are

Postcast Server

Hmail Server

Free SMTP

Surge mail Server

13
 Working of an Email Server
An email client or email program allows a user to send and receive email
by communicating with mail
servers.

There are many types of email clients with differing features, but they all
handle email messages and mail servers in the same basic way.

When an email message is sent, the email program contacts the author’s
ISP mail server to pass it the
message.

14
The mail server is normally named mail.[isp].com or it might be named
after the Send Mail Transfer Protocol, smtp.[isp].com.

The mail server scans the message’s imbedded headers for addressing
information. These headers are not usually visible in an email client unless
the user configures the program to show the headers, but critical
information is contained here.

The email message is sent along to the address, which might involve being
passed through several routers.

In actuality it is divided into discreet data packets and reassembled on the

receiving end.

15
Routers are computers that receive network data and re-route it through
the shortest possible path.

Assuming nothing goes wrong, the email will reach its destination within
seconds or minutes of being sent.

16
Once the receiving mail server has the mail, it stores it in a virtual
mailbox. The mail will stay here until the addressee uses his or her email
client to check for new mail. When doing so, the email program
contacts the receiving mail server, sometimes called a POP3 mail server
(for Post Office Protocol 3) as in pop3.[isp].com, or simply mail.[isp].com.

When the email program asks the mail server for mail, it
checks for any messages addressed to that user. If found the mail server
transfers the messages to the
client as requested.

Mail servers located on public websites work in the same basic manner
as ISP mail
servers.

17
 How to setup an Email Server
Email Servers can easily be configured using some Free Server Software
like Post Cast Server, H mail Server, Surge Mail, etc.

Email Server Software can be used to convert your Desktop or Laptop into
an Email Sending Machine.

18
 How to setup an Email Server
Postcast Server is a fine - and free - personal outgoing mail server
that allows you to send email from anywhere to anybody fast and
with enhanced privacy and security.

So to setup your own email server, you can install software like
Postcast Server, on your own computer and after making the
necessary configuration; your own computer can be used to send
emails.

19
Post Cast Server

20
 Attacks on Emails
Fake Email Sending : Sending a mail without using user’s
password

Email Bombing : Sending number of Emails in one moment

Creating Fake Pages : Changing the code of any web page

Email Password Cracking : Getting someone’s Password

Hijacking Authenticated Sessions : Session Hijacking

21
 What is a Fake Mail
Fake Email means an Email which has come from an Email ID
which was not sent by the Original Email ID Owner.

Fake Mail or E-mail spoofing is a term used to describe e-mail

activity in which the sender address and other parts of the e-mail
header are altered to appear as though the e-mail originated from a
different source.

22
Sending Fake Mail is a technique commonly used for spam e-
mail and phishing to hide the origin of an e-mail message.

By changing certain properties of the e-mail, such as the From,

Return-Path and Reply-To fields (which can be found in the
message header), ill-intentioned users can make the e-mail
appear to be from someone other than the actual sender. The
result is that, although the e-mail appears to come from the
address indicated in the From field (found in the e-mail headers),
it actually comes
from another source.

23
There are so many ways to send the Fake Emails even without
knowing the password of the Email ID.

The Internet is so vulnerable that you can use anybody's Email

ID to send a threatening Email to any official personnel.

24
 Sending a fake mail by using script
Requirements for sending mail by using our own script.

You have to have your own website where you can do

upload your Script for sending fake mails.

If you don’t have your own website don’t be sad.

You can use some of free web hosting sites to upload your
script,
like: www.my3gb.com
www.phpzilla.net

25

If you do not want to upload your own script.

Don’t be sad again.

There are so many websites available on the Internet

which has already contains these mail sending scripts.

Most of them provide the free service.

You just have to open any free website to send

fake mails.

26
 Free fake mails websites

Fake mails from websites :

mailz.funmaza.co.uk

 www.anonymailer.net

27
 What is the working of the Script
Web languages such as PHP and ASP contain the mail sending
functions which can be used to send Emails by programming
Fake headers i.e. From: To: Subject:

How to use the Script:

28

Using the Fake Mail script is very easy. Just Open a Notepad
File and write down the PHP Code in the file as :

Once you have done that, save this file with any name and
give the extension .php

Your Fake Mail script is ready to use. Just upload this PHP
file on any PHP based web server and enjoy.

29
 Results of Fake mails can be

Email from your Email ID to any Security Agency declaring a
Bomb Blast can make you spend rest of your life behind the iron
bars.

