Mekelle

University
Ethiopia institution of Technology-Mekelle
 Department of Computer
Science
&
Information system

Computer Security Assignment

Name ID
1. Yonas Assefa ce/ur0143/02
2. KibromTewolde ce/ur0100/02
3. Kirubel Dereje ce/ur0101/02
4. Mohammed Abdirkadir cet/ur0738/01
5. Milkyas Desta ce/ur0109/02
6. Mikias G/ab ce/ur0107/02
7. Takele Assefa ce/ur147/02
 Submited to L.Lelt
Date of submition 27/5/2013
1. In this writing we will be discussing about attacks on TCP/IP layer and which TCP/IP layer
they attack.

We will be starting the report by first defining what is TCP/IP?. TCP/IP is asset of protocols
developed to allow cooperating computers to share resource across anetwork. It was developed by a
community of researchers centered around the ARPAnet. Then the ARPAnet eventually became
what we now know as the Internet.
All the Attack we will going to see will happen in one of the following Layear.
 A. ARP cache poisoning :
First let as try to see how ARP cache work. All devices that are connected to network have an ARP
cache. This cache contains the mapping of all the MAC and IP address for the network devices a
host has already communicated with. Generally ARP protocol consists of the following 4 basic
messages
1. Computer ‘A’ will send ARP request on the network and asks, “who has this IP?”
2. All the other computers on the network will ignore the request except the computer which has the
requested IP. Let say this computer is Computer B. let’s say ‘B’ says, I have the requested IP address
and here is my MAC address.
3. RARP request: This is more or less same as ARP request, the difference being that in this message
a MAC address is broad-casted on network.
4. RARPreply:Same concept. Computer ‘B’ tells that the requested MAC is mine and here is my IP
address.
 Now let us see how ARP cache poisoning work:-
ARP protocol was designed to be simple and efficient but a major flaw in the protocol is lack of
authentication. No authentication was added to its implementation and as a result, there is no way to
authenticate the IP to MAC address mapping in the ARP reply. Further, the host does not even check
whether it sent an ARP request for which it is receiving ARP reply message.
Or simply if computer ‘A’ has sent and ARP request and it gets an ARP reply, then ARP protocol by
no means can check whether the information or the IP to MAC mapping in the ARP reply is correct
or not. Also, even if a host did not send an ARP request and gets an ARP reply, then also it trusts the
information in reply and updates its ARP cache. This is known as ARP cache poisoning.
B. Packetsniffing:
This TCP/IP Layer attack works by capturing TCP/IP packets that pass through your network
adapter, and view the captured data as sequence of conversations between clients and servers.
And "packet sniffers" work on layer 2.
For example: Smart Sniff is a network monitoring utility that is used to sniff packet data’s.
C. IP Spoofing:
IP spoofing can takes place because there is a security weakness in the TCP protocol known as
sequence prediction.
IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker
gains unauthorized access to a computer or a network by making it appear that a malicious message
has come from a trusted machine by “spoofing” the IP address of that machine.
IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood
the victim with overwhelming amounts of traffic, and the attacker does not care about receiving
responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks.
They have additional advantages for this purpose—they are more difficult to filter since each
spoofed packet appears to come from a different address, and they hide the true source of the attack.
IP spoofing can also be a method of attack used by network intruders to defeat network security
measures, such as authentication based on IP addresses. This method of attack on a remote system
can be extremely difficult, as it involves modifying thousands of packets at a time. This type of
attack is most effective where trust relationships exist between machines. For example, it is common
on some corporate networks to have internal systems trust each other, so that users can log in
without a username or password provided they are connecting from another machine on the internal
network (and so must already be logged in). By spoofing a connection from a trusted machine, an
attacker may be able to access the target machine without an authentication.
Also we can list other type of IP spoofing:-
 Non-Blind Spoofing -This type of attack takes place when the attacker is on the same subnet as the
victim.Blind Spoofing, Man In the Middle Attack, Denial of Service Attack, Misconceptions of IP
Spoofing.
D. IP Fragment Overlap (Tear Drop).
Since the idea IP fragmentation is big concept let’s see if the IP fragmentation itself in simple
words.IP fragmentation is the process of breaking up a single Internet Protocol (IP) datagram into
multiple packets of smaller size. Every network link has a characteristic size of messages that may
be transmitted, called the maximum transmission unit (MTU).Part of the TCP/IP suite is the Internet
Protocol (IP) which resides at the Internet Layer of this model. IP is responsible for the transmission
of packets between network end points.
The IP fragment overlapped exploit occurs when two fragments contained within the same IP
datagram have offsets that indicate that they overlap each other in positioning within the datagram.
This could mean that either fragment A is being completely overwritten by fragment B, or that
fragment A is partially being overwritten by fragment B. Some operating systems do not properly
handle fragments that overlap in this manner and may throw exceptions or behave in other
undesirable ways upon receipt of overlapping fragments. This is the basis for the teardrop Denial of
service attacks.

