Burglary is one of the crimes that have increased its presence during last decade. There are many technological inventions developed for preventing burglary but burglars are becoming smarter day by day with more simple techniques and tools. There are many solutions for protecting your property from burglary from raising killer dogs to installing sophisticated tech gadgets. In this article, we talk about do it yourself home security camera systems.

Implementing security systems, especially camera systems have been complicated and ‘techy’ task for many years. Due to the same reason, these systems were not popular among the general public. Whenever the general public wanted to implement a security camera system, they had to hire expensive technicians and bear a cost which was higher than the equipments in some cases. For making the security camera system popular among the general public, there were a few initiatives taken by the manufacturers.

First of all, the materials used for manufacturing equipments were changed. The expensive metallic materials were dropped and cheaper plastic substitutions were introduced. The corporate security camera systems consisted of powerful cameras and home systems did not require cameras of that caliber. This further reduced the price increasing the affordability. The old security camera systems had to be wired extensively and only the trained technicians could do the job. This was one of top reasons that general public was reluctant to afford security camera system. This was successfully solved by introducing wireless system, so only minimal wiring was required.

Nowadays, there are hundreds of brands in the market with different types of security cameras where users can buy them over the counter and install by themselves. These security camera systems come with detailed instructions, so even people with limited technical knowledge can install them. Do it yourself home security camera systems are designed such way that there is minimal or no risk of electric shock or any other danger. Interestingly, there have been many reports of burglary while the presence of security camera systems and ironically all those were due to the deactivated system. Therefore, it is important to switch on the security systems all the time to prevent burglaries.

If you’ve been walking on the internet for ages, you’ll already know what internet scams are. You may have learnt it on the internet, through books and magazines and other media or simply by being a victim of it. Whatever your status is, it is always better to keep an eye on the developments in the scamming streams so that you can protect yourself better. So let’s explore the varieties and the latest additions to the family of internet scams.

Phishing (pronounced fishing) is all about scammers trying to get past your personal information such as usernames and passwords, banking information, credit card information and so on. Phishing is typically initiated via email or through instant messenger services. The unique feature about phishing scams is that their messages always look authentic with an awkward senders email or URL. They will even include much reputed logos such as Paypal, Credit Union eBay and so on. This is why you should always look out for each and every tiny detail of the emails or instant messages you receive. If you are smart enough, you could never become a victim!

Phishing scam experts often use a technique called link manipulation. That is when you receive the email; there will be a link which looks like http://www.ebay.com/&fty.order.?service.asp So you may think it is an authenticated link and the email really came from eBay. But it’s a trap. When you run the mouse over the link you will see that it is being directed to another web site. Another similar form of trick is to include @ symbol in the URL so that appears like http://www.citibank.com@www.imphishing.com. So whenever you click on links on emails coming from non-contacts be careful to read through the URL fully.

Advance fee scams are another type of scam widely used on the internet. It is where you have to pay a fee before you could receive a lump sum often claimed as inheritance, lotteries, job offers etc. Ponzi scheme is another famous method among scammers. It is where you are asked to buy slots of $100 and with this slot in hand; you could earn $10,000 over a month by engaging in a copying and pasting job online. It’s true that the internet is full of amazing things but it cannot be this far too good to be true right? So think twice before you press a link, give away information or purchase something.

If you are familiar with Homer’s Odyssey, you know what it means by Trojan Horse. Yes, at least the concept. If you don’t know what’s there in Odyssey, let’s me explain you what happed there at Troy.

In Homer’s Odyssey, there exists a city called Troy, which has a wall that cannot be broken by the enemies. Therefore, Troy has been regarded as one of best cities in terms of security. Due to the same reason, no other kingdom would take the chance of fighting with Troy. But one king is going to Troy with thousands of ships for fighting with Troy but looses in the initial rounds of the war. Finally the attacking army pretends that they left the war and keeps a large wooden horse on the shore where Troy king takes it to the Troy city as a monument of the war. But apparently, there had been well trained soldiers hiding inside the wooden horse where they came out of the house and open the gates of Troy for the rest of the army to come in. Eventually Troy was burnt to ashes and it was a victory achieved by the Trojan horse.

