Google account Password Alert for Security: Against Phishing

google_chrome_password_alert

Google launched the new security feature for their users to improve the security of the Google services. Now a days Phishing becomes the biggest threat to the Internet and everyday millions of spam mails sent out by the criminals to get some credentials from the users. Phishing pages are looks like the normal pages but they are designed to steal the Password of users and you may not know even after your account has been compromised.

Phishing attack and Security –

Suppose Attackers make the Phishing page exactly same as the normal Google Login page and redirect you to that page and you type username-password to login and it steals your credentials and send it out to the attackers. Phishing is the widely used technique for getting control of someone’s account very easily. Google launched the new Google Chrome Extension, is the password alert free and open source tool that protects your Google and Google Apps for work accounts. It’ll show you warning if you are typing username and passwords on fake page, which protect your Google account from phishing attack. – Google Chrome Password Alert

How Google Account Password Alert Works ? –

Once you have installed and initialized the Powerful Google Chrome Password Alert Extension to your Google Chrome browser, chrome will remember the scrambled version of the password for security purpose only and doesn’t share with anyone. If you Type the password into site which is not the Google sign in page, Password alert will prompt you alert message as following that, you are at risk of being phished. So you have to immediately update your password to keep your account secure.

google_chrome_password_alert
credit: googleblog

Google chrome password alert is also available to Google for work customers including Google apps and drive for work. Domain admin can install the feature for the everyone in the group. It helps to protect the employee account in the organization. Google also offers the security tools like 2 steps verification and security key to stay safe and secure online. Google Password Alert for chrome is tested well before launch and users really appreciated the security feature (Against Phishing) launched by the Google.

Microsoft to launch Email security for Office 365

office_365

Microsoft giant implementing one more layer of security for the Office 365 users. Its the threat protection mechanism available to the commercial office 365 email users. Microsoft promises the Added security to the Office 365 users against the Malicious software and attacks. Email are analyzed before they are sent of received.

Microsoft Office 265 email security checks for the Malware that could be embedded with the Message. Microsoft offers the increased email security at affordable rate of $2 per month. It will available to single user as well as for the multiple group of system. It also has the advanced tracking feature for the organization.
office_365
As per the reports Microsoft currently testing and implementing the security feature and as it will be done completely, it’ll be available to the public. Interesting news is that it will be available to the multiple group of users or organization at the affordable monthly charges. Microsoft Corporation launched this email security feature when company announced a decline in malware attacks for its Android OS users. If reports are to be believed, Microsoft clearly identifies the malware risks that users are exposed to.

By activating this feature users need not to worry  about the Security of Email. Malicious and Threaten Email which are intended for stealing something or damage the system get trapped by the Email security feature of Office 365. Hope this Extra layer of the Office 365 users helps the Organization keep secured and makes the threat free conversations.

How to Install and Configure OpenVAS: Setup guide

openvas_va

OpenVAS stands for Open Vulnerability Assessment System. It is the collection of several tools and services which offers vulnerability scanning and management solution. OpenVAS is free and it is licensed under GPL (GNU General Public License).

Lets start with the step by step guide on installing and configuring the OpenVAS in linux machine. Here we prefer backtrack to configure the OpenVAS.
openvas_va
Open the Terminal and install openvas by typing the bellow command.
apt-get install openvas

After install perform the registry update with the bellow mentioned command.
apt-get update

After installing OpenVAS you’ll find it installed at the Application menu on top.
The Exact location is the Application – Backtrack – VA – VS – OpenVAS

After that click on openvas Check Setup. It will check for problems with installation and provides effective solutions for it.

add user and set rule if required. also set the password for user.

Now click on  OpenVAS NVT Sync to synchronize an NVT collection with OpenVAS NVT feed. It’ll download latest plugins from NVT. Now start OpenVAS Scanner and it’ll loads the required plugins.

Now open the OpenVAS Mkcert to create the SSL certificate.

Type the bellow command to setup the manager

openvas-mkcert-client -n ovmgr -i

type openvasmd –rebuild to changes to be effective.

