A packet sniffer is a device or program that allows eavesdropping on traffic traveling between networked computers. The packet sniffer will capture data that is addressed to other machines, saving it for later analysis.
All information that travels across a network is sent in "packets." For example, when an email is sent from one computer to another, it is first broken up into smaller segments. Each segment has the destination address attached, the source address, and other information such as the number of packets and reassembly order. Once they arrive at the destination, the packet's headers and footers are stripped away, and the packets reconstituted.
In the example of the simplest network where computers share an Ethernet wire, all packets that travel between the various computers are "seen" by every computer on the network. A hub broadcasts every packet to every machine or node on the network, then a filter in each computer discards packets not addressed to it. A packet sniffer disables this filter to capture and analyze some or all packets traveling through the ethernet wire, depending on the sniffer's configuration. This is referred to as "promiscuous mode." Hence, if Ms. Wise on Computer A sends an email to Mr. Geek on Computer B, a packet sniffer set up on Computer D could passively capture their communication packets without either Ms. Wise or Mr. Geek knowing. This type of packet sniffer is very hard to detect because it generates no traffic of its own.
A slightly safer environment is a switched Ethernet network. Rather than a central hub that broadcasts all traffic on the network to all machines, the switch acts like a central switchboard. It receives packets directly from the originating computer, and sends them directly to the machine to which they are addressed. In this scenario, if Computer A sends an email to Computer B, and Computer D is in promiscuous mode, it still won't see the packets. Therefore, some people mistakenly assume a packet sniffer cannot be used on a switched network.
But there are ways to hack the switch protocol. A procedure called ARP poisoning basically fools the switch to substituting the machine with the packet sniffer for the destination machine. After capturing the data, the packets can be sent to the real destination. The other technique is to flood the switch with MAC (network) addresses so that the switch defaults into "failopen" mode. In this mode it starts behaving like a hub, transmitting all packets to all machines to make sure traffic gets through. Both ARP poisoning and MAC flooding generate traffic signatures that can be detected by packet sniffer detection programs.
A packet sniffer can also be used on the Internet to capture data traveling between computers. Internet packets often have very long distances to travel, passing through several routers that act like intermediate post offices. A packet sniffer might be installed at any point along the way. It could also be clandestinely installed on a server that acts as a gateway or collects vital personal information.
A packet sniffer is not just a hacker's tool. It can be used for network troubleshooting and other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive personal information that can lead to invasion of privacy, identity theft, and other serious eventualities.
The best defense against a packet sniffer is a good offense: encryption. When strong encryption is used, all packets are unreadable to any but the destination address, making packet sniffers useless. They can still capture packets, but the contents will be undecipherable. This illustrates why it is so important to use secure sites to send and receive personal information, such as name, address, passwords, and certainly any credit card information or other sensitive data. A website that uses encryption starts with https. Email can be made secure by encrypting with a program like PGP (Pretty Good Privacy), which comes with seamless plug-ins for all major email programs.
Tuesday, June 27, 2006
What is SSL (Secure Sockets Layer)?
SSL or Secure Sockets Layer is a security protocol created by Netscape that has become an international standard on the Internet for exchanging sensitive information between a website and the computer communicating with it, referred to as the client.
SSL technology is embedded in all popular browsers and engages automatically when the user connects to a web server that is SSL-enabled. It's easy to tell when a server is using SSL security because the address in the URL window of your browser will start with https. The "s" indicates a secure connection.
When your browser connects to an SSL server, it automatically asks the server for a digital Certificate of Authority (CA). This digital certificate positively authenticates the server's identity to ensure you will not be sending sensitive data to a hacker or imposter site. The browser also makes sure the domain name matches the name on the CA, and that the CA has been generated by a trusted authority and bears a valid digital signature. If all goes well you will not even be aware this handshake has taken place.
However, if there is a glitch with the CA, even if it is simply out of date, your browser will pop up a window to inform you of the exact problem it encountered, allowing you to end the session or continue at your own risk.