Email from you to your Girl friend or Boy friend can cause Break-
Up and set your friend’s to be in relationship.

Email from your Email ID to your Boss carrying your Resignation

Letter or anything else which you can think of.

There can be so many cases drafted on Fake Emails.

30
 Fake mails sending with the help of open
relay server
Fake Email: Open Relay Server

• An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol)

server configured in such a way that it allows anyone on the
Internet to send Email through it, not just mail destined ‘To’ or
‘Originating’ from known users.

• An Attacker can connect the Open Relay Server via Telnet and
instruct the server to send the Email.

• Open Relay Email Server requires no password to send the

Email.

31
 What is an Open Relay Server
An open mail relay is an SMTP (Simple Mail Transfer Protocol)
server configured in such a way that it allows anyone on the
Internet to send Email through it, not just mail destined to or
originating from known users.
How to Send Email via using open relay
servers
An attacker can connect to the Open Relay Server via Telnet and
instruct the server to send the Email.

It requires no password to send the Email.

32
 Telnet Connection
The first thing to do is to open a connection from your computer to
your mail server.
telnet mail.domain.ext 25

You should receive a reply like:

33
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Send mail ?version-number?;
?date+time+gmtoffset?

You will then need to declare where you are sending the email
from:
HELO local.domain.name – Don’t worry too much about your local
domain name although you really should use your exact fully
qualified domain name as seen by the outside world the mail server
has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:

34

Once You get connected to port 25 just type the following
commands.

HELO : For getting the reply from the server.

MAIL FROM: The ID from which you wants to send the mail.

RCPT TO: The ID of whom you wants to send the fake mail .

RCPT DATA: Content which you want to write.

35
 In Technical terms

250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased

to meet you

Now give the email address from which you want to send the
Email:

MAIL FROM: mail@domain.ext Should yeild:

250 2.1.0 mail@domain.ext Sender ok

Now give the recipients address:

RCPT TO: mail@otherdomain.ext Should yeild:

250 2.1.0 mail@otherdomain.ext Recipient ok

36
To start composing the message issue the command DATA
If you want a subject for your email type Subject:-type subject
here- then press enter twice (these are needed to conform to RFC
882)
You may now proceed to type the body of your message (e.g. hello
mail@otherdomain.ext from mail@domain.ext)

To tell the mail server that you have completed the message enter
a single "." on a line on its own.
The mail server should reply with: 250 2.0.0 ???????? Message
accepted for delivery
You can close the connection by issuing the QUIT command.
The mail server should reply with something like: 221 2.0.0
mail.domain.ext closing connection Connection closed by foreign
host.

37
 Email Bombing

Email Bombing is sending an Email message to a particular

address at a specific victim site. In many instances, the messages
will be large and constructed from meaningless data in an effort to
consume additional system and network resources. Multiple
accounts at the target site may be abused, increasing the denial of
service impact.

38
The process of email bombing or email spamming is same like
sending fake mails by using your own script you just need to
make some changes in the coding of the fake mail script as
given .

39
40
 Proving & Detecting a Fake Email
Every Email carry Header which has information about the
Travelling Path of the Email.

Check the Header and Get the location from the Email was
Sent.

Check
Check if the Email was sent from any other Email Server or
Website.

Headers carry the name of the Website on which the mail

sending script was used.

41
 What is an Email Header
The email header is the information that travels with every email,
containing details about the sender, route and receiver. It is like a
flight ticket: it can tell you who booked it (who sent the email), the
departure information (when the email was sent), the route (from
where it was sent and how did it arrive to you) and arrival details
(who is the receiver and when it was received). As when you would
book a flight ticket with a false identity, the same goes for emails:
the sender can partially fake these details, pretending that the
email was sent from a different account (common practice for
spammers or viruses).

42
 How can you find Email Header
It depends on your email client. Here you can see email client
programs and methods to see the email headers.

Some of the known email providers are as follow:

Rediffmail.com

Gmail.com

Yahoomail.com

Hotmail.com

43
Tracing of an Email

Yahoo Mail Headers

44
Gmail Headers

45
 Detecting a Fake Mail
Starting from the assumption that you want to read an email
header because you want to know who really sent it, let's take an
example (we will ignore the header tags that do not give precise
information about the sender).

The following email was received by admin@gmail.com and we

want to see who the sender is. Here is the email header of the
message:
Understanding the Travelling Path of an email

Let us understand the typical travelling path an email takes

when it is sent from one user to another.