E. Ping of death:
A ping of death (abbreviated "PoD") is a type of attack on a computer that involves sending a
malformed or otherwise malicious ping to a computer. A ping is normally 56 bytes in size (or 84
bytes when the Internet Protocol [IP] header is considered); historically, many computer systems
could not handle a ping packet larger than the maximum IPv4 packet size, which is 65,535 bytes.
Sending a ping of this size could crash the target computer.
F. Smurf attack:

The Smurf Attack is a denial-of-service attack in which large numbers of ICMP

packets with the intended victim's spoofed source IP are broadcast to a computer
network using an IP Broadcast address. This causes all hosts on the network to reply
to the ICMP request, causing significant traffic to the victim's computer.

If the routing device delivering traffic to those broadcast addresses delivers

the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that
IP network will take the ICMP request and reply to it, multiplying the traffic by the
number of hosts responding. On a multi-access broadcast network, hundreds of
machines might reply to each packet. According to CERT-CC, the name Smurf comes
from name of one of the exploit programs used to execute the attack.
G. ICMP Redirect message:
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet
Protocol Suite. It is used by the operating systems of networked computers to send error messages
indicating, for example, that a requested service is not available or that a host or router could not be
reached.Every device on an internetwork needs to be able to send to every other device. If hosts
were responsible for determining the routes to each possible destination, each host would need to
maintain an extensive set of routing information. Since there are so many hosts on an internetwork,
this would be a very time-consuming and maintenance-intensive situation. Instead, IP internetworks
are designed around a fundamental design decision: routers are responsible for determining routes
and maintaining routing information. Hosts only determine when they need a datagram routed, and
then hand the datagram off to a local router to be sent where it needs to go. I discuss this in more
detail in my overview of IP routing concepts. Since most hosts do not maintain routing information,
they must rely on routers to know about routes and where to send datagrams intended for different
destinations. Typically, a host on an IP network will start out with a routing table that basically tells
it to send everything not on the local network to a single default router, which will then figure out
what to do with it. Obviously if there is only one router on the network, the host will use that as the
default router for all non-local traffic. However, if there are two or more routers, sending all
datagrams to just one router may not make sense. It is possible that a host could be manually
configured to know which router to use for which destinations, but another mechanism in IP can
allow a host to learn this automatically.

H.ICMP Destination Unreachable:

Since the Internet Protocol is an unreliable protocol, there are no guarantees that a datagram sent by
one device to another will ever actually get there. The internetwork of hosts and routers will make a
“best effort” to deliver the datagram but it may not get where it needs to for any number of reasons.
Of course, devices on an IP network understand that and are designed accordingly. IP software never
assumes its datagrams will always be received, and higher layer protocols like TCPtake care of
providing reliability and acknowledgements of received data for applications that need these
features.

This setup, with higher layers handling failed deliveries, is sufficient in some cases. For example,
suppose device A tries to send to device B, but a router near B is overloaded, so it drops the
datagram. In this case the problem is likely intermittent, so A can retransmit and eventually reach B.
But what about a situation where a device is trying to send to an IP address that doesn't exist, or a
problem with routing that isn't easily corrected? Having the source just continually retry while it
remains “in the dark” about the problem would be inefficient, to say the least.

