make money from web
| Introduction | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Work from home, make money from your Website, join affiliate programs, summer jobs, seasonal jobs, get paid to take online surveys, get paid by reading email, get paid by surfing the Web, money making tutorials, earn revenue by placing ads on your Website, advertisement programs, get a fee to refer customers, receive commission for offering custom builds, etc. | |||||||||||||||||||||
| Contents | |||||||||||||||||||||
| Micropayments | |||||||||||||||||||||
| Flattr | Receive micropayments for things you publish online. | ||||||||||||||||||||
| TipTheWeb | A non-profit organization which lets you receive tips / micropayments for Web content. | ||||||||||||||||||||
| e-Commerce Services | |||||||||||||||||||||
| |||||||||||||||||||||
| Virtual Cash Services | |||||||||||||||||||||
| PayPal | Online payment system using the 'virtual cash' principle. Transactions are instantaneous and are not delayed by slow bank-to-bank communications. PayPal now also accepts credit card payments. | ||||||||||||||||||||
| E-gold | E-gold is an electronic currency and online payment system based on real gold. All the 'virtual' gold is 100% backed by real gold in physical storage. E-gold enables people to spend specified weights of gold to other e-gold accounts. Only the ownership changes - the gold in the treasury grade vault stays put. | ||||||||||||||||||||
| GreenZap | Online virtual cash system based in Australia. | ||||||||||||||||||||
| WebMoney | Online virtual cash system based in Russia. | ||||||||||||||||||||
| e-Commerce Tools | |||||||||||||||||||||
| osCommerce | Freeware open-source e-commerce solution to create your own online shop. It features a rich set of out-of-the-box online shopping cart functionality that allows store owners to setup, run, and maintain their online stores with minimum effort and with no costs, license fees, or limitations involved. | ||||||||||||||||||||
| Freelance & Work from Home | |||||||||||||||||||||
| AbleStable.com | Directory providing a very broad listing of creative professionals, from artists to web designers, programmers, illustrators and music composers. | ||||||||||||||||||||
| Associated Content | Pays individuals to write about the community they live in. Payment is made per submission and one doesn't necessarily need to be a writer. Once you are registered as a "Content Producer" you can immediately start submitting content via their online system. Both non-exclusive (you retain the copyright) and exclusive (copyright bought by Associated Content) submissions are accepted. | ||||||||||||||||||||
| EditFast | EditFast provides a free service to skilled proofreaders, editors and writers. If you are selected for a project by a client or by the EditFast administration you will be notified and that project will be directed to you. | ||||||||||||||||||||
| Free Business Services | A collection of free and non free business services on the Web, such as: online payment services, cheque / check printing services, import / export companies, Websites and programs related to mortgages and real-estate, day trading companies and online stock brokers, business-to-business portals. | ||||||||||||||||||||
| Freelance Jobs List | Large listing of freelance jobs organized by category. | ||||||||||||||||||||
| HomeWorking.com | This site is for anyone wanting to work at home and anyone already working at home. You will find lots to get you started, help you find work at home and avoid scams. | ||||||||||||||||||||
| Telework Association | TCA is Europe's largest organisation dedicated to the promotion of teleworking. Over 2,000 people and organisations have joined them since they started in 1993. The TCA believes that teleworking can benefit people by increasing the quality of life and improving access to work. | ||||||||||||||||||||
| WorldLancer Outsourcing Academy | Job listings and jobs online for a variety of projects. "Buyers" can post job listings for free. Freelancers can find jobs online and get paid for their work. | ||||||||||||||||||||
| Worldwide Work At Home | Work at home jobs mostly for the US. For work outside the US, please see here. | ||||||||||||||||||||
| |||||||||||||||||||||
| Publish it yourself | |||||||||||||||||||||
| Lulu.com | Free service which enables you to publish, print and sell books, calendars, music, etc. on demand. There are no startup fees (nor investment fees), because each book is printed individually (after it is ordered by one of your customers). | ||||||||||||||||||||
| Smashwords | A free service that helps you publish, promote, distribute and sell your work as a multi-format ebook. You receive 85% of the net sales from your titles. | ||||||||||||||||||||
| createspace | Free online tools by Amazon.com to publish your own books (printed or eBook), music (CD or mp3) film/video (DVD or downloadable video). | ||||||||||||||||||||
| TuneCore | For a flat fee of around $ 45 TuneCore will put your music on Amazon, iTunes and eMusic. You will remain the owner of the copyrights and TuneCore does not receive any royalties (just the flat fee). | ||||||||||||||||||||
| Bibliocore | For a flat fee they will add your eBook to Apples iBookstore. You will remain the owner of the copyrights and Bibliocore does not receive any royalties (just the flat fee). | ||||||||||||||||||||
| Get paid to write articles | |||||||||||||||||||||
| Blogsvertise | Earn money by talking about certain products and services in your blogs and journals and by placing links. | ||||||||||||||||||||
