Is “Inspect Element” in internet browser is a Security Loophole?

Inspect Element: How to Temporarily Edit Any Webpage

Right-click on any web page, click Inspect, and you’ll see the innards of that site: its source code, the images and CSS that form its design, the fonts and icons it uses, and the Javascript code that powers animations and more. You can see how long the site takes to load, how much bandwidth it took to download it, and the exact color used in its text.Or, you could use it to change anything you want on the page.

With the help of an inspect element option scammers are cheating innocent people. 

Scammers call innocent people in the name of big brand computer companies like Microsoft , Dell, Hp and many more and mention they will provide free service and  take remote support access to their computer & laptop by using free software like “teamviewerammyy admin, show my pc” and somehow force people to open their online bank account and after that they make their screen go black (Option available in remote support software’s ) and they use inspect element to temporary edit their bank transactions see the bellow images I did few changes in my own bank account with the help of Inspect Element

 

Before

Image 1: Before using Inspect Element

afterImage 2 :After using Inspect Element.

See the yellow circles in 1st image and see the red circles in 2nd image. I have changed the figures in 2nd image using inspect element.

I hope you understand how scammers use this to fool innocent people. 

Don’t use this trick to cheat or fool people, I did this to my own bank account for the sake of education purpose and to make people aware of this scammers trick. 

 

 

Advertisements

Edward Snowden’s critic on Google’s messaging app “Allo” is baseless.

Google is yet to come with a powerful messaging application to challenge competitors like WhatsApp, Facebook messenger, Telegram & iMessage. Calling it simply a messaging application will be an understatement as it is powered with super cool features like AI tech, Google assistance integration, Snapchat-like photo inking and WhisperShout with which you can change the font size of a message to make an impression. Despite these appealing gags what makes famous whistle blower & former NSA contractor Edward Snowden upset is the fact that Google has kept its end-to-end encryption turned off by default. In a recent tweet Snowden referred Allo as “dangerous and “unsafe” suggesting users to avoid it for security breaches.

111

Let me explain end-to-end encryption first-it ensures that the messages sent are protected by the ends of two parties only (i.e, receiver & sender) no one else can read it not even the service provider, your messages are secured with a lock which can be decipher only with a special key which only you & the recipient have to read the message. As the security issues are increasing day by day so is the demand to keep everything private nobody wants to be spied by any government agencies or let the hacker have a free fun show.

There were many instances when end-to-end encryption was claimed but still the company introduce some backdoor to eavesdrops their users willingly or unwillingly .In 2013 information leaked by Edward Snowden showed that popularly known video calling app Skype had a back door which allowed Microsoft to hand over user’s message to the NSA despite the fact that those message were end-to-end encrypted .So what’s actually happening is users are being deceived into exploiting their privacy which cannot be accepted but it must be understood first that Google do have end-to-end encryption but it is kept turned off by default because Allo supports many features which cannot be operated while end-to-end encryption is applied .Sure Mr. Snowden had shown concern over Allo’s security and suggested to avoid it because similar messaging app like WhatsApp and iMessage is end-to-end encrypted by default so why compromise with security & switch to less secured one? The answer is-comparing WhatsApp with Allo is a pure stupidity, where WhatsApp is solely for messaging Allo has AI based tech like assistance integration which entirely feeds upon user data to give desired results. Let’s have a look at some of Allo’s feature to fully understand the concept why Google needs to feed upon user data.

1-Expressiveness_animation_v4-GIF_abbrev.gif2-Smart-Replies_animation_v6-GIF_abbrev3-Gbot_animation_v4-GIF_abbrev (1)

 

Well already many messaging app has their root set in market so what does Google do to make people switch from their usual messaging app to Allo? It calls for something cool tech like Artificial intelligence to lure the users as it is most trending technology Google is head bent on mastering machine learning into its applications. Allo can do much beyond receiving & delivering messages it is associated with your phone number and runs on your android device. It can generate automated replies to the incoming text or picture which is just similar to the way you do, cool eh? So how do they do it? Simple it’s machine learning, Google AI gathers information through your chat understand context perform common sense reasoning & here you go it thinks just like you. The more you use Allo, smarter it gets. It also understand your conversation & provide suggestion like if you text-“I am hungry let’s catch some Chinese food” Google will automate a search & pop up Google cards suggesting nearby Chinese restaurant even you can book table through the app, hence Allo is not only a messaging app but it’s like a personal assistance too which can help you search nearby places to dine in, book tables, movie tickets search for things, yeah it can do the job of your browser too, you just got to ask @google “your question” and voila it’s like talking to a personal assistant. So how come is it all possible when you can’t share your conversation with Google & keep it secret with end-to-end encryption? But still if you think that your privacy is more important than trying out effective technologies like AI then Google has covered it up too, This is why incognito mode (yeah similar to chrome browser) is introduced you can switch to that & it’ll automatically apply end-to-end encryption & all your message get further encrypted using single protocol and auto-deleted which ensures only you and the recipient read the messages but mind you now you have to explicitly invoke Google AI to interact with so even with privacy everything is not lost

