Server Certificate Model

In this post we will discus a little about server certificate model. Yes you are right we will discus here something about CA certificates and SSL. So lets start from CA certificate. Full form of CA is certificate authority or certification authority its main task is to provide digital signatures which are known as CA certificates. The digital signatures/certificates certifies the ownership of a public key. There are several CA that provide digital certificates some are free while some are paid. The very common use of CA certificates can be found in SSL or TSL. The introduction of SSL in HTTP protocol has made possible data transfer via network in encrypted form. Due to introduction of SSL in HTTP the three way handshake is also slightly affected to support data transfer in encrypted form.



A digital certificate can be compared to a voter card id. A voter can be termed as a website, card issuing office as CA authorities and voter card number as secret cipher code. Cipher code for SSL is determined with help of cipher suite which is set of cryptographic primitives and configurations. It may include information about which key exchange algorithm to use, authentication algorithm, encryption, hashing and other information. SSL works on the basis of Public Key Infrastructure (PKI) and uses randomly generated session key for first time session key exchange with any website. The key exchange cycle involves setting up special session key that both client and server can use to communicate securely.

Now one of the biggest problem with SSL is that it only certifies that the certificate is issued to particular website for particular reason without any mechanism to verify it. That means you can use digital certificate verified for some other website for yourself. For most of the Windows ISS servers, these digital certificates and does not even needs real validation, it means if you activate HTTPS over HTTP in Windows ISS server then your SSL layer would be ready without any third party verification because it'll itself act as CA authority root server.

By the way the motive of this post was not explaining full working of SSL but to clear some basics that you must know to further understand our upcoming posts on attacking SSL encryption. So in upcoming posts we will have our look on SSL weaknesses and how to attack them. Till then thanks for reading, have a nice time and keep visiting.

FACEBOOK UNVEILS VIDEO CALLING POWERED BY SKYPE

Facebook has unveiled a group chat tool, a new design for its overall chat interface, and, yes, a video calling service based on Skype.
"Video calling is the first example of what we think of as a great social app," Facebook chief executive Mark Zuckerberg said during a press event at the company's Palo Alto, California, headquarters. "The integration that we've done could not have been done without the great social infrastructure we've rolled out over the last five years," he said.
The group chat tool is based on Facebook's existing Groups setup, which is now used by about 50 per cent of all Facebookers, according to Zuckerberg. The new design includes a browser sidebar that provides quick access to those you chat with most, and it offers a "call" button that launches the video service.

The video service requires a plug-in, but you can place a call to your Facebook friends that will then send them a notice pointing them to the plug-in. The service does not offer group video calling, but Zuckerberg indicated that this will eventually be rolled into the service.

The service cannot be used to call existing off-Facebook Skype clients – or vice versa. But Skype product manager Mike Barnes said that the two companies will eventually provide such off-Facebook calling.


Facebook has already started to roll the new tools across its site, and "millions" of users. Bates says that the video service will reach about one per cent of users on Wednesday. According to Skype CEO Tony Bates, the two companies have been working on the video service for the past six months.

In late June, Zuckerberg told a Seattle audience that Facebook would unveil something "awesome" today, and last week, Techcrunch reported that this would involve integrating the social network with the Skype VoIP service, which is now owned by Microsoft. Redmond is a Facebook investor and longtime Facebook partner. Microsoft's Bing underpins search on Facebook, and Facebook may be used to personalized your results on Bing. Microsoft announced in May it's buying Skype for $8.5bn.

DOXING - A WAY OF TRACING ANONYMOUS PEOPLE

Doxing is a way of tracing someone or getting information about an individual using sources on the internet and social engineering techniques. It's term was derived from --Documents-- as a matter of fact its the retrieval of Documents on a person or an organization.

I saw a well detailed information on how to implement this techniques and i will be sharing it here. As presented by Chintan Gurjar below is a technique to trace an anonymous person.


What is Doxing ?

Doxing(“Documents” or “Docx”) is the part of technique “Tracing”. It plays an important role in tracing. To gathering all available information is called as doxing. In information there are many informations like documents,victim’s name, gender and also that on internet on which which website, the person is there and by which which name and nick name. We are choosing the specific target.In this tutorial i will show you how to get the information about any particular individual. Doxing is easy depends on the available information about the specific target and it also depends on that how many information is available of that specific target right now. Doxing technique is very useful to solve the “Cyber Crime Cases”.With the help of this tutorial you will come to know that how the hackers dox the innocent people and make them victim to hack their email id accounts, Facebook accounts and their websites by implementing social engineering techniques.