| Textbroker | "Earn money by writing. You do not need to be a professional writer to participate, although proper spelling and grammar are required." | ||||||||||||||||||||
| Job Sites | |||||||||||||||||||||
| A BetterJobSearch.com | Free resources for anybody seeking for a Job: employer list, employment resources, resume services, job search tips and more. | ||||||||||||||||||||
| BackdoorJobs.com | Adventure jobs, outdoor jobs, summer jobs, internships, work abroad, seasonal jobs, apprenticeships, offbeat careers, etc. | ||||||||||||||||||||
| Beyond.com | Online recruiting company: search for jobs, add your resume, etc. | ||||||||||||||||||||
| Job Search Engines | |||||||||||||||||||||
| Indeed.com | Free search engine for jobs - USA only. | ||||||||||||||||||||
| Earn Money with your Website | |||||||||||||||||||||
| BidVertiser | Place the BidVertiser text ads on your website and make money online by getting paid for every click. | ||||||||||||||||||||
| Earn money through Custom Builds | A 'custom build' of a program is a special edition you can offer for download on your site, and which has your affiliate information built into it. This means that when the user clicks 'register' or 'purchase' in that edition of the program, he/she will go directly to the order page using your unique affiliate ID, making sure you receive the commission for the sale this user generates | ||||||||||||||||||||
| Google Adsense | Earn money while displaying advertisements on your Website. When visitors click on these ads, Google pays you. Along with targeted advertising for your content pages, you can add a Google search box to your site and show targeted ads on search results pages. | ||||||||||||||||||||
| MIVA Website Monetization | Customised solutions to monetise website traffic, such as: pay-per-click advertising, add a Web search engine to your site and earn revenue from every click, earn revenue from users leaving your site. | ||||||||||||||||||||
| RevenuePilot.com | You receive 60% of what advertisers pay RevenuePilot per click. A variety of linking methods is available, including text links, banners, search boxes, javascript feed, dynamic banners, etc. | ||||||||||||||||||||
| Earn Money through Affiliate Programs | |||||||||||||||||||||
| 123inkjets.com | Store selling Inkjet cartridges, photo paper, cables, toner and other printer-related goods. Earn 27% commission on each sale you generate through a banner or text link on your site. | ||||||||||||||||||||
| Affiliate Tips.com | Affiliate directory, reviews on affiliate programs, helpful articles and affilaite marketing tools. | ||||||||||||||||||||
| AffiliateSeeking.com | Well organized directory of affiliate programs, organized by category. | ||||||||||||||||||||
| AllPosters.com | Sell posters on your Website, earn 25% commission on each poster you sell. | ||||||||||||||||||||
| Amazon.com | Amazon.com is an online store specialized in selling books, CDs, DVDs and Videos. When a visitor of your site purchases an item from Amazon.com through a link on your site, you will receive a fee of between 5% and 15% of the purchase price. | ||||||||||||||||||||
| Become a TreePad Affiliate and earn money! | As a TreePad affiliate you can earn 25% commissions on any sales you make! Grateful to all TreePad users, who have been TreePad's best advertisers, we are now happy to offer you this excellent possibility of earning money. Sign up is free and open to anyone interested. | ||||||||||||||||||||
| Clickbank | Promote and sell your own products or promote other products and receive a commision on each sale which you generate. | ||||||||||||||||||||
| clixGalore | Build your own affiliate program and boost your sales, leads and website traffic by promoting and building your own large 'pay for performance' sales team. | ||||||||||||||||||||
| Commission junction | Over 1000 advertisement programs to choose from. Real-time tracking, reporting and analysis of impressions, get paid monthly by check, etc. | ||||||||||||||||||||
| eBay | Online auction house. Earn $5 for each new client who signs up with eBay, earn $0.05 for each bidder at eBay. Also: eBay affiliate University for improving your performance. Limitation: US based affiliates only at this time. | ||||||||||||||||||||
| iDonovan.com | Online recruiting company. Pays $ 20-30 USD for each referred sale. | ||||||||||||||||||||
| iPowerWeb | Webhosting company. Receive $65 (Tier 1) and $5 (Tier 2) in commission for every new customer | ||||||||||||||||||||
| LunarPages Webhosting | Webhosting company. Earn $52.00 for each new customer (Tier 1) and $ 5 (tear 2). | ||||||||||||||||||||
| PayDotCom.com | Promote products and earn commissions as a PayDotCom affiliate. PayPal-related. | ||||||||||||||||||||
| Money Earning Tutorials & Resources | |||||||||||||||||||||
| Homepage Made Easy's Guide to Affiliate marketing | What's Affiliate Marketing? How do you turn your traffic into profit? Pay-per-Click vs. Pay-for-Performance? Pay-per-Click: the need for huge traffic? Pay-for-Performance Drives Results? How do large affiliate networks function? How / when do you get paid? Why is there a minimum amount policy? What if my revenue is below the minimum amount? How do you get a sponsor? A bit on rights & duties - How free are you? The right sponsor(s) for Your Web Site - a Hot tip! | ||||||||||||||||||||
| Enhance your homepage and make money! | How to create a page that is: easy to make, beautiful, interesting, and profitable! E.g. add images and content royalty free to your pages and make money with them! | ||||||||||||||||||||
