Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Hacking password .ijue ili ujilide vizuri

Discussion in 'Tech, Gadgets & Science Forum' started by Mtazamaji, Apr 6, 2011.

  1. Mtazamaji

    Mtazamaji JF-Expert Member

    #1
    Apr 6, 2011
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Napenda kushare nanyi elimu ndogo niliyonayo juu ya urahisi au ugumu na uwezekano na mbinu za mtu kuteka(ku hack) id na password zako mtandaoni.


    Wanafanyaje?
    Mtu anayeteka password anafanya hacking kwa kutumia kitu kinatwa XSS(cross site scripting.) Zipo XSS scripting za aina mbili. Kuna Pesistance XSS na Non Persistance XSS .Soma Cross-site scripting - Wikipedia, the free encyclopedia kupata maelezo ya undani zaidi. Kwa wanao penda kupata technical detail zaidi wanaweza google maneno niliyo bold..

    Inawezekanje?
    Inawezaka mtu "xyz" usiyemjua au hata unamjua akakutumia email yahoo , hotmail au popote pale na kwenye email akaweka link ambyo wewe unaweza ku click. Au hata kama sio email inawezekan unatembelea mitanado mbali mbali na kuclick mambo mengi.


    Kitendo cha kuclick link usiyokuwa na uhakika nayo kinaweza kuwa hatari. Ni hatari zaidi kama ume set browser yako ihifadhi cookies za account zako kama yahoo hotmail, jf etc.

    Sababu ndani ya ile link hatarishi uliyoclik kunakuwa na script inayochota cookies zako zote na kuzihamisha kwenye site ya tapeli. Tapeli akizipata cookies zako anaweza uingia kwa jina na password yako ya yahoo au hotmail au site yeyote kwenye mashine yake. Hapa ieleweke udhaifu haupo yahoo au hotmail au jf sabbau ile "link hatari" unayobofya inakuwa nje ya hizo site


    So kwa kupata cookies zako anafanikiwa kuiteka account yako. Mara nyingi wanataka kupata detail zako zaidi ili uwezekano wa kukutapeli uwe rahisi. Mfano detail wanazotafuta ni tarehe ya kuzaliwa, Majina yako kamili na taarifa nyingine nying kama connection za watu unawasiliana nao. unaweza usitapeliwe wewe akatapeliwa rafiki yako ambaye mnatumiana email

    Ufanyeje kujikinga ?
    Hakuna uhakika wa usalama 100% . Hata kama ni kompyuta binafsi usifanye browser ihifadhi cookies hasa kwenye site ambazo una mambo yako muhimu. Binafsi nimeset cookies kwenye jf najua hata wakiiteka hawata gain kitu wala sitaathirika sana. but sijaset cokie kwenye account zangu muhimu.


    Firefox wana plugin initwa WOT. (https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/) ambayo ukitembelea site hatari inakupa alert. Kwa wenye firexo ni vizuri wakawa nayo hii installed.



    Nataka kujua zaidi kuhusu XSS . Nifanyeje?

    Tazama hii clip ujue baadhi ya nyenzo na mbinu zinazotumika kuhack tovuti na kuhack privacy detail za watu kupitia mtandao


    Kama unapenda kujifunza na kujua mambo kuhusu computer Information system Audting and security basi dowload backttrack hapa The Official BackTrack Blog . Tazama mlolongo mzimawa video za hao vijana. you tube.


    Kwa kujua mianya ya udhaifu ndiyo unaweza kujilinda

    Nawasilisha kwa maoni nyongeza na changamoto
     
    Last edited by a moderator: Jan 4, 2016
  2. Donnie Charlie

    Donnie Charlie JF-Expert Member

    #2
    Apr 6, 2011
    Joined: Sep 16, 2009
    Messages: 5,934
    Likes Received: 130
    Trophy Points: 160
    jamaa wabaya sana wanaweza kukupa presha hivi hivi, hawachelewi kukwambia kulikuwa na rottery za email address zote ya yahoo na email yako imeshinda, hivyo umejinyakulia usd 1 million
     
  3. IT Guru

    IT Guru JF-Expert Member

    #3
    Apr 6, 2011
    Joined: Feb 17, 2011
    Messages: 595
    Likes Received: 4
    Trophy Points: 35
    Shukurani sana mkuu kwa kushare nasi elimu muhimu kama hii, ila nina swali hapa, je hizi link wanazotumia kutapeli ni kwa watumiaje wa computer tu au hata watumiaje wa simu walio allow cookies kwenye browser zao(mfano:eek:pera mini) huwa wanaweza kutapeliwa iwapo watafungua hizi link hatari?
     