Once the handshake is completed, your browser will automatically encrypt all information that you send to the site, before it leaves your computer. Encrypted information is unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to you, that information is also encrypted at the server's end before being sent. Your browser will decrypt it for you automatically upon arrival, then display it as it normally does.
For those running a secure server it is also possible to authenticate the client connecting to the server to ensure, for example, that the person is not pretending to be someone who has been granted restricted access. Another feature of SSL technology is the ability to authenticate data so that an interceder cannot substitute another transmission for the actual transmission without being detected.
Though SSL makes exchanging sensitive information online secure, it cannot guarantee that the information will continue to be kept secure once it arrives safely at the server. For assurance that sensitive information is handled properly once it has been received, you must read the site's privacy policy. It does little good to trust your personal data to SSL, if the people who ultimately have it will be sharing it with third parties, or keeping it on servers that are not bound by restricted access and other security protocols. Therefore it is always wise to read any site's privacy policy, which includes security measures, before volunteering your personal information online.
SSL technology is embedded in all popular browsers and engages automatically when the user connects to a web server that is SSL-enabled. It's easy to tell when a server is using SSL security because the address in the URL window of your browser will start with https. The "s" indicates a secure connection.
When your browser connects to an SSL server, it automatically asks the server for a digital Certificate of Authority (CA). This digital certificate positively authenticates the server's identity to ensure you will not be sending sensitive data to a hacker or imposter site. The browser also makes sure the domain name matches the name on the CA, and that the CA has been generated by a trusted authority and bears a valid digital signature. If all goes well you will not even be aware this handshake has taken place.
However, if there is a glitch with the CA, even if it is simply out of date, your browser will pop up a window to inform you of the exact problem it encountered, allowing you to end the session or continue at your own risk.
Once the handshake is completed, your browser will automatically encrypt all information that you send to the site, before it leaves your computer. Encrypted information is unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to you, that information is also encrypted at the server's end before being sent. Your browser will decrypt it for you automatically upon arrival, then display it as it normally does.
For those running a secure server it is also possible to authenticate the client connecting to the server to ensure, for example, that the person is not pretending to be someone who has been granted restricted access. Another feature of SSL technology is the ability to authenticate data so that an interceder cannot substitute another transmission for the actual transmission without being detected.
Though SSL makes exchanging sensitive information online secure, it cannot guarantee that the information will continue to be kept secure once it arrives safely at the server. For assurance that sensitive information is handled properly once it has been received, you must read the site's privacy policy. It does little good to trust your personal data to SSL, if the people who ultimately have it will be sharing it with third parties, or keeping it on servers that are not bound by restricted access and other security protocols. Therefore it is always wise to read any site's privacy policy, which includes security measures, before volunteering your personal information online.
What are Computer Cookies?
A computer cookie is a small text file which contains a unique ID tag, placed on your computer by a website. The website saves a complimentary file with a matching ID tag. In this file various information can be stored, from pages visited on the site, to information voluntarily given to the site. When you revisit the site days or weeks later, the site can recognize you by matching the cookie on your computer with the counterpart in its database.
There are two types of cookies: temporary and permanent.
Temporary cookies, also called session cookies, are stored temporarily in your browser's memory and are deleted as soon as you end the session by closing the browser.
Permanent cookies, also called persistent cookies, are stored permanently on your computer's hard drive and, if deleted, will be recreated the next time you visit the sites that placed them there.
Cookie technology addressed the need to keep track of information entered at a site so that if you submitted a registration form for example, the site could associate that information with you as you traveled through the site's pages. Otherwise, every time you clicked on a different page in the site, establishing a new connection, the site would lose the information in reference to you, and would have to ask you for it again.
A temporary cookie solved this problem in the short term by setting aside a little bit of your browser's memory to make a "folder" to save information for you. But temporary cookies were lost as soon as you closed your browser. You were not recognized on subsequent visits.
Persistent cookies solved this problem. They allowed a site to recognize you permanently by transferring a text file to your computer with a unique ID tag, matching a complimentary file on the server. Now cookies could persist for years.
Both temporary and permanent cookies can be used for many helpful purposes. Automatic registration log-on, preserving website preferences, and saving items to a shopping cart are all examples of cookies put to good use.