To create OpenVAS admin start OpenVAS Administrator and type the bellow mentioned command

openvasad -c ‘add_user’ -n openvasadmin -r Admin

For Setting openvas manager port and address type the bellow mentioned command

openvasmd -p 9390 -a 127.0.0.1

Set the Openvas Administrator address and port as bellow

openvasad -p 9393 -a 127.0.0.1

Now to configure and start the greenbone security demon type the command
gsad –http-only –listen=127.0.0.1 -p 9392

Now you are done and you can access the Greenbone Security Assistant from the browser by typing the url http://127.0.0.1:9392 and give your username and password.

Thanks for reading. Comment below to state your views.

Steal Data from computer to mobile via USB: For Security Awareness only

USB Cleaver Payload

This article helps you to protect your private data on the computer. This article is for the Security awareness and not for the threaten activities. Malicious activities now a days going rapidly and people loves to do it for fun or some benefits. So it is important to achieve more security for your computer. Consider you are doing all your important work by saving all your passwords on browser such that it becomes easier and no need to retype username and passwords again. Now your friend come to you and say to connect their mobile to your computer to getting some stuff from computer or to charge the mobile. Now you are totally unknown what resided in their mobile.

It is important to check their mobile before allowing them to connect because mobile might have the applications which dumps your computer information. So your friend is not interested in charging the mobile or transferring the data but he is interested in your private confidential data like passwords, Ip and network information which can be easily dumped into their phone.

Lets come to the point. USB Cleaver is the such an mobile software application which allows you to dump passwords and system information from your computer to mobile. It dumps Browser Passwords and Network information like IP address, Gateway, DHCP, NetBIOS state and much more for all Ethernet and wireless network connections.

Download the mobile software USB CLEAVER. Install on your mobile. Connect your mobile to computer.
USB Cleaver Payload
1. Download the Payload file first.
2. Go to the Enable/Disable Payloads
3. Select your payloads to dump and finally Generate the Payloads.
4. Mount mobile with computer and inside sdcard root, you will find go.bat (batch file), Run it.
5. Go to the USB cleaver directory inside SD Card. Here you will find generated log file which you have dumped from the computer by generating payload.

This is how smart peoples steals the data from your computer. So if you are working on your computer then it is important to never allows your browsers to Remember password as it ask you every time with pop-up to “Remember password for this site”. Say Never for this site. It is important to check the third party phone before allowing them to connect to your computer, otherwise it becomes dangerous for you.

Thanks for your kind attention. State your views by commenting and Stay Secured!

Send Anonymous Email free by hiding your Identity

Silent+sender+message

When you send Email Normally with any of the email service provider then at the receiver side it reveals your identity by your Email Address and shows you with From, to, mailed-by, signed-by etc. Now if you don’t want to track by your friend and if you want to send some secret message to your friend and want to surprise him then it is important to hide your identity such that receiver not able to get your email address at inbox.

To hide identity several free web services allows you to send email without your email address and Silent Sender is one of it. Let it allows you to send email anonymously to the intended recipient and the receiver never come to know about the sender and that is why it’s called Silent or anonymous sender.

Head to SilentSender and inside send message column mention the recipient’s email address to which you want to send. and type the Secret message of max. 160 characters and send it. After sending, you’ll get the Message number. Note it down to check your message status. You can check your message status in Check status column. Receiver gets the message with the number and they are guided to move on Silent sender to get the secret message through their number. Inside the get message recipient put their number to reveals the secret.

Silent+sender+message

Send Anonymous Message: Enter Recipient Email and Message in ‘Send message column’
Check your message status: After sending the mail, one number will be displayed to you, note it down and put it on Check status column to know status of message.
Get message: Recipient put their message number from inbox to silent sender ‘Get message’ column to get the private message.
Once message opened and read by the intended user, message removed from the server of the Silent sender. When you go to check again for the secret message with message number it won’t allows you because its been destructed by server once it red by the user.

Use silent sender and state your views below.

You can also send Message that Automatically get Destruct: Send Auto destruct message Android to achieve security.

Thanks and mention your views by comment.