Now you can relate the above epic to your computer by assuming Troy as your computer and Trojan Horse as a kind of virus. Troy’s wall is somewhat similar to your security system (anti-virus software or firewall) and Trojan Horse can surpass your security system by misleading it.

Let’s talk about what is exactly done by the modern Trojan horses to our computer systems. Let’s take Melissa, most popular Trojan Horse of all time as an example. First you may get an email with an attachment and the email is written in such a way that you would open the attachment. If the attachment is opened by the user, it would run a hidden macro without the user’s knowledge. If Microsoft Outlook is present in the user’s PC, Melissa will take first 50 contacts and mail itself to those 50 contacts. This way, Melissa could multiply rapidly within a very short period of time and soon the internet was full of Melissa emails. Since the demand was so high for email servers, most of them crashed causing more business damages. Eventually the anti-virus programs were updated to find and kill, Melissa.

I assume that, by now you understand the similarities between the epic and the modern Trojan Horse. It is very important to keep your virus scanner up-to-date for catching Viruses before they make any damage to you.

In the first part of this article we looked at first five web security threats. In this part of the article, we are looking at the rest of five security threats that includes programming and server configuration and management.

Sixth - SQL Injection. All of the web applications have a back end connected to a database. All of these databases use SQL or it’s variants for data definition and manipulation. If the input fields of the web application are not validated properly, an attacker can insert some of the SQL commands that will be passed to the database and get executed in the SQL form. This way, instead of the execution of the business logic, an SQL code is executed giving the attacker the control of the web application.

Seventh - Improper Error Handling. Error conditions that are expected when operating in normal conditions are not handled properly. If an attacker can figure out the unhandled error conditions, then they can attack and gain detailed system information, service interruption or eventually crash the server.

Eighth - Insecure Storage. Usually web applications use cryptographic functions and tools to protect information when it is transported and stored. Some of these encryption mechanisms and functions may not effect properly resulting a breach of security. This maybe due to two reasons; a) Encryption mechanism being not strong so the attackers can easily break them b) Strong encryption mechanism has not been applied correctly.

Ninth - Denial of Service (DoS) Attacks. This is one form of attacked which is in use from the inception of Internet and World Wide Web. In this method, attacker will use the system resources of the web server until other legitimate users cannot use the system. This can eventually cause a web application crash.

Tenth - Insecure Configuration Management. Even though this is the last web security threat of the list, this is one of the most common and ignored security vulnerability. Each and every server that hosts web applications should be configured to be secured, as they are not fully configured for security out of the box. There can be many inbuilt and third party tools that should be installed and configured before exposing the web application to public.

The Internet and web are becoming increasingly vulnerable with the advancement of technologies and skills of the people who use it for wrong reasons. When compared to early stage hack attacks, recent methods of attacking are very much advance and complex. But there are some techniques used even today introduced some decades ago. Let’s have a look at the top 10 web security vulnerabilities in out list.

First - Unvalidated Input. The information that comes from the web browser is not validated by the web application. This way, a third party can alter the web request and pass incorrect or harmful information to the web browser.

Second - Broken Access Control. Even though lot of web applications have frameworks implemented for access control and role authentication, some of these rules are not used effectively in the web application. So mistakenly a regular user maybe assigned higher level of authority.

Third - Broken Authentication and Sessions management. As we know, if you log in to a web application, a unique session is created for you. If this sessions details are not protected correctly (by a technique such as encryption), some one can steal it and misuse. This way, attackers can compromise password, keys, session cookies etc.

Fourth - Cross Site Scripting (XSS) - A well-known web site that is trusted by end-users can be used by an attacker to transport an attack to the end user. By clicking a link of the trusted website, the end user actually executes a code written by an attacker in another web application or web site. This way, an attacker can disclose the session details, attack the end users machine and provide incorrect content and fool the end user.

Fifth - Buffer Overflows. This is one of the very common and familiar types of attack. This is not common only for web application but also for operating systems. For web applications, an attacker may send a chunk of data which crashes the web application and taken control of some of it’s processes. There are some programming and scripting languages that does not validate whether the data stream id too much and it can crash the web application (Ex: CGI, libraries, drivers and web application server components).