Are bad guys smarter? If yes then blame the good guys, as most of the good guys are ignorant, expecting everything to be good. As you might be knowing I am working on web technologies and I get many complains of a probable paypal hack (imp accounts in general). Paypal is a very safe site and in most of the cases the hacking happens at user level (User PC), we call it 0 level hacking. Most of us started learning at 0th level before using the complex tool and complex algorithm based hacks.
Different level of paypal hack
- Computer level paypal Hack: Using various keyloggers (where every keyboard press is stored on the computer). I myself had an opportunity to work for such a product. It is advisable not to use your important accounts from public machines like cyber-cafes, where people install such keyloggers. One such famous application is back-orifice. There can be other spywares that can be deadly, so I advice you to use spybot regularly.
- DNS level paypal hack: Every Site is associated with an IP which is resolved using DNS. DNS has various cache levels and some people can manipulate it too. Also check the hosts file of your computer, it may be taking you to a different server. Let me know if more explanation is needed. Some local DNSes can also be used for such hacks.
Interception: A person at proxy reading all your details. HTTPS takes care of it, it encrypted the communication. Also try to read the certificate, this takes care of a lot of issues. If needed I can explain this in detail.
- Server level paypal hacks: This needs higher level of expertise in hacking. All server admins takes care of it. Paypal surely must be spending a lot of time ensuring a secure server. So don’t worry much of it.
- User Ignorance: This is a major issue with Paypal hacking. Let me explain it in detail. This leads to maximum damage, keep reading the comments as well. I will keep adding various watchouts.
User Ignorance can be deadly for paypal hacking
Here is a simple case of paypal hack. Earlier I use to ignore all the mails from paypal but these days, since I have a paypal account, I can’t ignore. This is the most common (and cheap) way of hacking, we call it (zeroth) 0th level hacking. Do not forget to send this to all your friends, who one day might end up a prey to these simple cheap hacking. I got a mail and it said,
Everything is so perfect, I checked the url spelling whether there is some phishing trick there. Sometimes it can be payapal.com or paypaal.com. This time it was perfect but still I wasn’t sure. I mouse over the image and I saw
If I were a little naive with technical concepts I might have ended up entering my paypal username and passwords. The website like exactly like paypal, try http://www.oscormerce.dk/images/www.paypal.com/webscr/update.do=profile/index.html. Enter some fake stuff and you will find that it is asking for more details. Be careful.
Some may say that you should look for the secure lock. That’s good but it doesn’t secure it either as we end up in trouble due to our ignorance. https:// or the secure lock just encrypts the communication between the apache and the browser (also changes the port of communication), stopping one way of hacking known as interception. Enabling https is a plane piece of cake, a 5 min task. Be alert and be safe.
Be careful about Broswer hijacking too for paypal hacking
Some use full links http://video.google.com/videoplay?docid=9076288729387457440. Do not install anything that you are not sure of.
Help you friends by sending this post to all whom you think should know this. Keep reading my blog for other articles on orkut, security, marketing.
How to make your websites secure
Here are some of the new methods that are being used by most of the banks:
- Identifying image with customer id: When you enter your customer id, it shows an image from the server that is uploaded by you. I generally suggest adding your own image. So the time you enter your customer id, you see the image and verify the website. It avoid the DNS level hacks for paypal.
- Using virtual keyboards: Instead of using your computer keyboard now banks are providing virtual keyboards. Now the key loggers will only get a click track but will never get your password. This avoid the keylogger traps.
- The secure locks generally takes care of interception level hacks.
You have questions about paypal hacking
Please ask here and let us answer. We don’t hack into paypal accounts but we help people secure their accounts.