Here is another tweet by Edward Snowden which causes quite the stir

22

Let’s throw some light on this story. A co-leader on Google’s product security team Thai Doung blogged that he would personally prefer end-to-end encryption by default then later deletes some of its content .In a discussion later Doung clears that the end-to-end encryption isn’t called by default because the main purpose of this app is to benefit users preferring to use AIlo AI assistance to process auto-reply based on the content so it won’t work calling end-to-end encryption by default. There were just minor updates to his post which he later explained by saying that-

“I erased a paragraph from this post because it’s not cool to publicly discuss or to speculate the intent or future plans for the features of my employer’s products, even if it’s just my personal opinion.”

 So nowhere it directs that Google security expert hinted Allo unsafe. Even Edward Snowden makes some adjustment in his posts that doesn’t mean they were caught doing a crime. Critics are stressing more about privacy against NSA and other creepy government agencies but what normal people want is just the physical privacy of their devices like it won’t get into the hands of their kids, spouse or strangers not NSA and AI agent well they might worried about privacy against NSA also if only they knew what they are up to then again we have incognito for that, just a single click is needed to move out from normal to incognito mode which won’t be a harassment for any users I think then how come Allo is unsafe and dangerous? Even while in normal mode an Artificial intelligence run by google (not any human or any google employee) can read your message analyze it through machine learning, understands what do you want & then gives timely and useful outcome.

So all I can conclude is that Allo is a smart approach towards Artificial intelligence to make messaging much easier and fun. It is packed with useful features to enhance user experience and there is absolutely nothing to worry about its security concerns as it as safe and sound as any other existing messaging apps as well as choice is all yours whether to go end-to-end encrypted or to enjoy AI tech.

 

Universal Second Factor (U2F)

Universal Second Factor (U2F)
–hassle free dual authentication security token to strengthen online protection
Securely log into your account in a matter of few seconds with U2F supported USB stick

 

u2f

Online security is becoming a major concern due to frequent hi-tech hacks & online scamming. We are living in a digital world where everyone prefers hassle free online services but every technology has pros & cons where it’s pretty effective & convenient to use, it can be very dangerous too once your credentials get laid in a wrong hand. There are enough malware companies & online frauds to trick costumes into revealing their login credential to access bank accounts, demand accounts online payment services & other social media accounts. As hackers are getting smarter we got to think ahead of them to secure ourselves from online frauds. We want to have both hassle free & secure access to our account though it was not easy to carry out both. To protect our accounts from password cracking hacks like brute force attack we need to have a strong password which will have numeric’s & combination of weird alphabets throwing in some capitalization spiced up with some symbols which almost sounds & look like gibberish to sign in our head then we give up & compound our folly with same weak & easy to remember passwords like our pet’s name D.O.B “password1” & so which can be hacked through social engineering like a child’s play. Unfortunately, even strong passwords aren’t enough to secure from ever increasing cyber crime. In an attempt to overcome the risk of password cracking universal two-way authentication came into existence.

Let me explain you what does universal authentication mean-we secure our accounts with username/email ID & passwords these credentials are stored within the database & whenever we require to login to our account we are asked to enter our credentials which the system will verify checking into the database once it’s found it’ll be universally authenticated & you will be logged in, well this is one-way authentication which requires only password to login. So whoever gets hold of your password can easily bypass this system. Two-way authentication eliminates this vulnerability of accessing account with just the password as it requires two things-1) something you know that’s password 2) something you have like verification code send to your mobile device or email and you prove it that you have access to your verified device. Smart cards & bank cards like debit or credit cards is currently using something you have like verification code send to your mobile device or email and you prove it that you have access to your verified device. Smart cards & bank cards like debit or credit cards is currently using the same technology as it requires both a physical card which you will have & pin number which you know, without either of these missing you cannot do a transaction. Google is already using this technology for a long time but it has now improved by bringing in the concept of a universal second factor. Although dual authentication provides us with double layer of protection it is also kind of clumsy to use as we’ll need to check out our phone or email ID for the verification code & then get back to the login process, so it’s like a headache when we are in a hurry. However hackers can set up a look alike site that ask you to provide your verification code hence we can be tricked in that case too.U2F technology spare us with this burden as it provides super easy way to login to our any numbers of online accounts securely with two ways authentication by just inserting a USB device having the security key pre-installed in it, which will be automatically identified by the browser & voila you are done without even needing client software or driver so say goodbye to looking up into verification code then jumbling with it to login. Google U2F provides protection against phishing scams as it uses cryptography instead of verification codes & automatically works with only the website it is supposed to work. Hope you all have understood the basic of U2F let’s move on to its technicalities & working.