For the Specific Target Here are some parts for which you should collect the information.
(1) Name
(2) Gender
(3) Birthday
(4) Age
(5) Website
(6) Email Id
(7) Social Networking Site Profiles -> Facebook/Yahoo/Orkut/Twitter/My space
(8) Location/Area/Country
(9) IP – Address

Once hacker have all this information,the next step of hacker is to go to the http://www.google.com/ and he can input the name of the specific target.The target’s all social networking site profile id will display Google. Hacker will copy paste it and then open that link into his browser.Then he/she can see the every information about the target.If the target’s profile ids completely private then hacker can make a girl’s profile and then can add him/her.-( Best Solution :- Social Engineering Technique).

How To Do Doxing ?

(1)Using The Email Address Of Your Target

So, We have some basic very nice website to find the information about target.
Step 1 :- Click on the Email
Step 2 :- Provide Email address and then click on search.
Step 3 :- It will show all the profiles which is made by this email id which u have given to Pipl.com of target

Websites Used For Doxing :-
www.pipl.com (i will recommended you this)
www.wink.com
www.123people.com
www.zabasearch.com

(2)Using The Name Of Your Target

Here also We have some basic very nice website to find the information about target.
Step 1 :- Click on the Name
Step 2 :- Provide Name and then click on search.
Step 3 :- It will show all the profiles which is made by this name/nickname which u have given to Pipl.com of target .

Websites Used For Doxing :-
www.pipl.com (i will recommended you this)
www.wink.com
www.123people.com
www.zabasearch.com

(3)Using The Location Of Your Target

Here you can do doxing with the help of the adress also.There are some sites which provides this type of services.If target has given any adress to the any social networking website then you can trace it by the help of the given below website.
Websites :-
www.addresses.com
www.411locate.com
www.411.com
www.whitepages.com

Do Doxing With The Help of google

Google is the very nice site and source to do the doxing.
Example :- Here i m Providing name – “XYZ” and we will see that how one can mine the Google dork and can find the everything.

a. Inurl :- This is a very nice dork to find the website directly from the Google. Suppose i want to find the www.chintan.com then i will give this type of query.
Inurl:.sitename.com

b. Intitle :- This is also a nice query.if suppose on any page the world “XYZ” is written in the title then i can find it directly by this query.
Intitle:xyz

c. Intext :- On any webpage of the world,if the name is written like “xyz” then i can find by this a simple query.
Intext:xyz

Now we will bind this all query to do doxing.

Case 1 :- Suppose i want to find the person named “xyz” but only from this website www.site.com.Then i will make this query.
Inurl:.sitename.com & intitle:xyz or
Inurl:. sitename.com & intext:xyz
This query will give me the all result of the web page of the website freehacking.net which have this XYZ name on any particular page.

So, This are the basic techniques of doxing, and if you've got any tips and ideas you feel you can share, please don't hesitate to use the comment box.

HOW GOOGLE+ AFFECT ON SEARCH ENGINE OPTIMIZATION(SEO)

By launching the Google+,Google trying to end the monopoly of Facebook in Social network world for the past years.The Facebook and Twitter was giving a majority role in the search results.However we can ensure that the Twitter feeds may not be visible in the Google search results since,the the contract of Google with the Twitter has ended.

Google+ Feeds

Even this parts are very clear,the SEO world unable to predict the influence of the Google+ in the search results in near by future.But the news are coming that Google going to include the Google+ feeds in search results instead of Twitter feeds.If that is happened in future it will make a huge influence in Search results.

Sparks

Sparks is the one of the other feature available in the Google+.By the help of Sparks the users can find their interests and can pin into their profile.The sparks also will make a role in the SEO.SEO community is trying to get indexed in sparks,since it is amazing feature available in Google+ and may rule in the future.

Posts in Google+

Posts are the major part in the Google+.Google indexes only public pages from Google+.It is not included any private pages in to search results.So the public posts and the comments on it is indexed in the Google very soon.It states that the Google+ makes a major role in SEO.

We have to wait some more days to understand how exactly the Google+ will help in SEO.

Want to add or say something? add your comments…