| Introduction to Earning Money on the Web | Earn Money Opportunities, Affiliate Marketing - Info + Tips, Search for one or more Sponsors for Your Web Site, Guide to Find the right Sponsors for Your Web Site, Tips for Beginning Webmasters, have a Business or Commercial Web Site? Here's an Excellent Opportunity for You, other Profitable and/or Advantageous Opportunities Available to You on our Web Site. | ||||||||||||||||||||
| Free Marketing Zone | Free marketing resources for Webmasters and online entepreneurs. Free articles, free sales letters, free web-scripts, free promotion tools, etc. | ||||||||||||||||||||
| How to make money from your Website | Resource for affiliate program managers aspiring to develop a best of breed affiliate program: articles, news, gossip, tutorials, case studies, reviews, interviews, press clippings, consulting services, etc. | ||||||||||||||||||||
| Affiliate Cash Money | Tutorial on advertisement and promotion related to making money through affiliate programs; also has a directory of affilate programs, | ||||||||||||||||||||
| Get Paid to take Online Surveys | |||||||||||||||||||||
| American Consumer Opinion | Get paid for sharing your opinions and ideas in online surveys. Win money in monthly drawings just for being a member. Win money in drawings when you fill out a a short questionnaire. Earn cash each time you complete a survey (a longer questionnaire). | ||||||||||||||||||||
| GlobalTestMarket.com | Earn cash by filling out surveys and referring friends. | ||||||||||||||||||||
| goZing surveys | In return for participating in online and/or telephone surveys, you receive Amazon.com gift certificates or PayPal cash. | ||||||||||||||||||||
| I-SpeakUp.com | $50 for filling out 25-minute surveys, $150 for participating in focus group panels for 30 to 60 minutes, earn free trips, free diners, get freebies given to you with each survey completed. | ||||||||||||||||||||
| Online-Paid-Surveys.net | A free site where users can share experiences and learn about online paid survey opportunities. The site includes a user blog, polls, a user review section, and editorial reviews on legitimate paid market research opportunities. | ||||||||||||||||||||
| Opinion Outpost | Opinion Outpost is an online community where people like you can come to share their opinions by participating in survey research. In return for your valued opinion, you can earn opinion points which can be exchanged for cash and prizes. | ||||||||||||||||||||
| SurveySavvy.com | Earn cash by filling out surveys and referring friends. | ||||||||||||||||||||
| YellowSurveys.com | Over 500 survey companies offering paid surveys in cash and prizes. | ||||||||||||||||||||
| Read Mails or Surf the Web | |||||||||||||||||||||
| Hits 4 Pay | Get paid to read emails, click on banners and refer friends. | ||||||||||||||||||||
| E-Mail Paus U | Get paid to read email and for visiting Websites. | ||||||||||||||||||||
| Various | |||||||||||||||||||||
| GetPaidToTry | Earn money by trying out products and services. | ||||||||||||||||||||
| |||||||||||||||||||||
| Related Freebyte pages | |||||||||||||||||||||
| Online Business Services & Free Financial Software | E-commerce services, virtual cash systems, payment processing services, check printing, business-to-business portals, online stock trading, currency converters, free accounting software, etc. | ||||||||||||||||||||
| Win Prizes | Win prizes through free online sweepstakes without spending any money! | ||||||||||||||||||||
| Free Office Software | Free office suites, word processors, desktop publishing, text editors, personal databases, diagram software, presentation programs, fonts, document viewers, PDF utilities, thesauri, spellcheckers, document converters, etc. | ||||||||||||||||||||
| Free Website Promotion | Get more visitors. Free Website submission services and software, free mailing list services, free banner exchange services, web promotion tips and tutorials, search engine tips, online marketing tools, free advertising, free resources for Webmasters. | ||||||||||||||||||||
| Free Home pages | Publish your own Web pages for free! Find the best service to host your home page. Create your Web page without any knowledge of HTML. Free services which enable you to run your own CGI scripts (PHP, ASP, Perl, etc.). | ||||||||||||||||||||
| Free Email Addresses | A large listing of services that provide free but also non-free email addresses. Web based email, email forwarding, pop email, etc. Also: add email services to your domain. | ||||||||||||||||||||
| Free Website Tools | Free Website templates, clock widgets, counters, Web statistics, polls to put on your site, guest books to put on your site, DNS services, image optimizers and converters, background creation programs, URL forwarding services, site search engines, HTML editors, HTML and link validation tools, tutorials, resources, etc. | ||||||||||||||||||||
| Free images, icons, clipart, backgrounds, photos | Download images and clipart for free, royalty-free stock photographs, thousands of free fonts, free icons, free GIFs, animated GIFs, free backgrounds, wallpapers, etc. | ||||||||||||||||||||
| Free Internet Programs | Free programs to surf the Web, free email software, email virus protection, free newsgroup programs, free Internet chat, telephony and messaging applications, free telnet software, free firewalls, etc. | ||||||||||||||||||||
| Free Computers | Free used and recycled computers, mostly for schools, non-profit organisations and disadvantaged individuals. | ||||||||||||||||||||