U2F was made by Google with Yubiko working in partnership with contribution from NXP. This standard is in use by FIDO alliance which includes Google, Microsoft, PayPal, American Express, Visa, Intel, Qualcomm, ARM, Bank of America & many other massive companies. Soon this technology will be all over the web. To use U2F you need to buy to a small security key USB device with the FIDO U2F logo that you insert into your computer’s USB port. U2F currently only works with Google chrome browser version 40 or newer, although it is compatible with all OS like Mac Microsoft or Linux. When you insert the USB device, the chrome browser on your computer can communicate with the USB security key through secure encryption & provide the correct response that lets you log into a website. It provides protection from man in the middle attack also as the verification is directly send to the USB that too securely encrypted so there is no chance of data leak over a vulnerable network. This U2F security key is linked with your Google account & you can use it with all your devices to securely log into your various online accounts. So you can carry this little USB device as a car key with you always & use it to get into your accounts easily on the go. It has some inconvenience to as it requires a USB port to connect to so it is not compatible with a mobile-only users but in near future it will with paired Bluetooth device to enable mobile phone U2F application. You have to be extra careful not to lose it because once it gets into the hand of someone who knows your password then it’ll serve as a full plate meal to snob off your account.

So overall it’s a smart technology to strengthen online security covering all possible loopholes in internet. It provides both quick & secure access to our accounts so we can easily do online transaction on the go without worrying about risking our confidentiality. Soon all type of business will be backed by U2F technology to offer simple & protected two-way authentication. As hackers are getting more sophisticated strong password are no longer secure to protect us so we need to upgrade our arsenal with smart technologies to step up our defense.

References 

Wikipedia, Google Support .

Cyber Security

article-2260221-16E238A1000005DC-318_634x395

Cyber security is the area I am interested in. Cyber security is very vast there are plenty of areas come under cyber security. I am interested in online scam and frauds. Now a days everything is online, we do online shopping, pay our phones, electricity and other bills online and online Banking is mostly use by everyone. Hackers and scammers are also taking advantage of an internet and stealing money and cheating people online. Day by day online scam is spreading very fast, last month one of my friend he is also a student of NMIT became the victim of scams and lost $1000 dollars. There are many factors why I am interested in this area. First of all, this is totally wrong and a serious crime. I have heard scams mostly make target old people age between 50-70 years they are easy target because they don’t know much about online banking and about computers and scammers call them in the name of repeated computer companies like Microsoft, Dell, AVG or pretend they are calling from bank and tell them fake things and steal their money, innocent people lost their life hard earning saving. In my home country, I have seen many fake call centres are running tech support scam and they are miss guiding the youngsters in the name of International Call Centre and making them the part of this crime. The worst part is young students are leaving their studies for this job and destroying their career and this is the serious threat to my country because education is very important and without proper education none of the country can go in the right direction. I did a small research about this and I know few things about this like mostly English speaking countries (US, UK, Australia, Canada, New Zealand) are the main target of the scammers, 80% scams are happening from other countries, I discussed this matter with Mikko Hyppönen, how to stop online scam and how to stop youngster to go at wrong direction. He advised me the best way is to aware people out this. I don’t know why government is not taking this matter seriously and scammers are moving freely. My future aim is to do vast research about online scam and aware people so that they can’t get into trap. 

 online resources :

http://www.police.govt.nz/advice/email-and-internet-safety/online-identity-theft

https://www.eset.com/fileadmin/Images/US/Docs/conference_papers/Harley-etal-VB2012.pdf

https://www.fbi.gov/scams-safety/fraud/fraud#telmkt

 

Academic Paper -Answers

Did the abstract tell you the three things I said it should? If not, what did it tell you?

1. What the research/paper/article topic is

  • The topic is about online crime and gambling fraud.

2. What the authors/researchers did and

  • The researcher explained gambling fraud on the Internet, types of gambling fraud that currently operate on Internet and suggested government to examine this area empirically and for research to be initiated in this newly emerging area of criminologist concern.

(a). What they discovered/or created/or concluded.

  • They discovered that how people get victimized of online gambling, type of online gambling fraud and cross-border investigations are the rarity and there are often only weak extradition treaties and because of this, cyber-criminals do not get caught and/or do not reach the courts.

(b). what seems to be the research question(s) they were trying to answer?

  • They were trying to answer that how online gambling and frauds are running, how the people are getting trapped online and why the cyber-criminals do not get caught.

(c). what method(s) did they use to answer the question(s)

  • Author did the research and read many articles where victims posted about how they got trapped in the online frauds.