  4. Mtazamaji

    Mtazamaji JF-Expert Member

    #4
    Apr 7, 2011
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Mkuu hata watumiaji wa simu wanaweza kuathirika. sababu opera mini nayo ni browser kama firefox, IE. nazina option ya kuhifadhi cookies

    Na huwezi kusema udisable cookies kabisa sababu ufanisi wa mtandao na tovuti nyingi zinategemea cookies ziwe enabled. Cha msingi ni kufuta zile cookies za tovuti zenye data zako critical eg yahoo. gmail ,hotmailnajf kama inamambo yako muhimu

    kwangu kama nilivyosema jf haina data zangu critical so uwepo wa cookies zake za login na password sio tatizo.

    Kuna watu wanafanya makosa fulani bila kujijua mfano.

    • Mtu anakuwa na password may be ya yahoo kama vile 38GH^$┬úd4. kwa vigezo vya kitaalam hii ni password very strong na ndiyo wanapendekeza.lakini tatizo linakuja memory ya binadamu kuweka kichwani password kama hii ni ngumu. So mtu atainote sehemu au unalazimika kuifanya browser iikumbuke ilia asilazimike kuingiza kila mara anapotaka kuingia kwenye account yake. Hili ni tatizo.

    • Au mtu anakuwa na password kama neno bunge . Hii nayo ingawa mtu anakimbuka na hivyo hatalazimika kuihifadhi kwenye cookies ni very weak na it can guessed. Piani tatizo
    So unatakiwa kuwa na balance ya password wich is not sipmle to be guessed but can be remembered na wakati huo huo isiwe very complicated kusabaisha kuifanya iwe stored kwenye cookies . Yaani iwe ni password unayoweza kukumbuka na ku- key in mwenyewe every time unaingia kwenye site zenye data zako critical

    Hizi pasword zinazohifadhiwa kwenye cookies zinakuwa somehow encrypted kwa kutumia hashes za md5. but with proper decryption program mtu anaweza kuzidecode.

    So it is something wich is not that much simple but it is something wich is possible.

    Nimeona juzi juzi kuna mtu ameandika juu ya account yake ya yahoo kuwa hijacked so nikaamua kuandika hii ili watu wawe aware how is this possible na nini wanaweza kufanya kujilinda.
     
  5. gwino

    gwino JF-Expert Member

    #5
    Apr 7, 2011
    Joined: Nov 19, 2010
    Messages: 334
    Likes Received: 1
    Trophy Points: 35
    Shukrani kwa darasa huru ulotugea
     
  6. Washawasha

    Washawasha JF-Expert Member

    #6
    Apr 7, 2011
    Joined: Aug 7, 2006
    Messages: 8,368
    Likes Received: 146
    Trophy Points: 160
    ahsante sana mkuu kwa kutufungua macho 2ngelizwa sana,nabadilisha kila kitu changu na kuweka namba za cmu na jina la Mbunge wangu ili aibiwe yeye
     
  7. k

    kotinkarwak JF-Expert Member

    #7
    Apr 7, 2011
    Joined: Aug 5, 2010
    Messages: 386
    Likes Received: 0
    Trophy Points: 0
    Mtazamaji,
    I thought cookie details are scrambled and not really showing the actual userid au password au hawa wajanja wanaweza ku'unlock hizi details regardless?
     
  8. Mtazamaji

    Mtazamaji JF-Expert Member

    #8
    Apr 7, 2011
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Wanaweza kuziscramble na kuzidecode kama wanataka .
    Na pili hawaitaji kusicramble kwa sababu wakiingiz detail za cookies zako kama zilivyo kwenye browser zao then wanaingia kilaini tu.

    Detaiil za password kwenye coookies zinakuwa in md5hashes. So akiingiza md5 hashes ya passowrd yako kwenye browser yake ni kama anakuwa kaingiza password yako japo anakuw hajui password yako hasa ni maneno gani kwenye keyboard.

    In short ni hivi naweza nisijue password yako kama ni neno "1234" but nikipata md5hash ya password yako eg "gw57ghwawthajajajakhgf" ambayo ndio inakuwa stored kwenye cookie then indirectly nakuwa nimeipata password yako.

    Am still learning and experiment so naweza kusahihishwa na kueleweshwa
     
Loading...