Cyber Crime Protection Methods

There is a very old and correct saying that goes on to say that a coin has two sides.

Like a coin almost every aspect of life has two sides. For example the most common example can be taken of the advent of technology and the crime associated with it. With the advent of time and technology, computers have formed an integral part of the working society.

Computers along with them have brought greater work and time efficiency in the working circle of the society as a whole. But there comes the twist. Along with all the benefits that computers and technology have brought, there also comes the rising and alarming threat of cyber crime.
Continue reading “Cyber Crime Protection Methods”

Internet Security Through Code Signing, 2017 revision

I originally posted this article in 2014 and I wanted to rehash a few methods of performing code signing.

Internet Security Through Code Signing

Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted. Continue reading “Internet Security Through Code Signing, 2017 revision”

How does ransomware work?

We’ve all heard at one point ransomware being mentioned – computers hijacked by evildoers and then encrypted with a key which was available at a cost to the unaware user.

People have been asking – how does it spread? Can it come through the network? Is it a download or an exe file you have to click to get it on your machine?

What makes ransomware so effective? Continue reading “How does ransomware work?”

How to create a hashed MD5 password?

While some systems have not heard of the MD5 vulnerability, they might require you to build up a hashed password.
Here’s the code in C# and VB.net. Once you’ve grabbed the code you need, have a read on the two links below detailing MD5 Hash collisions.

using System.Security.Cryptography;
-------------------
 // step 1, calculate MD5 hash from input
    MD5 md5 = System.Security.Cryptography.MD5.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
    byte[] hash = md5.ComputeHash(inputBytes);
// step 2, convert byte array to hex string
    StringBuilder sb = new StringBuilder();

    for (int i = 0; i < hash.Length; i++)
    {
      sb.Append(hash[i].ToString(“X2”));
    }
    return sb.ToString();

In VB.NET

Private Function GetMd5Password(ByVal psStr AsString) As String 
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim sBuilder As New StringBuilder()
Dim nX As Integer' Convert the input string to a byte array and compute the hash.
Dim byData As Byte() = md5Hasher.ComputeHash(ASCIIEncoding.Default.GetBytes(psStr))

' Create a new Stringbuilder to collect the bytes and create a string.
' Loop through each byte of the hashed data and format each one as a hexadecimal string.
For nX = 0 To byData.Length -1
    sBuilder.Append(byData(nX).ToString("x2"))
Next
' Return the hexadecimal 
string.ReturnsBuilder.ToString().ToUpper
End Function

MD5 was intended to be a cryptographic hash function, and one of the useful properties for such a function is its collision-resistance. Ideally, it should take work comparable to around 264264 tries (as the output size is 128128 bits, i.e. there are 21282128 different possible values) to find a collision (two different inputs hashing to the same output). (Actually, brute-forcing this is today almost in the range of possible, so this alone would be a reason not to use any small-output hash function like MD5.)

http://www.mscs.dal.ca/~selinger/md5collision/ Explanation of how MD5 collisions occur
http://www.links.org/?p=6 MD5 Collisions Visualised

Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com

Hello,

You authorised a payment of 37.81 GPB to eBay International UK (UK-ebay-inc-admin@ebay.co.uk)

Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account balance will be used first. If you have a zero balance or insufficient funds in your account, your backup funding source will be charged for the full or remaining payment. Please note that your bank or card provider may charge a dishonour fee if you have insufficient funds to make the payment.

Thanks for using PayPal. To view the full transaction details, log in to your PayPal account.

Email1

Email2

Let me tell you how to spot the phishing details: Continue reading “Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com”

The Fraud Act 2006

On 15 January 2007, the Fraud Act 2006 came into force and created three ways of committing a new offence of fraud:

  • Fraud by false representation
  • Fraud by failing to disclose information
  • Fraud by abuse of position

In each case, the defendant’s conduct must be dishonest with the intention of making a gain, or must cause a loss (or the risk of a loss) to another person or individual. Crucially, no actual gain or loss needs to be proved – the fraud might have been unsuccessful or it was stopped before it could take place. These offences are ‘triable either way’ and can be tried in the Magistrates’ Court or the Crown Court, with a maximum sentence of ten years imprisonment.

The fraud offences have a wide scope in that that they can be committed by a person outside of England and Wales. If you are accused of committing a fraud offence under the Fraud Act outside of this country, it is crucial that you take specialist advice, including advice on the issue of jurisdiction. Continue reading “The Fraud Act 2006”