Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Internet Users. Show all posts

Here's How Script Kiddies are Targeting Internet Users Worldwide

 

Most people have an image of hackers in their minds. In our minds, imagery from motion pictures depicting skilled cybercriminals breaking into guarded networks practically instantly while typing at breakneck speeds come to mind. These are not Script kids, even though many real-life versions of these hackers are capable of some amazing and terrifying things. 

Script kids, often known as skiddies or skids, are amateur hackers and programmers who target networks and internet users with scripts and other programmes created by more experienced hackers and programmers. They may not be as adept as genuine hackers, but they have a lot of power and may cause a lot of harm. Find out here how to avoid script kids and how to be safe online. 

The script kiddies: Who are they?

The name speaks for itself. Script kiddies are persons who don't know how to programme and launch cyber attacks using other people's software. They are frequently kids or young adults. They frequently even utilise these programmes without realising their purpose or how they operate.

Children getting their first computer are an example of typical situations. They decide to become hackers after seeing a movie or television show about hacking. To learn how to turn the programme into a weapon, they might explore forums and perhaps look through a few tutorials. Once they have it on their targets, they will find a method to unleash it. 

Software exploitation against users

In order to target specific websites and users, script kids use the free and open-source software available on the internet. To launch DDoS attacks, for instance, they could utilise software meant for forensics or security. The damages and missed earnings might total thousands of dollars. 

Through the use of pen-testing apps or the planting of malware, script kids can also gain access to private networks. They are also keen on developing social engineering frauds. The extent of their capabilities truly doesn't extend beyond this. 

Do script kiddies pose a greater threat than real hackers? 

Yes and no. However, script kids are erratic, but real hackers can certainly cause far more damage if they so choose. Businesses, governments, or even hospitals are common targets for hackers that have specific goals in mind. The only thing script kids may have against you is a personal grudge. And to make matters worse, they can specifically target you based on information they have about you, such as your residence and place of employment.

You need to take digital security seriously, whether you're a hacker or a script kiddie. Only these two categories of cybercriminals exist. Other dangers like botnets, cyber terrorists, and simple con artists haven't even been mentioned yet.

Prevention tips

The online world can be a terrifying place because of thieves, script kiddies, hackers, and other bad actors. But a few straightforward, low-cost cybersecurity techniques and tools can make a significant difference in enhancing safety. 

You must first get a VPN. Your IP address is hidden, and your internet connection is encrypted when you use a VPN, or virtual private network. Your security and privacy have been increased as a result. Both hackers and script kids, who frequently utilise IP addresses to monitor user activities, are effectively stopped by it. 

Enabling a VPN whenever you connect to the internet is the best method to use one. Additionally, VPNs can help you get around content limitations and hide your browsing information from ISPs and network administrators. 

It's also a good idea to increase the security of your network, account, and devices. Make sure that all devices have secure passwords and PINs that are immediately required whenever you restart, shut down, or are inactive for more than two minutes or close the screen.

Use complex passwords to increase the security of your accounts. Consider using a password manager to store those complicated passwords in a secure digital vault. Not to mention fingerprint or facial recognition locks, two-factor authentication, and other security measures. 

Finally, you must strengthen the security of your network, especially your company network. Start with WEP encryption and a strong password. A variety of network security and monitoring tools should be researched and used. For instance, firewalls are excellent and successful at controlling network traffic. Programmes that track and obstruct attempts at authorised access are also available.

What Exactly is DNS-over-HTTPS and Do you Need to Use it?

 

Traditional Domain Name System (DNS) traffic, such as user requests to visit specific websites, has been largely unencrypted throughout the history of the internet. This means that every party involved in the DNS value chain that your request goes through has the ability to examine your queries and responses, and even change them, whenever you look up a web address in the "internet telephone book." This is altered by DNS encryption, such as DNS over HTTPS (DoH).

Many of the major internet service providers, including Apple, Mozilla, Microsoft, and Google, have integrated encrypted DNS through DoH into their offerings. While Apple implemented DoH with the iOS 14 and macOS 11 updates in the autumn of 2020, Mozilla was an early adopter, integrating it into its browser in the US as early as late 2018. DoH has also been made available on Chrome for Android by Google. 

A global phone directory on the internet 

The Domain Name System (DNS) essentially serves as the internet's version of the phone book. If you think of it a little like this, the operation of DNS will soon become clear. Therefore, the second-level domain (in the case of international.eco.de, this would be.eco.) is the corporate switchboard number, and the top-level domain (the far right part of a web address, like.com,.org, or.info) is the equivalent to the country code or area code. The third level (international) is the particular extension, meanwhile.

It's much simpler to gain a better understanding of how this directory is put together if you keep that in mind as you work. You can also learn how computers locate the websites they want to visit in order to connect you to the website of your choice.

A website or other internet resource that you have typed into your computer or phone will be located by DNS resolvers. The router at your house or place of business, or a public hotspot, is the first DNS resolver to which your device is locally connected.

Following a series of steps, this resolver looks for any preconfigured settings on the device or a history of previous visits to the specified website (called a cache). If this doesn't work, the resolver will pass the DNS request on to the resolver after it, which could be your current internet service provider (ISP). The same steps will be followed by this resolver, and if all else fails, it will look up the domain in the "internet phone book." 

