Browser Security

Dictionary Attack

Hacked how, my password is mycutepuppy …

Jungle ComputerA dictionary attack is a technique or method used to breach the computer security of a password-protected machine or server. A dictionary attack attempts to defeat an authentication mechanism by systematically entering each word in a dictionary as a password or trying to determine the decryption key of an encrypted message or document.

Dictionary attacks are often successful because many users and businesses use ordinary words as passwords. These ordinary words are easily found in a dictionary, such as an English dictionary.

Dictionary attacks are not effective against systems that make use of random permutations of lowercase and uppercase letters (NOT JUST THE FIRST LETTER) combined with numerals and special characters.


Talk to a Jungle Computer Professional …
570.970.6555 | PHONE
info@junglecomputer.com
by Paul Gil
Updated March 13, 2017
https://www.lifewire.com/top-internet-email-scams-2483614

So What Is Malware

Jungle ComputerSo what is malware? It comes in a bewildering variety of forms. Computer viruses are probably the most familiar type of malware so named because they spread by making copies of themselves. Worms have a similar property. Other types of malware, such as spyware, are named for what they do: In the case of spyware, it transmits personal information, such as credit card numbers.
So after asking “What is malware?” the next logical questions are, “who is creating it, and why?” The days when most malware was created by teenage pranksters are long gone. Malware today is largely designed by and for professional criminals.

These criminals may employ a variety of sophisticated tactics. In some cases, as technology site Public CIO notes, cybercriminals have even “locked up” computer data making the information inaccessible then demanded ransom from the users to get that data back.

But the main risk that cyber criminals pose to heavy computer users is stealing online banking information such as banking and credit card accounts and passwords. The criminal hackers who steal this information may then use it to drain your account or run up fraudulent credit card bills in your name. Or they may sell your account information on the black market, where this confidential information fetches a good price.

learn more


Jungle Computer
67 – 69 Public Square
6th Floor
Wilkes-Barre, Pennsylvania
18701-2500

Talk to a Jungle Computer Professional …
570.970.6555 | PHONE
info@junglecomputer.com

Pennsylvania Contractor License:
# PA114006

What is SiteLock?

What is SiteLock?

  • SiteLock is one of our most powerful website security solutions. It not only scans your site for security gaps but detects malware that hackers could use to steal information, infect your customers or divert traffic.
  • If we find malware or holes in your site’s security, we notify you by email so you can quickly close the gap and beat the bad guys to the punch. If you want automatic malware removal, choose our Professional plan. If you want automatic malware removal, choose our Professional plan.
  • For totally worry-free protection, our Premium plan not only finds and removes malware, it also scans for known website vulnerabilities on a daily basis.

Order Now …

Why do I need SiteLock?

  • SiteLockWebsite security is vital to your business success. If people don’t feel safe on your site, they won’t come back. But if you can show visitors your site protects them from hackers and thieves, they’re more likely to place an order or refer a friend.
  • Once our malware scanner confirms that your site is clear of known vulnerabilities and malware, the SiteLock Trust Seal can be displayed to your customers. Studies show that displaying this seal increases sales by more than 10%, with 70% of site visitors saying they look for a verifiable 3rd-party trust seal before submitting personal information to a website.

How does SiteLock work?

  • Our 360° website security scanner checks your website for common vulnerabilities, including phishing exploits, SQL injection flaws, and cross-site scripting (XSS). It checks your URLs, submits forms, posts comments, and performs other tests to find the web application vulnerabilities hackers use to break in.
  • SiteLock emails you the exact location of any malware or vulnerabilities it’s found. With the Professional or Premium plan, our SMART malware removal tool automatically removes malware – no action needed from you.
  • Our security system not only protects you and your customers, it keeps your website from being blacklisted by search engines.
  • You can check your latest scan results anytime via our easy-to-read online dashboard. It delivers real-time reports in English, Spanish, French, German, Dutch, Italian, Polish and Portuguese (Brazil and Portugal), with more languages to come. For really thorny problems, SiteLock maintains an award-winning team of online security professionals ready to step in and get you back online in a hurry.

For really thorny problems, SiteLock maintains an award-winning team of online security professionals ready to step in and get you back online in a hurry.

How does SiteLock compare to other web security services?

  • A lot of products can tell you if your website has been infected by malware. What they can’t do is fix it for you. With SiteLock, you don’t have to worry about a thing – our vulnerability scanner checks your website daily, automatically removing any malware or suspicious links it finds (Professional and Premium plans only). It’s like having your own website security guard on duty 24/7.
  • SiteLock beats McAfee Secure, Comodo Hacker Proof and CloudFlare hands down. In addition to the basics, SiteLock takes your site security up a notch by actually fixing what is wrong. Our Professional and Premium plans find and delete malware, keeping your site running clean and worry-free. SiteLock actually removes the malware it finds.

If I have an SSL Certificate, why do I need SiteLock?