The Sender in this case is using a PC on a LAN, and the

intended recipient is using a Stand-alone PC

46

Email starts from the User’s PC

Email reaches the User’s Mail Server

From the User’s Mail Server the email is forwarded to the ISP.

The ISP then searches the Internet for the Recipient’s Mail Server.

The Recipient Mail Server stores the email, and when the
recipient accesses his/her email account, the email is received on
his/her computer via his/her ISP.

47
So we can see that the email starts from the User’s PC and reaches
the recipient’s PC. But in between it has travelled through many
servers.

48
Each Email message has exactly one Header, which is structured
into fields. Each field has a name and a value. Header of the Email
contains all the valuable information about the path and the
original sender
of the Email.

Header Fields

• From: Email Address where the Email has come from.

• To: Email Address of the destination.
• Subject: Subject of the Email
• Date: The Local Time of the server when the message was sent.
• Bcc: Blind Carbon Copy
• Cc: Carbon copy

49
Content-Type: Information about how the message has to be
displayed, usually a MIME type

• In-Reply-To: Message-ID of the message that this is a reply to.

• Received: Tracking information generated by mail servers that
have previously handled a
message
• References: Message-ID of the message that this is a reply to,
and the message-id of this
message, etc.
• Reply-To: Address that should be used to reply to the sender.

50
 How to Access the Header in different
Email Accounts
Gmail:

Log into your Gmail account

Open the message you'd like to
view headers for.

Click the down arrow next to
Reply, at the top-right of the
message pane.

Press the "Message Source"
button to view the entire message,
headers and all.

Select Show original.

The full headers will appear in a
new window.

51
 Hotmail
First, configure your options

1. On the upper right "Options | Help" links, click on "Options."

2. Click on the "Mail Display Settings" link; find the item

"Message Headers."

3. Choose "Advanced" and click the "OK" button.

4. And the Header will be in front of you.

52
 Checking outgoing server address from
Header

Email headers should be read from the bottom up, for that is the
order in which they pass through the mail system to their
ultimate destination.

Let us take a sample Header as an example. This includes

information about the transfer of the email between the sender
and the receiver:

53
When we analyze the header information, we see the following:

Return-path: the header tells that if you reply to this email

message, the reply will be sent to ydcdd...@yahoo.com. Would
you use such an email address for real?

54
The header also says the email was originally sent from 206.85...
and it was sent to 217.225... (w the name/IP of the first mail
server that got involved into transporting this message). Then
suddenly, the next Received tag says the message was received
from root@localhost, by mailv.fx.ro.

In reality, this is the common case of a spammer sending the

email from 206.85..., through 217.225... and telling 217.225... to
act as the root user of mailv.fx.ro, in order to use the SMTP server
of mailv.fx.ro to send the email.

55
 How to Trace an Fake Mail
Tracing an Email means locating the Original Sender and getting
to know the IP address of the network from which the Email was
actually generated.

56
 Reading Headers

Again taking a sample Email Header & try to find the location
via tracing its IP .

Email headers determine where a
message is sent, and records the
specific path the message follows
as it passes through each mail
server.

To follow the path of a message

chronologically, read from the
bottom of the header, and work
your way up.

57
Here's an example of a message header for an
email sent from
MrJones@emailprovider.com to MrSmith@gmail.com:

58
 In the example, headers are added to the
message three times:
1. When Mr. Jones composes the email
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: Mr. Jones
Subject: Hello
To: Mr. Smith

2. When the email is sent through the servers of Mr. Jones' email
provider, mail.emailprovider.com
Message-ID:
<20050329231145.62086.mail@mail.emailprovider.com>
Received: from [11.11.111.111] by mail.emailprovider.com via
HTTP; Tue, 29 Mar 2005 15:11:45 PST

59
3. When the message transfers from Mr. Jones' email provider to
Mr. Smith's Gmail address
Delivered-To: MrSmith@gmail.com
Received: by 10.36.81.3 with SMTP id e3cs239nzb;Tue, 29 Mar
2005 15:11:47 -0800 (PST)

Return-Path: MrJones@emailprovider.com
Received: from mail.emailprovider.com (mail.emailprovider.com
[111.111.11.111]) by mx.gmail.com with SMTP id
h19si826631rnb; Tue, 29 Mar 2005 15:11:47 -0800 (PST)

