Friday, April 7, 2017

Encryption & Decryption

What is Encryption? 

 Basically, Encryption is the process transforming data or information into a code, especially to prevent unauthorized access. 
It is generally used to protect sensitive information so that only authorized parties can view it.

 Simply,when sending a message without encrypting anyone can read the stuffs which includes that message. 
In this scenario, Scully is the sender and Mulder is the receiver and the Alien is the is the 3rd party who does not have a authorized to read this message. Scully didn't encrypt the message before sending it to the Mulder. So Alien can read the message.

In about scenario Scully encrypted the message before she sends it to Mulder. So Alien can't read the message.   

 We can divide Encryption into two main parts.,

  1. Symmetric Encryption
  2. Asymmetric Encryption

Symmetric Encryption
Symmetric encryption algorithms are best known as shared-secret key algorithms. The cryptography key is using for both encryption of Plain Text and decryption of Ciphertext.

  • The usual key length is 80 to 256 bits.
  • A sender and receiver must share a secret key.
  • They are usually quite fast (wire speed), because these algorithms are based on simple mathematical operations.
  • Examples of symmetric encryption algorithms are DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.
Simply we can describe symmetric encryption in this way...





Asymmetric Encryption
Asymmetric encryption algorithms characteristics include:

  • Asymmetric encryption algorithms are best known as public key algorithms.
  • The usual key length is 512 to 4,096 bits.
  • A sender and receiver do not share a secret key.
  • These algorithms are relatively slow, because they are based on difficult computational algorithms.
  • Examples: RSA, ElGamal, elliptic curves, and DH.

In Asymmetric Encryption both the sender and the receiver has pair of keys call Public Key and the Private Key. Public Key is a key that anyone can get. But the Private Key is a unique key which only known by the owner (Sender or the Receiver). When encrypting a plain text via Sender's Public Key, the receiver can decrypt that message only through by Sender's Private Key. If some message encrypted from Receiver's Public Key, that message can only decrypt by Receiver's Private Key. Likewise when some message encrypted in Sender's or Receiver's Private Key, it can decrypt only by Sender's or Receiver's Public Key. Here is a simple example for Asymmetric Encryption...

I have implemented simple Encryption / Decryption software to hide the content of your "Text (.txt)" files. I used AES 128 bit Algorithm to encrypt data in your text files. And here is the link to download that software..

 https://github.com/janitha1st/Encryption-Decryption-Software-Application 

 This software is implemented using NetBeans IDE 8.1 and the Language is Java.





  • This is the main interface of my Software.



  • First you have to give the path to the text file that you need to encrypt. Here "Hello_Cyber" is my text file and it placed in Desktop. 


  • This is the content which included in my text file before encrypting.





  • After you select the path then click the "Encrypt" button and it'll display a message if it was successful. 
  • After encrypting if you go to the same text file you can see the content like above. It means it was successfully encrypted.
  • After encrypted select the path as done before and click the "Decrypt" button. Then it'll display a message if it is success. 

  • Then you can get the same content which was there before you encrypt the file. 

  • Specially you should add org.apache.commons.io.jar JAR file to your project. It is also include in my github repository. 
Visit my GitHub by clicking : https://github.com/janitha1st/Encryption-Decryption-Software-Application

Hope you guys understand my blog blog. If you have any doubt please send me a mail to janitha.bhakthi93@gmail.com.
Thank You! ;)
Posted by at No comments:

Thursday, March 2, 2017

Phishing

What Phishing is?

 Basically, Phishing is just like Fishing. It means in the both scenarios we use baits. As an example in Fishing we are using worms as baits. In Phishing we are using legitimate web pages to get their personal information.
Now we'll come up with a clear definition of Phishing,

Phishing is a term used to describe a malevolent group of individuals or individuals who scam users. They do so by sending e-mails or creating web pages that are designed to collect an individual's online bank, credit card, or other login information. Because these e-mails and web pages look like legitimate companies users trust them and enter their personal information.


How Phishing Web Site looks like?


How the Actual Site looks like?


How to identify a Phishing Attack?

  • Check the URL you received which belongs to the original site.
  • If an e-mail an urgent action or near deadline.
  • Page with lots of pop-up adds.
  • By looking for spellings and grammar mistakes. Because Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious
  • If the attacker is not directly targeting a particular person or a organization the e-mail would not contain your name or username. 

 How to do a Phishing attack in simple way..


  • First go to the page which you want to use as the base of your phishing attack
  • Then right click and go to "save as.." and download it


  • Then open that file from "Notepad" and find the word "action=" near the "POST method"
  • then clear the part which is inside "" and replace it with <filename.php> and save that file as <index.html>



  • Then again open a notepad file and enter the below code and save it as the name you provided in index.html file <filename.php> 
  • Then host it in a web hosting site. (https://www.000webhost.com/) 
  • For better out come you can short your created URL
  • Now your Phishing page is completely done. 



  • Then someone enters their username and password and click login the page will reload to the original site and you will get the Username and the Password to a text file call "Passwords"  






How to terminate a phishing attack?

  • Don’t give up personal information. Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. If you get an e-mail it's better to call and ask from the original organization which you got the e-mail.
  • If you have a doubt of an e-mail don't give your original user name and the password first time.
  • Don’t click on unknown attachments
    Including malicious attachments which contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
  • Don’t believe everything you see
    Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.     

What should you do if you have faced to a Phishing Attack?
  • Login to the original organization website and and immediately change your Username and Password.
  • Scan for malware in the case of your PC has been infected by a fake site. 



Specially don't use same Username and Password for all the sites you're using!!!

 You can simply download all the source files from here 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk- 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk- 






Posted by at 6 comments:
Subscribe to: Posts (Atom)