28.7.15

NJIA WANAZOTUMIA HACKERS KUIBA PASSWORD YAKO,JINSI YA KUJILINDA NA NAMNA YA KUIMALISHA USALAMA WA AKAUNTI YAKO,SOMA HAPA

BY net tamaduni

Karibu Net TAMADUNI:  Siku hizi watu wanaona kuhack ni kama fashion, au kama sifa. Wrong. Pengine ni kwa sababu nchini Tanzania hakuna sheria nzuri dhidi ya hackers wa websites (ambao sio wengi kwa sasa TZ) na wale wa accounts. Hawa wa accounts ndio kama utitiri kwa jinsi walivyozagaa. Mtu kachungulia password yako ulivyokuwa unaandika, baadae anaingia kwenye account yako and the next thing you know na yeye anajiita hacker. Seriously?

Anyway, back to the topic: Njia watumiazo hackers                              
                                      1. Phising(inatamkwa  “fishing”)
Hii ni njia ambayo hutumiwa na wengi sana hasa kama anayetaka kumdhuru siyo makini au hana ujuzi sana wa masuala ya technology. Nasema hivi kwa sababu mimi binafsi nimekuwa nikitumia njia hii kwa miaka kadhaa na kadri muda unavyozidi kwenda watu wanazidi kuelimika hivyo inapoteza nguvu.

Kinachofanyika kwenye phishing ni kwamba, hacker anatengeneza ukurasa unaofanana sasa sawia na ukurasa halisi wa website anayotaka kujua password yako. Mfano halisi ni facebook. Hacker atatengeneza ukurasa unaofanana na wa facebook kwa KILA KITU kiasi kwamba utashindwa kugundua tofauti yoyote ile. Basi, wewe utakachofanya ni kuweka username yako na password kisha utalogin. Ule ukurasa feki utachukua username na password zako na kumpelekea yule hacker, kisha wewe utakupeleka kwenye ukurasa wako wa facebook. Kama kawaida.

Jinsi ya kujikinga:
It’s quite easy! Kama nilivyosema mwanzo. Hii trick ni kwa mtu asiye na uelewa sana na tech. Mambo ya kuangalia ni haya:

                                                           1. Address
Adress ya ukurasa feki siku zote itakuwa tofauti na original. The original facebook address ni www.facebook.com na address nyingine yoyote isiyo na address hiyo basi siyo original. Kuna vitu vingine vingi vinavyotofautisha page feki na halisi.Take a look below: 
Tofauti za kuziona:

1. Address sio ya facebook. Angalia pale juu kwenye www utaona ni website nyingine kabisa

2.Page ya login ya facebook(sio homepage) ina title ya “login”. Ila hii feki, au nyingine yoyote, ina title tofauti. Angalia tofauti ya muunganiko wa maneno.

3. Chini kwenye copyright napo ni tofauti. Kwenye page original copyright information inabadilika na mwaka ila ile feki mwaka ule iliyotengenezwa ndio hiyo hiyo.

4. Lugha zilizowekwa kwenye footer ni tofauti.

Hayo ni machache yanayoonekana kirahisi ambayo unaweza kuyachunguza. Hivyo, ukitumiwa link na ikakupeleka kwenye ukurasa wa facebook, usikimbilie tu kuweka details ila angalia hivyo vitu kwanza. Aliyekutumia anaweza akawa anataka kukuibia password tu.

                                                       2. Keylogging

Hii ni njia nyingine ambayo yenyewe ni ngumu kiasi kutambulika kwa haraka, lakini unaweza kujua. Keylogging yenyewe inatumia kitu kinaitwa keylogger ambayo ni software. Hacker anaiweka hiyo keylogger kwenye computer na yenyewe inachofanya ni kurecord keystrokes zinazochapwa kwenye keyboard. Let me explain:

Kila kitufe unachobonyeza kwenye keyboard kabla hata haujaona kwenye screen huwa kwenye binary form. Hii ni hupelekwa lugha ya computer inayotumia namba 0 na 1 tu. Ina maana, ukiandika labda “g”, kwenye computer inaenda kama 01100100 na kisha inakuwa interpreted halafu ndio inakuja kwenye screen sasa kama “g”. Hii inamaanisha, hata password yako ukiwa unaiandika, labda password yako ni ‘givenality’, kule itaenda kama 01000111010010010101011001000101010011100100000101001100010010010101010001011001 (hii sijabuni ila ndio neno ‘givenality’ lilivyo in binary language). Kwa vile ni password ina maana kule inakuwa interpreted halafu kwako itakuja kama **********. Sasa hizi keyloggers zinachofanya ni kwamba, punde baada ya kuwa interpreted, inazidaka herufi kabla hazijaja kwenye screen halafu ndio zinatokea pale kama *********. Ina maana,hacker yeye atakuacha uingie kwenye account yako kwenye hiyo computer, kisha yeye atakuja kwa urahisi tu na kufungua keylogger yake kuangalia imedaka nini na nini. “Ahaa!” Yes, ndio wanavyofanya, hivyo usiwe unajiaminisha kirahisi rahisi ukipewa computer/laptop na mtu tena hasa hapa Bongo na wewe unaenda tu.

Jinsi ya kujikinga:

Kila keylogger ina login screen ambayo aliyeiweka itabidi aweke password ndio aingie. Huwezi kuingia lakini unaweza kujua kama ipo. Kwenye windows, bonyeza Ctrl + Alt + Shift + M kwa wakati mmoja (zishikirie). Ukiona inakuja screen inataka uweke password, basi jua hiyo computer imewekewa keylogger na sio salama.
Hizo ndio njia kuu mbili ambazo hackers wengi hasa wa Tanzania hupenda kutumia, especially wale wanaojifunza. Kwa vile sasa hivi umeshajua na jinsi ya kujilinda, account zako hazitakuwa na matatizo tena.
                                                            3. Stealer's

Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, wakati fulani inaweza ikawa extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.

                                                       4. Session Hijacking

Mara nyingi hii inatokea kama unaaccessing Facebook on a http (non secure) connection.In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.

                                              5. Sidejacking With Firesheep

Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.

                                                   6. Mobile Phone Hacking

Ma milioni ya watu wanaotumia facebook wanaaccess kupitia simu zao. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying softwares used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.

                                                         7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

                                                         8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

                                              9. Man In the Middle Attacks
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

                                                            10. Botnets
Botnets are not commonly used for hacking Facebook accounts, because of it's high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus. 

via dj sek blog