60
Below is a description of each section of the
email header:
Delivered-To: MrSmith@gmail.com
The email address the message will be delivered to.x
Received: by 10.36.81.3 with SMTP id e3cs239nzb;
Tue, 29 Mar 2005 15:11:47 -0800 (PST)
The time the message reached Gmail's servers.
Return-Path:
The address from which the message was sent.
Received: from mail.emailprovider.com
(mail.emailprovider.com [111.111.11.111])
by mx.gmail.com with SMTP id
h19si826631rnb.2005.03.29.15.11.46;
Tue, 29 Mar 2005 15:11:47 -0800 (PST)

61
The message was received from mail.emailprovider.com, by a Gmail
server on March 29, 2005 at approximately 3 pm.

Message-ID: 20050329231145.62086.mail@mail.emailprovider.com
A unique number assigned by mail.emailprovider.com to identify the
message.
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP;
Tue, 29 Mar 2005 15:11:45 PST

Mr. Jones used an email composition program to write the message,

and it was then received by the email servers of
mail.emailprovider.com.
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: Mr. Jones
Subject: Hello
To: Mr. Smith

62
 Checking the Sender’s IP Address
You can easily get the IP Address of the sender from the header
and then can locate the sender. As in the above example, we got
the IP Address of the Sender, We can trace the sender now with
the help of “www.ip2location.com”

Now that we have our originating IP address of 111.111.11.111,

let’s find out where that is! You can do this by perform a location
lookup on the IP address. You can use IP2Location and GeoBytes
IP Locator.

GeoBytes gives a big map of the City, along with a bunch of other
information about the location itself.

63
You can also go to the URL www.ip2location.com

IP2Location also gave the same information pretty much,

including the ISP and Find the location of the IP Address.

64
 What is Phishing
Phishing is the act of sending an e-mail to a user falsely claiming
to be an established legitimate enterprise in an attempt to scam
the user into surrendering private information that will be used
for identity theft.

The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and
credit card, social security, and bank account numbers, that the
legitimate organization already has. The Web site, however, is
bogus and set up only to steal the user’s information.

65
 Steps in Phishing

Making a look alike website, as the Original one.

The first step in Phishing is to make a webpage that looks

exactly as the original webpage. This is necessary to make the
user victim of the Phishing attack.

If the fake webpage is not similar to the original webpage, the
user may get to know about the attack, and then may not
become the victim of the attack.

To make the webpage, simply open the original the original
page and then copy the source code of the page. Then paste
the code in a Notepad file and save the file with any name and
extension as .html

66
 Changing the code of the Webpage
Once the webpage, similar to the original webpage, is ready; the
attacker needs to change the code of the page in such a way that
page will work according to the attacker.

The attacker first has to develop a PHP script, which will use the
PHP Mail() function to send the values entered in the Input boxes
on the webpage, to the attacker’s email address.

67
The next step is to change the code of the page so that, when the
user enters the values in the input boxes of the webpage and
clicks on the Login/Sign-In Button, the PHP script is compiled and
the attacker gets all the values on his email account.

By default when the user enters the values on the webpage and
clicks on the Login/Sign-In button, the values are passed to the
Database Server of the particular website, via the Web Server, for
checking the authentication of the user.

68
But once the code of the page is modified, the values are now
sent to the attacker. The attacker can even redirect the user
to the original webpage, after getting the values mailed to his
email account. This will never let the user become suspicious
of the attack.

69
Sending the link of the webpage to several
users to get the Personal Data
Now once the code of the webpage has been modified, the attacker
can upload both the PHP script file and the modified webpage file
onto a website and then distribute the link of the webpage to all
the users, whom they want to attack.

70
Once the user will click on the link, the fake webpage developed
by the attacker will open. The user will believe it to be the original
page, as it shall look similar to the original webpage. And the user
will enter all his/her credentials on the webpage, which will be
then mailed to the attacker, due to the PHP script.

So now the attacker has all the private information about the
user, which can be later miss-used by the attacker.

71
 Working of Phishing
Most people associate phishing with e-mail messages that
spoof, or mimic, banks, credit card companies or other
business like Amazon and eBay. These messages look
authentic and attempt to get victims to reveal their personal
information. But e-mail messages are only one small piece of a
phishing scam.

72
 From beginning to end, the process
involves
1. Planning: Phishers decide which business to target and
determine how to get e-mail addresses for the customers of that
business. They often use the same mass-mailing and address
collection techniques as spammers.

2. Setup: Once they know which business to spoof and who

their victims are, phishers create methods for delivering the
message and collecting the data. Most often, this involves e-mail
addresses and a Web page.