| |||||||||||||||||||||
Monday, December 27, 2010
|
search for credit card
| ddlfiles.com | credit card hack [HIGH SPEED] - Direct Link Download Download credit card hack with High-Speed. No Limits! url:http://get2pc.com/adv6.php?q=credit+card+hack * s p o n s o r e d r e s u l t |
| hotfile.com | Hack Proofing Your Ecommerce Site indexed:2010-05-23 category:books ... Hack Proofing Your Ecommerce Site Syngress | 2001-01-15 | ISBN: 192899427X ... as well. This is why Hack Proofing Your E-Commerce Site doesn ... matters, the Secure Electronic Transactions (SET) protocol, and relations with credit-card issuers ... source:http://www.crackingforum.com/ebooks-tutorials/189573-hack-proofing-your-ecommerce-site.html url:http://hotfile.com/dl/43195041/d42650f/192899427X.zip.html |
| hotfile.com | [HTTP] Credit Card Hack indexed:2010-06-01 category:soft Credit card hacking program free download. WORKS 100% Tested and used by a lot of people Download Link: source:http://www.divxturka.net/applications/489436-http-credit-card-hack.html url:http://hotfile.com/dl/23163950/e3ff0f4/Card_Hack_v1.1.rar.html |
| ziddu.com | Hack Proof Password Manager v3.00 J2ME indexed:2010-07-01 category:other ... Password Manager v3.00 J2ME Hack Proof Password Manager avoid the ... and quickly access passwords, PINs, credit card numbers, accounts and all ... algorithm protection * Encrypted data export and import functions Preconfigured Templates * Credit Card * Bank Account * Internet Banking ... source:http://www.dl4all.com/mobile-pda/346983-hack-proof-password-manager-v300-j2me.html url:http://www.ziddu.com/download/10354636/HackProofPwdManager.rar.html |
| fileserve.com 1.07 Gb | Hacking Ebook Collection indexed:2010-08-21 category:books ... cracking-sql-passwords.pdf Crc Press - The Hacker'S Handbook.pdf Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf DangerousGoogle-SearchingForSecrets.pdf ... source:http://www.downtr.net/325957-hacking-ebook-collection.html url:http://www.fileserve.com/file/NTQh4P4/Hacking_ebooks_collection.part01.rar |
| fileserve.com 21.45 Mb | Hack Proofing Your Ecommerce Site indexed:2010-06-18 category:video ... Hack Proofing Your Ecommerce Site Syngress | 2001-01-15 | ISBN: 192899427X ... as well. This is why Hack Proofing Your E-Commerce Site doesn ... matters, the Secure Electronic Transactions (SET) protocol, and relations with credit-card issuers. Download Link Mirror ... source:http://www.downtr.net/250312-hack-proofing-your-ecommerce-site.html url:http://www.fileserve.com/file/D6JG5sx/192899427X.zip |
| hotfile.com 1.07 Gb | Hacking Ebook Collection indexed:2010-08-22 category:books ... cracking-sql-passwords.pdf Crc Press - The Hacker'S Handbook.pdf Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf DangerousGoogle-SearchingForSecrets.pdf ... source:http://www.heroturko.org/ebooks/394250-hacking-ebook-collection.html url:http://hotfile.com/dl/63621045/48187e9/Hacking_ebooks_collection.part01.rar.html |
| filesonic.com | Hacking Ebooks Collection (116 books) indexed:2010-12-02 category:books ... cracking-sql-passwords.pdf Crc Press - The Hacker'S Handbook.pdf Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru ... source:http://www.movieshare.org/e-books/hacking-ebooks-collection-116-books/265142/ url:http://www.filesonic.com/file/37046117/Hacking_-Ebooks_Collection_116_pdfs_Der_Jager.part1.rar |
| hotfile.com | Hacking Ebook Collection indexed:2010-12-07 category:books ... cracking-sql-passwords.pdf Crc Press - The Hacker'S Handbook.pdf Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf DangerousGoogle-SearchingForSecrets.pdf ... source:http://www.freshwap.net/ebooks/424508-hacking-ebook-collection.html url:http://hotfile.com/dl/87498060/188ab58/Hacking.eBook.Collection.part1.rar.html |
| hotfile.com | Hacking Ebook Collection updated 2010 indexed:2010-12-06 category:books ... -e-book.pdf cracking-sql-passwords.pdf CrcPress-TheHacker'SHandbook.pdf Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf DangerousGoogle-SearchingForSecrets.pdf ... source:http://www.movieshare.org/e-books/hacking-ebook-collection-updated-2010-a/339960/ url:http://hotfile.com/dl/87501524/83be687/Hacking.e-Book.Collection_sevno.part01.rar_shytex.com.html |
| hotfile.com | Hacking And Security Ebooks Collection indexed:2010-12-11 category:books ... Secrets - e-book cracking-sql-passwords Crc Press - The Hacker'S Handbook Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru ... source:http://www.freshwap.net/ebooks/430128-hacking-and-security-ebooks-collection.html url:http://hotfile.com/dl/88182214/af39ee9/Hacking_ebooks_collection.part01.rar.html |
Hacking Online Banking and Credit Card Transactions – And How to Prevent It
You go to a coffee shop for a cup of coffee and to utilize the shop’s Wi-Fi HotSpot to surf the web. You connect to the hotspot network and decide to perform some online banking or to purchase something online. By the way, this could happen to you at home, as well. As an end-user, you feel quite secure, as you see the lock in the bottom corner of your Internet browser, symbolizing that the online banking or online credit card transaction is safe from prying eyes. Your data, including username, password, credit card info, etc. will be encrypted with 128-bit encryption. So it's secure, right?
It is not uncommon to perform banking and to purchase products online with your credit card. It is also a common thought that doing so is secure, as this is done via SSL. For the most part, this is true and the sessions are secure. Discover Card, for example, posts the following statement on their website:

Figure 1The problem is that it is not “virtually impossible” for someone else to see your data, such as login information or credit card numbers. It can actually be relatively easy, as you’ll see, if you as an end-user are not knowledgeable about how you can be exploited and know the signs that this is occurring.

Figure 2 (Indicates a Secure SSL Session)Continuing with the scenario, what you didn’t realize is that a hacker has intercepted your Online Banking login credentials and credit card information and can now log into your Online Banking Website or purchase items with your credit card. How is this possible, since SSL was used and is hard to break? The answer is that you made a fatal mistake that subjected you to an SSL Man-in-the-Middle (MITM) attack.
Here’s how it’s done:
The hacker goes to coffee shop and connects to the same Wi-Fi network you are connected to. He runs a series of utilities to redirect other user’s data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate Server and to be the Man-the-Middle. The following diagram shows a very simplified graphic of how your SSL Banking session should work under normal conditions, then how it would work during an attack:

Figure 3 
Figure 4An important concept to grasp here is that a certificate is used to establish the secure SSL connection. This is a good thing, if you have a good certificate and are connecting directly to the website to which you intended to use. Then all your data is encrypted from your browser to the SSL website where the bank’s website will use the information from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, even if he is able to sniff your data.
This is a bad thing if you have a “Fake” certificate being sent from the hacker, and you are actually connecting to his machine, not directly to the bank’s website. In this case, your credentials are being transmitted between your browser and the hacker’s machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials.
Here are the exact steps a hacker could use to perform this attack:
The first thing he would do is turn on Fragrouter, so that his machine can perform IP forwarding