But permanent cookies resulted in unanticipated uses as well.
Many websites began keeping track of when an individual visited, what pages were viewed, and how long the visitor stayed. This information was stored in the visitor's cookie. When he returned, the log of previous visits to the site was immediately known, and the new visit was added to his log. If the visitor ever offered personal information at the site, his real identity, address and other personal information was associated with the anonymous ID tag. Website profiling was born.
Marketers had an even more unique advantage. A given marketer may have advertising rights on several hundred or even many thousands of the most popular websites. In this way the marketer can pass cookies to surfers on countless sites, then recognize a surfer's unique ID tag whenever he or she visits one of their affiliated sites. In this way the marketer can track someone across the web, from site to site, logging a comprehensive profile of the individual's surfing habits over a period of months and even years. Sophisticated profiling programs then sort the data provided by the cookie to categorize the target in several different areas, based on statistical data. Gender, race, income level, political leanings, religious affiliation and even sexual orientation can all be determined with various degrees of accuracy through cookie profiling. Much depends on how much a person surfs, and where they choose to go online.
As a result of public outcry in response to surreptitious profiling, cookie controls were placed in post 3.x browsers to allow users to turn cookies off -- options that were not available in 1995 when permanent cookie technology was first embedded into browsers without public awareness or knowledge of how they could be used. Third-party cookies often have their own controls, as they are normally cookies placed by marketers that are used for profiling.
Cookie controls also allow user-created lists for exceptions, so that one can turn cookies off, for example, but exempt sites where cookies are put to a useful purpose.
The name "cookie" comes from fortune cookie, because of the hidden information inside.
There are two types of cookies: temporary and permanent.
Temporary cookies, also called session cookies, are stored temporarily in your browser's memory and are deleted as soon as you end the session by closing the browser.
Permanent cookies, also called persistent cookies, are stored permanently on your computer's hard drive and, if deleted, will be recreated the next time you visit the sites that placed them there.
Cookie technology addressed the need to keep track of information entered at a site so that if you submitted a registration form for example, the site could associate that information with you as you traveled through the site's pages. Otherwise, every time you clicked on a different page in the site, establishing a new connection, the site would lose the information in reference to you, and would have to ask you for it again.
A temporary cookie solved this problem in the short term by setting aside a little bit of your browser's memory to make a "folder" to save information for you. But temporary cookies were lost as soon as you closed your browser. You were not recognized on subsequent visits.
Persistent cookies solved this problem. They allowed a site to recognize you permanently by transferring a text file to your computer with a unique ID tag, matching a complimentary file on the server. Now cookies could persist for years.
Both temporary and permanent cookies can be used for many helpful purposes. Automatic registration log-on, preserving website preferences, and saving items to a shopping cart are all examples of cookies put to good use.
But permanent cookies resulted in unanticipated uses as well.
Many websites began keeping track of when an individual visited, what pages were viewed, and how long the visitor stayed. This information was stored in the visitor's cookie. When he returned, the log of previous visits to the site was immediately known, and the new visit was added to his log. If the visitor ever offered personal information at the site, his real identity, address and other personal information was associated with the anonymous ID tag. Website profiling was born.
Marketers had an even more unique advantage. A given marketer may have advertising rights on several hundred or even many thousands of the most popular websites. In this way the marketer can pass cookies to surfers on countless sites, then recognize a surfer's unique ID tag whenever he or she visits one of their affiliated sites. In this way the marketer can track someone across the web, from site to site, logging a comprehensive profile of the individual's surfing habits over a period of months and even years. Sophisticated profiling programs then sort the data provided by the cookie to categorize the target in several different areas, based on statistical data. Gender, race, income level, political leanings, religious affiliation and even sexual orientation can all be determined with various degrees of accuracy through cookie profiling. Much depends on how much a person surfs, and where they choose to go online.
As a result of public outcry in response to surreptitious profiling, cookie controls were placed in post 3.x browsers to allow users to turn cookies off -- options that were not available in 1995 when permanent cookie technology was first embedded into browsers without public awareness or knowledge of how they could be used. Third-party cookies often have their own controls, as they are normally cookies placed by marketers that are used for profiling.