3. Attack: This is the step people are most familiar with -- the
phisher sends a phony message that appears to be from a
reputable source.

73
4. Collection: Phishers record the information victims enter
into Web pages or popup windows.

5. Identity Theft and Fraud: The phishers use the information

they've gathered to make illegal purchases or otherwise commit
fraud.

74
 Ways to do Phishing
Suppose you check your e-mail one day and find a message
from your bank. You've gotten e-mail from them before, but
this one seems suspicious, especially since it threatens to
close your account if you don't reply immediately. What do
you do?

This message and others like it are examples of phishing, a

method of online identity theft. The message provides the
target user with a link to a legitimate site but redirects the
user to a spoofed one. In addition to stealing personal and
financial data, phishers can infect computers with viruses and
convince people to participate unwittingly in money
laundering.

75
 Protection from Phishing
To protect our email account from the Phishing Attack, a user can
use some Anti-Phishing Tools and also the user should be aware
of the ways through which the Phishing page can be distinguished
from the original webpage.
Anti-Phishing Tools
Install a good Anti-Virus and firewall. Some products for you to
consider are:
• AVG Free
• Avast! Anti-Virus

76
 Awareness about Phishing techniques –
Countermeasures

Never follow links in an email claiming to be from your bank.

Ignore these types of emails. Banking institutions never ask you
to verify your online banking username and password, except
perhaps during initial sign-up, though this is not a common
practice. These links may lead to a website that looks like your
bank’s site but is not.

77
Once you find a site impersonating you, there are a number of
techniques you can use to limit damage. Most web servers will
allow you to redirect users to special pages based on the referrer
field sent by the browser. As phishing victims are frequently
directed back to your site after they visited the fake site, you can
use this technique to identify victims, or redirect them to a
warning page. If they are existing customers of yours, you may
be able to identify them based on prior cookies left behind by
your site.

These countermeasures typically need to be prepared ahead of

the phishing scam in order to evaluate the impact on web site
performance. Once prepositioned, these redirects or special logs
can be enabled quickly once a phishing site has been identified.

78
 Organizational and Administrative
Countermeasures

 The company web site should include a link and contact

information to report phishing or other security issues. All
phishing countermeasures should be coordinated by a single
individual.

 Educating your customers about phishing, and showcasing

samples for them to learn how to spot a phishing scam, will
prevent them from becoming victims. If your web site allows
access to critical financial or personal information (e.g. Banks,
Brokerages), you should consider the use of strong
authentication via hardware tokens.

79
 Hijacking Authenticated Sessions
Introduction to Cookies

A cookie, also known as a web cookie, browser cookie, and HTTP
cookie, is a text string stored by a user's web browser. A cookie
consists of one or more name-value pairs containing bits of
information, which may be encrypted for information privacy and
data security purposes.

The cookie is sent as an HTTP header by a web server to a web

browser and then sent back unchanged by the browser each time it
accesses that server. A cookie can be used for authentication,
session tracking (state maintenance), storing site preferences,
shopping cart contents, the identifier for a server based session, or
anything else that can be accomplished through storing textual data.

80
As text, cookies are not executable. Because they are not executed,
they cannot replicate themselves and are not viruses. However, due
to the browser mechanism to set and read cookies, they can be
used as spyware.

If a website uses a Cookie, or a browser contains the cookie, then

every time you visit that website, the browser transfers that cookie
to the website. If a user’s cookie is stolen by an attacker, he/she
can impersonate the user.

81
 Ways to get cookies from a computer

During normal operation cookies are sent back and forth

between a server and the computer of the browsing user. Since
cookies may contain sensitive information (user name, a token
used for authentication, etc.) their values should not be
accessible to other computers.

82
Physically accessing the computer
If more than one browser is used on a computer, each usually has
a separate storage area for cookies. Hence cookies do not identify a
person, but a combination of a user account, a computer, and a
Web browser. Thus, anyone who uses multiple accounts,
computers, or browsers has multiple sets of cookies.

Likewise, cookies do not differentiate between multiple users who

share the same user account, computer, and browser. So if the
attacker gets access to the user’s computer somehow, then the
attacker can access the storage area of the cookies for all the
browsers. Once attacker gets the required cookie, he can
manipulate the information in the cookie, according to his
working.