Figure 5After that, he’ll want to direct your Wi-Fi network traffic to his machine instead of your data traffic going directly to the Internet. This enables him to be the “Man-in-the-Middle” between your machine and the Internet. Using Arpspoof, a real easy way to do this, he determines your IP address is 192.168.1.15 and the Default Gateway of the Wi-Fi network is 192.168.1.1:

Figure 6The next step is to enable DNS Spoofing via DNSSpoof:

Figure 7Since he will be replacing the Bank's or Online Store’s valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:

Figure 8At this point, he is setup and ready to go, he now needs to begin actively sniffing your data passing through his machine including your login information and credit card info. He opts to do this with Ethereal, then saves his capture:

Figure 9He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he simply needs to do now is decrypt the data using the certificate that he gave you. He does this with SSL Dump:

Figure 10The data is now decrypted and he runs a Cat command to view the now decrypted SSL information. Note that the username is “Bankusername” and the password is “BankPassword”. Conveniently, this dump also shows that the Banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceeding page via SSL, prior to connecting to the page where you enter the sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. How this helps is that if you were to access this preceeding page first with a "fake" certificate and then proceeded to the next page where you were to enter the sensitve information, that page where you would enter the sensitive information would not display. That is because the page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, as you'll soon see:

Figure 11
With this information, he can now log into your Online Banking Account with the same access and privileges as you. He could transfer money, view account data, etc.
Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.

Figure 12

Figure 13By clicking “Yes”, they have set themselves up to be hacked. By clicking the “View Certificate” button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to the bad certificate:

Figure 14
(Good Certificate) (Bad Certificate) 
Figure 15
(Good Certificate) (Bad Certificate) 
Figure 16
(Good Certificate) (Bad Certificate)
It is not uncommon to perform banking and to purchase products online with your credit card. It is also a common thought that doing so is secure, as this is done via SSL. For the most part, this is true and the sessions are secure. Discover Card, for example, posts the following statement on their website:

Figure 1

Figure 2 (Indicates a Secure SSL Session)
The Attack
The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is not properly educated on an easy to do and well-known SSL exploit – SSL MITM.Here’s how it’s done:
The hacker goes to coffee shop and connects to the same Wi-Fi network you are connected to. He runs a series of utilities to redirect other user’s data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate Server and to be the Man-the-Middle. The following diagram shows a very simplified graphic of how your SSL Banking session should work under normal conditions, then how it would work during an attack:

Figure 3

Figure 4
This is a bad thing if you have a “Fake” certificate being sent from the hacker, and you are actually connecting to his machine, not directly to the bank’s website. In this case, your credentials are being transmitted between your browser and the hacker’s machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials.
Here are the exact steps a hacker could use to perform this attack:
The first thing he would do is turn on Fragrouter, so that his machine can perform IP forwarding

Figure 5

Figure 6

Figure 7

Figure 8

Figure 9

Figure 10

Figure 11
With this information, he can now log into your Online Banking Account with the same access and privileges as you. He could transfer money, view account data, etc.
Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.