Cookie controls also allow user-created lists for exceptions, so that one can turn cookies off, for example, but exempt sites where cookies are put to a useful purpose.
The name "cookie" comes from fortune cookie, because of the hidden information inside.
What is RSS (Really Simple Syndication)?
RSS or Really Simple Syndication is a useful tool for keeping updated on your favorite websites. RSS makes use of an XML code that constantly scans the content of a website for updates and then broadcasts those updates to all subscribers through a feed.
RSS feeds are typically used with news sites or blogs, although any website can use them to disseminate information. When an update is sent out, it includes a headline and a small amount of text, either a summary or the lead-in to the larger story. You will need to click a link to read more.
In order to receive RSS feeds, you must have an aggregator, a feed reader. There are a number of aggregators online, many of them free, so with a little bit of searching, you should be able to find an interface that appeals to you. In addition to being available on your computer, RSS feeds can also be read on PDAs and cell phones.
When you come across a website you would like to add to your aggregator, you can do so in one of two ways. Most sites that offer an RSS feed have an "RSS" or "XML" button on their homepage that you can click on and it will instantly add that feed to your aggregator. Depending on your aggregator, you may instead need to copy and paste the URL of the feed into the program.
By either method, the feed will be available as soon as you've added it, and your next update could arrive in seconds. If you ever decide that you don't want to receive updates anymore, you simply delete the feed or URL from your aggregator.
Perhaps you already receive information on website updates through some sort of e-mail newsletter. RSS feeds are preferable to newsletter updates because they are instantaneous; you don't have to wait until a designated day of the week to receive your summary. They will also never be held up by a spam filter.
RSS feeds are used daily by the people who realize the convenience of up-to-the-minute news and reports and the time they can save reading only those updates interested for them rather digging into older stuff again and again, and they look to become even more popular in the future.
RSS feeds are typically used with news sites or blogs, although any website can use them to disseminate information. When an update is sent out, it includes a headline and a small amount of text, either a summary or the lead-in to the larger story. You will need to click a link to read more.
In order to receive RSS feeds, you must have an aggregator, a feed reader. There are a number of aggregators online, many of them free, so with a little bit of searching, you should be able to find an interface that appeals to you. In addition to being available on your computer, RSS feeds can also be read on PDAs and cell phones.
When you come across a website you would like to add to your aggregator, you can do so in one of two ways. Most sites that offer an RSS feed have an "RSS" or "XML" button on their homepage that you can click on and it will instantly add that feed to your aggregator. Depending on your aggregator, you may instead need to copy and paste the URL of the feed into the program.
By either method, the feed will be available as soon as you've added it, and your next update could arrive in seconds. If you ever decide that you don't want to receive updates anymore, you simply delete the feed or URL from your aggregator.
Perhaps you already receive information on website updates through some sort of e-mail newsletter. RSS feeds are preferable to newsletter updates because they are instantaneous; you don't have to wait until a designated day of the week to receive your summary. They will also never be held up by a spam filter.
RSS feeds are used daily by the people who realize the convenience of up-to-the-minute news and reports and the time they can save reading only those updates interested for them rather digging into older stuff again and again, and they look to become even more popular in the future.
101 Simple ways to Brighten Some Ones Day
- Call an old friend, just to say hi.
- Hold a door open for a stranger.
- Invite someone to lunch.
- Compliment someone on his or her appearance.
- Ask a coworker for their opinion on a project.
- Bring cookies to work.
- Let someone cut in during rush hour traffic.
- Leave a waitress or waiter a big tip.
- Tell a cashier to have a nice day.
- Call your parents.
- Let someone know you miss them.
- Treat someone to a movie.
- Let a person know you really appreciate them.
- Visit a retirement center.
- Take a child to the zoo.
- Fill up your spouse's car with gas.
- Surprise someone with a small gift.
- Leave a thank-you note for the cleaning staff at work.
- Write a letter to a distant relative.