83
 Remote Attacks
Cookies can be stolen via packet sniffing in an attack called
session hijacking. Traffic on a network can be intercepted and
read by computers on the network other than its sender and its
receiver (particularly on unencrypted public Wi-Fi networks). This
traffic includes cookies sent on ordinary unencrypted http
sessions. Where network traffic is not encrypted, malicious users
can therefore read the communications of other users on the
network, including their cookies, using programs called packet
sniffers.

84
85
 Getting Information from Cookies
If the data present in the cookies is not encrypted, then after
stealing the cookies an attacker can see the information in the
cookie, which may contain the username and the password.

Protection from Cookie Attacks - Deleting Cookies

One of the easiest ways to be secure form Cookie attack is to
delete the cookies from the browser in regular interval of time. Or
disallow the browser to save the Cookie for the future sessions.

The steps to delete the cookies are different for different

browsers:

86
 Google Chrome
1. Click on the “Tools” menu and select “Options”

2. Click the “Under the Bonnet”, locate the “Privacy” section and
click the “Clear browsing data” button.

3. Select “Delete cookies and other site data” to delete all cookies
from the list (alternatively, you can remove all cookies created
within a specific time period by selecting the period you want from
the dropdown list).

87
4. Select "Clear browsing history" to delete traces of which
websites you've visited.

5. Select "Clear download history" to delete records of which files

and programs you've downloaded.

6. Select "Empty the cache" to delete cached website pages.

7. You can also delete saved passwords (which log you into
websites) and saved form data (such as your name and address).

8. Then click on the "Clear browsing data" button.

9. Click on the Close button when you've finished.

88
 Internet Explorer 8
1. Click "Safety" on the Command bar

2. Select "Delete Browsing History“

3. Select the option for cookies and click Delete

4. Alternatively, Internet Explorer 8's new In Private browsing

feature allows users to browse the internet without recording
information from visited sites (including cookies). To use In Private
mode:

5. Click "Safety" on the Command bar

6. Select "In Private Browsing"

89
 Introduction to Key loggers
Key loggers are Stealth Software packages that are placed
between keyboard hardware and the operating system, so that
they can record every keystroke.

Once inside your machine, key loggers may keep a track of every
keystroke you make and save it in a separate file. Once saved,
this file can be emailed to the attacker who planned this illegal
attack.

90
 Types of Key logger
Local Key logger: These Key loggers are intended for interception
and recording in a file of everything that is entered from the
keyboard. The program is able to work in the hidden mode and
to emerge on pressing a combination of keys. An example of
Local Key logger is Home Key logger.

Home Key logger is able to present the recorded data in a neat

way that is easy to read but at the same time fixing exactly every
event that has been done. The only drawback of a Local Key
logger is that the log file is saved at some location in the
Computer itself, on which the key logger has been installed.

91
Remote Key logger: These Key loggers also records all the
keystrokes pressed on the computer on which it is installed. An
example of Remote Key logger is Ardamax Key logger. However,
Remote Key logger has some advanced features as compared to
the Local Key logger. These features include:

Email log delivery : Key logger can send you recorded logs through
e-mail delivery at set times - perfect for remote monitoring!

FTP delivery :Ardamax Key logger can upload recorded logs

through FTP delivery.

Network delivery : Sends recorded logs through via LAN.

92
 Detecting a Keylogger
Keyloggers is difficult to detect and remove. Keyloggers is not
likely to be removed through a convenient "uninstall" feature.
Keyloggers, as well as other spyware, can re-install itself even
after it appears to have been removed.

Keyloggers detection software is also available. Some of this type

of software use "signatures" from a list of all known Keyloggers.

The PC's legitimate users can then periodically run a scan from
this list, and the software looks for the items from the list on the
hard-drive. One drawback of this approach is that it only protects
from Keyloggers on the signature-based list, with the PC
remaining vulnerable to other
Keyloggers.

93
Other detection software doesn't use a signature list, but instead
analyzes the working methods of many
modules in the PC, allowing it to block the work of many different
types of Keyloggers.

The Keyloggers can be detected and removed using other methods

also like:

Using Anti-Virus

Using Process E

94
 Securing an Email Account
The best way to protect from hackers is to use a Strong Password.
A strong password is one which cannot be determined by
automated programs.

A Strong password contains:

• Uppercase letters
• Lowercase letters
• Numbers
• Special characters
Configure a Secure Account

95
• Configure the security questions in Account settings.
• Create Sign-in-Seal.
• Configure alternate email address.
• Never select “Keep me Signed in” or “Remember Me” option
while logging into an account.
• Follow Counter-measures of Phishing

Be
Secured

96