  • SSLAn SSL certificate secures the information passed back and forth between visitors and your website (i.e. credit card information, login name and password) but it can’t find malware or the other vulnerabilities hackers use to break in and do damage.
  • SiteLock not only finds vulnerabilities and malware, it automatically removes them from your website using our SMART malware removal tool. Our Professional and Premium plans complement your SSL Certificate, creating a hack-proof security strategy.

I have anti-virus software. Do I need Website Protection SiteLock?

  • Yes.
    • Anti-virus software protects your computer from malware and viruses, but it doesn’t protect your website. And while it’s invaluable, anti-virus software can’t detect existing vulnerabilities in your site such as cross-site scripting and code injections. It also doesn’t let you know when security threats and vulnerabilities have been found or how to fix them. SiteLock’s malware scanner does.

I just bought SiteLock. Now what?

  • SiteLock setup only takes 5 minutes. Simply log in to your account, and click on SiteLock. Click Launch next to the account you want to use, and then provide the requested information.

If you already host your website with us, that’s it! Website security scans occur every 24 hours – so check back to view the results.

Order Now …

Basics Computer Security

The basics of computer security, and how to make sure you’re protect.

Let’s cover computer security.

The first thing we’re going to talk about is something called a dictionary attack which has to do with your passwords. When creating your passwords, some sites require extremely specific and complicated passwords, which is actually a bit unnecessary. The type of attacks they’re trying to guard you from are dictionary attacks.

Dictionary attacks are programmed to try every word in the dictionary, or in its own database of common words and passwords, as the password for a large mass of usernames. If your password is Kangaroo, they’re probably going to break into your account. Most passwords aren’t this simple, but that doesn’t matter. They attack such a massive amount of accounts that they only need a few passwords that are relatively simple. When creating a password, you want to use different cases, numbers, and symbols, but one of the most effective ways to create a good password is to throw some random letters in there (ex: kangarooSyCA67). Also, stay away from sequential numbers.

SecurityPhishing, another thing to watch out for, is emails or webpages that mimic other valid sites to try and trick people into entering their personal information, though the site truly isn’t connected to the site it’s trying to mimic. In general, two ways to safeguard from these attacks are checking the address in the browser and to open a new browser and go to the website that is claiming to contact you.

Let’s also discuss encryption and HTTPS. If you are at Starbucks trying to access your bank account, you have reason to be suspicious that someone could see and take your information. You will want to look for a green HTTPS instead of HTTP at the beginning of the web address. That means that the site you’re sending your information to is encrypting your passwords and other information, scrambling up data according to a code that only they know.

In general, whenever you’re showing private or sensitive information, check for HTTPS. A few other general tips: don’t share passwords between important accounts. If a site you use gets hacked into, your password may be compromised regardless of its strength. Also, don’t download strange files. If you don’t recognize the file type like .pdf, .txt, .jpg, be wary. Some of these files you download can be very powerful and even run your computer from the inside.

Lastly, keep your software updated, particularly software that interacts with the internet. One way that information can be compromised is when ‘bad guys’ find holes and gaps in security of older versions of software. Those bugs have been patched in newer versions, so if you keep everything updated, you’ll avoid lots of problems. These are very basic things you should know about how to keep your information safe on your computer.


Jungle Computer LLC.
67 – 69 Public Square
6th Floor
Wilkes-Barre, Pennsylvania
18701-2500

Talk to a Jungle Computer Professional …
570.970.6555 | PHONE
info@junglecomputer.com

Top 10 Online Threats

Jungle ComputerThe strategies hackers use to break into your site can be complicated but the results are usually pretty simple; lost revenue.

Here are the 10 most common threats identified by the Open Web Application Security Project:

1. Injection.

It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.


2. Cross-site Scripting.

Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.


3. Insecure Direct Object References.

Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.


4. Broken Authentication.

When account credentials and session tokens aren’t properly protected, hackers can assume users’ identities online.


5. Cross-site Request Forgery (CSRF).

A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS, or other techniques. If the user is logged in, the attack succeeds.


Jungle Computer Repair6. Security Misconfiguration.

Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.


7. Insecure Cryptographic Storage.

Many web applications don’t do enough to protect sensitive data such as credit card numbers, Social Security numbers and login credentials . Thieves may use this data for identity theft, credit card fraud or other crimes.


8. Failure to Restrict URL Access.

Often an app will protect sensitive interactions by not showing links or URLs to unauthorized users. Attackers use this weakness to access those URLs directly in order to carry out unauthorized actions.


9. Insufficient Transport Layer Protection.

Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to “eavesdrop” on online exchanges. An SSL Certificate typically neutralizes this threat.


10. Invalidated Redirects & Forwards.

Web applications often redirect or forward legitimate users to other pages and websites, using insecure data to determine the destination. Attackers use this weakness to redirect victims to phishing or malware sites, or use forwards to open private pages.

https://www.secureserver.net/security/malware-scanner.aspx?ci=89298&prog_id=270511