Figure 12
Also Real Bad News for SSL VPN Admins
This type of attack could be particularly bad for corporations. The reason for this is that Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials to the corporate network and other systems.What an End-User Needs To Know
There’s a big step and end-user can take to prevent this from taking place. When the MITM Hacker uses the “bad” certificate instead of the “good”, valid certificate, the end-user is actually alerted to this. The problem is that most end-users don’t understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click “Yes”… and this is the fatal flaw:
Figure 13

Figure 14
(Good Certificate) (Bad Certificate)

Figure 15
(Good Certificate) (Bad Certificate)

Figure 16
(Good Certificate) (Bad Certificate)
How an End-User Can Prevent This
- Again, the simple act of viewing the certificate and clicking “No” would have prevented this from happening.
- Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesn’t look right. If you can’t tell, err on the side of caution and call your Online Bank or the Online store.
- Take the time to read and understand all security messages you receive. Don’t just randomly click yes out of convenience.
How a Corporation Can Prevent This
- Educate the end-user on the Security Alert and how to react to it.
- Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
- When using SSL VPN, utilize mature products with advanced features, such as Juniper’s Secure Application Manager or Network Connect functionality.
Conclusion
This type of attack is relatively easy to do in a public Wi-Fi hotspot environment. It could also easily happen on a home Wi-Fi network, if that Wi-Fi network isn’t properly configured and allows a hacker to connect to that home network (See Essential Wireless Hacking Tools for more info on securing your home network). An educated end-user and sound security practices by corporations can protect your valuable dataMake Money Online With the webmaster program that really converts!
Create a Dating Site for FREE!
DIY-Dating enables you to create your own profit making dating or adult contacts sites for FREE.
You can create a dating or adult personals web site with an established membership database that has the potential to earn you a considerable extra income.
You can create a dating or adult personals web site with an established membership database that has the potential to earn you a considerable extra income.

Revenue Share Program
Earn up to 88% commission on initial upgrade transactions. Each time a member from your site upgrades their account to 'full membership' status, you get up to an 88% share of the fee paid.
Maximise your revenue with up to an 82% commission share on all recurring payments.
Maximise your revenue with up to an 82% commission share on all recurring payments.

Setup a New Website Instantly!
You can have a fully functional site up and running in less than 10 minutes!
It will take a little longer if you have your own domain name but domain set up is quick and efficient.
It will take a little longer if you have your own domain name but domain set up is quick and efficient.

Huge Earning Potential!
The DIY-Dating system provides you with an excellent platform for generating extra income in your spare time. Webmasters with 100 or more profiles get 6 months full membership free to a dating profile of your choice!
Pre-Existing Contacts!
With DIY-Dating as soon as you create your site it will be automatically populated with thousands of pre-existing contacts. This is great news for you as a dating webmaster and even better news for your potential members!
All the Information You Will Need!
DIY-Dating provides a vast amount of statistical information to all webmasters covering a wide variety of topics. We are also fully compatible with Google Analytics.
Feature Packed Toolset!
At DIY-Dating, we provide you with an extensive tool set enabling you to edit even the finer details of your site.







1) There are many different kinds of bets that can be placed on a roulette table, fortunately this system doesn't use any of the complex ways to bet.
3) The Martingale Roulette System involves always betting on either red or black. The goal is to win £1 over and over again. To do this start by betting a £1 chip on black.
5) If the ball does not land on black (and hence you lose £1), on the next spin double your bet to £2 on black. If the next spin lands on black you will win £4. This will cover the £3 you lost in the first spin plus a profit of £1. You then clear all your chips off the table and start over again with £1 on opposite colour, so in this case Red.
This might not sound like much but it takes less than 30 seconds to do this that’s the same as 

No comments:
Post a Comment