Monday, 26 April 2010

Practical 1.1 & 1.2

Practical 1.1

Rss reader is a useful tool in bringing users update-to-date updates on websites/blogs/etc.
It is useful as it does not need the user to go to the website to check for the updates themselves and also, it is easy to use.

Below is the tutorial I used to learn how to use Rss reader.



Firstly, users will have to sign up with Google reader.
http://www.google.com/reader

Next, click add a subscription and add a subscription of the user's website which he wish to receive updates on. (Shown by the red text in pic below.)

It will appear under Subscriptions.
(Shown by blue text.)


(Click on it for a clear view)

Practical 1.2

The purpose of this practical is to provide examples of the type of information that attackers can gather using search engines. Google Reconnaissance is used by these attackers to retrieve unprotected information or information that is able to be used in an attack.

First, I used Google search engine under advance search, I searched for "login:*" and "password=*" file type Microsoft Excel files. The asterisk (*) means wildcard and documents that contain words login and password are shown.


Note: Only the password is being censored off by the asterisk.

Next, I search for "index.of passlist" which would provided me with documents which would show the login names and passwords. However, I was unable to find any of such things. The closest I was able to find was this.



Basically I learn that these attackers could make use of search engines to search for other people's private information to use it against them. Such information being appeared on the net is risky as it might involve information like Bank account pin numbers and credit card numbers.