What dangers is DoH shielding users from?

By preventing DNS data manipulation and eavesdropping, one goal in the development of the DoH protocol was to increase user privacy and security. You are shielded from the possibility that a malicious actor could reroute your DNS traffic to another (malicious) location thanks to DNS traffic encryption. Instead of the actual bank website you wanted to visit, it might be a fake one or something similar. 

Man-in-the-Middle (MITM) attacks are the term used to describe this type of cyberattack. The only practical solution at this time is DNS encryption via DoH (or the related DoT protocol). The monetization of DNS data, for example, when it is used for marketing purposes, is another issue that DoH has been able to address. This is a potential and real privacy concern that should be of interest to everyone. 

User safety in public networks 

An analysis of your behaviour and cross-network tracking may be done using the DNS query data from your mobile device when you use a public wireless (Wi-Fi) network in a hotel, coffee shop, or another location. These DNS services are frequently included in an all-inclusive, globally accessible Wi-Fi solution, but they may not be well-suited to abide by local privacy laws.

Additionally, it is possible that the privacy-protecting configurations are not turned on either. Free public Wi-Fi services are also frequently ineffectively managed in terms of security and performance, particularly when they are run or offered by smaller businesses. You could end up exposed to attacks coming from their own networks if this happens. 

The good news is that DoH safeguards users on these open wireless networks because the Wi-Fi network's DNS resolver is avoided. As a result, user tracking and data manipulation at this level are prevented. That ultimately means that DoH provides a chance to safeguard communications in an unreliable setting. It's a fantastic and incredibly useful solution. 

What alters due to DoH? 

Only the transport mechanism by which your device and the resolver communicate changes with the DNS over HTTPS protocol. The well-known HTTPS protocol is used to encrypt both the requests and the responses. DNS requests using DoH currently avoid the local resolver because there aren't many DoH resolvers in use and technical work is still being done to make it possible for DoH resolvers to be "discovered." Instead, they are handled by a third-party DoH service provider that has been recommended by the relevant software maker or developer. The decision to offer their own DoH services is currently being considered by an increasing number of providers. 

DoH in my company's network—do I want it?

DoH is unquestionably a helpful method of self-protection, particularly when using a public hotspot, but it might not be the best choice in environments with trusted network infrastructure. Corporate networks or using internet access services that you get from a reputable ISP are good examples of this.

For instance, your firm may have good cause to forbid an application that deviates from and overrides the system default. Given that the network administrator has no control over it inside the network, this might even be considered potentially harmful. If DoH is implemented at the system level as opposed to the application level, many of the issues with corporate networks vanish. At the system level, for instance, a corporate network administrator can configure the system and create a policy to ensure that the corporate resolver should be used for as long as the device is connected to the corporate network.

However, DoH should be used to increase security and privacy once the device is connected to a public network. These different configurations are, however, avoided if DoH is applied by default at the application level. 

Concerning factors 

Other issues with the use of external DNS resolution through DoH include potential slow response times, circumvention of parental controls, and legally required blocking, among others. However, depending on the situation, many of the DoH's potential drawbacks are balanced out by just as many benefits. 

There is no question that DNS encryption enhances user security and privacy. DoH can offer a simple method for carrying this out. If you choose to activate DoH, you should make sure to research who will be handling the resolution, how they will handle your data, and whether you can easily turn it off when necessary.

Private Data of Europeans Shared 376 Times Daily in Ad Sales

 

Private information about every internet user is shared hundreds of times each day as companies bid for online advertising slots. A brand-new report by the Irish Council for Civil Liberties (ICCL), uncovered that the average European user's data is shared 376 times per day and the figure rises to 747 times daily for US-based users. 

Currently, ICCL is engaged in a legal battle with the digital ad industry and the Data Protection Commission against what it describes as an epic data breach, arguing that nobody has ever specifically consented to this practice. 

The data is shared between brokers acting on behalf of those wishing to place adverts, in real-time, as a web page loads in front of someone who is reading it. The brands in the adverts themselves are not involved. 

That data can be practically anything based on the Interactive Advertising Bureau's (IAB) audience taxonomy. The basics, of course, like age, sex, location, income, and the like are included, but it doesn't stop there. All sorts of websites fingerprint their visitors and those fingerprints can later be used to target ads on unrelated websites. 

It is used to secure the most relevant bidder for the advert space on the page. This all happens automatically, in a fraction of a second, and is a multimillion-dollar industry. Personally-identifying information is not included, but campaigners argue that the volume of the data is still a violation of privacy.  

"Every day the RTB [Real Time Bidding] industry tracks what you are looking at, no matter how private or sensitive, and it records where you go. This is the biggest data breach ever recorded. And it is repeated every day," said Dr. Johnny Ryan, senior fellow at the ICCL. 

According to the ICCL report, the source of the data was a Google feed covering a 30-day period. It is made available to the industry, but not the public. The data about US web users' habits are shared in advert sales processes 107 trillion times per year and European users' data is shared 71 billion times.  

"If the exhaust of our personal data could be seen in the same way pollution can, we'd be surrounded by an almost impenetrable haze that gets thicker the more we interact with our phones.,” tech reporter Parmy Olson, said.