(d). How credible do you think the paper is?

  • The journal has higher credibility because the details given by the author are his research study and he is a Professor of gambling studies and Director of the International Gaming Research Unit at Nottingham Trent University. We all know that these days’ cyber crime and online fraud are an alarming issue that traps large number of people every year and hence this makes the topic more credible.

(e). did you agree, or not, with what they wrote in their conclusion? Why?

  • I agree with what they wrote in the conclusion, online fraud is an international issue and thinking about the cyber criminal master mind we can compare the technology used by them and us has a vast difference, pacing with the cyber criminals should be the first priority.

(f). briefly describe two things that you learnt from the paper.

  • Things that I have are the types of fraud that are done online and how do the cyber criminals trap the people. Criminals almost make a copy of the original website by copying or stealing the design so that their fake website looks like an original and people can trust and invest their money.

(f). in no more than 250 of your own words (i.e. a paraphrase), describe what the paper is about – you could start with “This paper describes……….”

  • This paper gives an overview of gambling fraud on the internet. Gambling is often associated with crime. The relationship is easy to understand. Many types of gambling have been, indeed still are, illegal. Hence, by definition, criminals are the only operators of the games. There are different levels of criminal organization, distinguished by their complexity of division of labor, coordination of roles, purposefulness of association between criminals, and ability to avoid, evade, or neutralize security systems and law enforcement. Hackers manufacture malware, technical intelligence, and personal information or merchandised it to others via the underground economy. They steal personal and financial information. Technology is used for exploiting people. People get easily trapped into the fraudsters play and lose their money. People get attracted by the offer set the fraud gamblers and they take the risk of their money be earn many in the very short period of time. Many cyber criminals are sitting outside of the country and doing cybercrime, authorities are failed to take action against them due to cross border, every country have different law and without permission of the government any outside authority cannot do anything and the authorities are struggling. Cyber-crime is hard to deal compared to other crimes and so these should be put on the priority list of the country that are suffering most.

Crime and gambling

This paper gives an overview of gambling fraud on the internet. Gambling is often associated with crime. The relationship is easy to understand. Many types of gambling have been, indeed still are, illegal. Hence, by definition, criminals are the only operators of the games. There are different levels of criminal organization, distinguished by their complexity of division of labor, coordination of roles, purposefulness of association between criminals, and ability to avoid, evade, or neutralize security systems and law enforcement.

The fraudsters/ hackers:
Hackers manufacture malware, technical intelligence, and personal information or merchandised it to others via the underground economy. They steal personal and financial information.

Few types of gambling fraud on the Internet and those are:
1. Lottery scams: the fraudster’s sends bogus emails to the people saying that they have won lottery of huge amount, and to claim the amount they asks people’s bank account details, and then asks them to pay a certain fee to claim the lottery amount.

2. Fake gambling site scams: fraudsters steal the design and testimony of the original site, government site or any other trustworthy site so that their fake site looks similar and can fetch potential individuals. A fake gambling site is simply a website that has copied parts or entire gambling websites. Given that individual believes that they are original websites and they happily handover their money to these websites and obviously do not win any money.
3. Betting software scams: these software systems promise to accurately predict results, usually of horse races, other sports or even share market movements. Horse racing versions of this software often claim that the predictions are based on weather conditions, the state of the horse, the draw or the condition of the jockey. Scammers charge a lot of money for this software but once purchased the systems do not work as promised and buyers cant get their money back.

Conclusion:
Technology is used for exploiting people. People get easily trapped into the fraudsters play and lose their money. Criminals are expertise and the authorities are struggling. Cyber crime are hard to deal compared to other crimes and so these should be put on the priority list of the country that are suffering most.

 

This is the link of my academic article:

http://www.internetjournalofcriminology.com/griffiths_%20gambling_fraud_jan_2010.pdf

Academic article

For my assessment two I am thinking to make my assessment related to cyber crime and online scam.

I have searched an academic paper

Title : Crime and gambling: A brief overview of gambling fraud on the Internet

Author: Mark Griffiths

I found the article in Google Scholar

Keywords I used : Online Scam

Kind of article : Online Journal

I think it is an academic article because in this journal title and author name is available, abstract is also their and few reference are also present.

Why I am interested to read : Their are many things why I am interested to read this. First of I am IT student and a Global Certified Ethical Hacker I love to read and research about cyber crime and things related to internet. Secondly we all are using internet and most of us received many fake email to trap us .So I believe we all have to know how bad people are cheating innocent people.The best way to protect yourself is to know what is good and bad for you.

This is the link : http://www.internetjournalofcriminology.com/griffiths_%20gambling_fraud_jan_2010.pdf

Shafique Ahmed