- Tell someone you thought about them the other day.
- Put a dime in a stranger's parking meter before the time expires.
- Bake a cake for a neighbor.
- Send someone flowers to where they work.
- Invite a friend to tea.
- Recommend a good book to someone.
- Donate clothing to a charity.
- Offer an elderly person a ride to where they need to go.
- Bag your own groceries at the checkout counter.
- Give blood.
- Offer free baby-sitting to a friend who's really busy or just needs a break.
- Help your neighbor rake leaves or shovel snow.
- Offer your seat to someone when there aren't any left.
- Help someone with a heavy load.
- Ask to see a store's manager and comment on the great service.
- Give your place in line at the grocery store to someone who has only a few items.
- Hug someone in your family for no reason.
- Wave to a child in the car next to you.
- Send a thank-you note to your doctor.
- Repeat something nice you heard about someone else.
- Leave a joke on someone's answering machine.
- Be a mentor or coach to someone.
- Forgive a loan.
- Fill up the copier machine with paper after you're done using it.
- Tell someone you believe in them.
- Share your umbrella on a rainy day.
- Welcome new neighbors with flowers or a plant.
- Offer to watch a friend's home while they're away.
- Ask someone if they need you to pick up anything while you're out shopping.
- Ask a child to play a board game, and let them win.
- Ask an elderly person to tell you about the good old days.
- During bad weather, plan an indoor picnic with the family.
- Buy someone a goldfish and bowl.
- Compliment someone on their cooking and politely ask for a second helping.
- Dance with someone who hasn't been asked.
- Tell someone you mentioned them in your prayers.
- Give children's clothes to another family when your kids outgrow them.
- Deliver extra vegetables from your garden to the whole neighborhood.
- Call your spouse just to say, I love you.
- Call someone's attention to a rainbow or beautiful sunset.
- Invite someone to go bowling.
- Figure out someone's half-birthday by adding 182 days, and surprise them with a cake.
- Ask someone about their children.
- Tell someone which quality you like most about them.
- Brush the snow off of the car next to yours.
- Return your shopping cart to the front of the store.
- Encourage someone's dream, no matter how big or small it is.
- Pay for a stranger's cup of coffee without them knowing it.
- Leave a love letter where your partner will find it.
- Ask an older person for their advice.
- Offer to take care of someone's pet while they're away.
- Tell a child you're proud of them.
- Visit a sick person, or send them a care package.
- Join a Big Brother or Sister program.
- Leave a piece of candy on a coworker's desk.
- Bring your child to work with you for the afternoon.
- Give someone a recording of their favorite music.
- Email a friend some information about a topic they are especially interested in.
- Give someone a homemade gift.
- Write a poem for someone.
- Bake some cookies for your local fire or police department.
- Organize a neighborhood cleanup and have a barbecue afterwards.
- Help a child build a birdhouse or similar project.
- Check in on an old person, just to see if they're okay.
- Ask for the recipe after you eat over at someone's house.
- Personally welcome a new employee at work and offer to take them out for lunch.
- While in a car, ask everyone to buckle up because they are important to you.
- Let someone else eat the last slice of cake or pizza.
- Stop and buy a drink from a kid's lemonade stand.
- Forgive someone when they apologize.
- Wave to someone looking for a parking space when you're about to leave a shopping center.
- Send a copy of an old photograph to a childhood friend.
- Leave a pint of your spouse's favorite flavor of ice cream in the freezer with a bow on it.
- Do a household chore that is usually done by someone else in the family.
- Be especially happy for someone when they tell you their good news.
- Compliment a coworker on their role in a successful project.
- Give your spouse a spontaneous back rub at the end of the day.
- Serve someone in your family breakfast in bed.
- Ask someone if they've lost weight.
- Make a donation to a charity in someone's honor.
- Take a child to a ballgame.And last, but not least...
- WITH LOVE...ammar
Friday, June 23, 2006
Restarted Blogging
mmmm..........restared to blogging on blogspot! coz of busy schedule i was unable to blog too! :0
Subscribe to:
Posts (Atom)