So in general, while IP is designed to allow IP datagram deliveries to fail, we should take any such
failures seriously. What we really need is a feedback mechanism that can tell a source device that
something improper is happening, and why. In IPv4, this service is provided through the
transmission of Destination Unreachable ICMP messages. When a source node receives one of these
messages it knows there was a problem sending a datagram, and can then decide what action, if any,
it wants to take. Like all ICMP error messages, Destination Unreachable messages include a portion
of the datagram that could not be delivered, which helps the recipient of the error figure out what the
problem is.

I.TCP SYN Flood Attack.

TCP SYN Flood Attack is one of Denial of Service (DoS) attack known as(TCP SYN
Flooding). The attack exploits an implementation characteristic of the Transmission Control
Protocol (TCP), and can be used to make server processes incapable of answering a legitimate client
application's requests for new TCP connections. Any service that binds to and listens on a TCP
socket is potentially vulnerable to TCP SYN flooding attacks. Because this includes popular server
applications for e-mail, Web, and file storage services, understanding and knowing how to protect
against these attacks is a critical part of practical network engineering. The attack has been well-
known for a decade, and variations of it are still seen. Although effective techniques exist to combat
SYN flooding, no single standard remedy for TCP implementations has emerged. Varied solutions
can be found among current operating systems and equipment, with differing implications for both
the applications and networks under defense. This article describes the attack and why it works, and
follows with an overview and assessment of the current tactics that are used in both end hosts and
network devices to combat SYN flooding attacks.

J. TCP Sequence Number Attack:

A TCP sequence prediction attack is an attempt to predict the sequence number

used to identify the packets in a TCP connection, which can be used to counterfeit
packets.

The attacker hopes to correctly guess the sequence number to be used by the
sending host. If they can do this, they will be able to send counterfeit packets to the
receiving host which will seem to originate from the sending host, even though the
counterfeit packets may in fact originate from some third host controlled by the
attacker. One possible way for this to occur is for the attacker to listen to the
conversation occurring between the trusted hosts, and then to issue packets using the
same source IP address. By monitoring the traffic before an attack is mounted, the
malicious host can figure out the correct sequence number. After the IP address and
the correct sequence number are known, it is basically a race between the attacker and
the trusted host to get the correct packet sent. One common way for the attacker to
send it first is to launch another attack on the trusted host, such as a Denial-of-Service
attack. Once the attacker has control over the connection, it is able to send counterfeit
packets without getting a response.

K. TCP RST and TCP FIN Attack:

TCP RST Attack, also known as "forged TCP resets", "spoofed TCP reset packets" or "TCP reset
attacks". These terms refer to a method of tampering with Internet communications. Sometimes, the
tampering is malicious, other times, it is beneficial.

TCP FIN Attack,A connection-killing attacked can be used by one person – either
on a user’s internal network or a hosts’ internal network – to prevent one of the
parties from communicating with the other.

This attack relies on 3 common networking vulnerabilities.

 Any transmission is broadcast to all of the other users on your internal

network. These conversations can be captured and analyzed using a packet
sniffer.
 When you send out a data packet, it contains your IP address and a destination
address. But there is no mechanism in place to enforce the accuracy of these
details. Anyone can issue a packet which lists your IP address as the sender,
and the recipient would have no way of knowing.
 Most online interactions are initiated, processed and closed using 3 common
TCP flags. A SYN flag initiates the conversation, then both parties send ACK
flags back and forth until someone issues a FIN flag to terminate the
conversation.

L. UDP Flooding:

A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a
session less/connectionless computer networking protocol.

Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control
Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP
packets to random ports on a remote host. As a result, the distant host will:

 Check for the application listening at that port;

 See that no application listens at that port;
 Reply with an ICMP Destination Unreachable packet.

Thus, for a large number of UDP packets, the victimized system will be forced into sending many
ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also
spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not
reach them, and anonym zing their network location(s). Most operating systems mitigate this part of
the attack by limiting the rate at which ICMP responses are sent. The software UDP Unicorn can be
used for performing UDP flooding attacks. This attack can be managed by deploying firewalls at key
points in a network to filter out unwanted network traffic. The potential victim never receives and
never responds to the malicious UDP packets because the firewall stops them.

M. Port Scan Attack:

A port scanner is a software application designed to probe a server or host for open ports. This is
often used by administrators to verify security policies of their networks and by attackers to identify
running services on a host with the view to compromise it. A port scan or port scan can be defined as
an attack that sends client requests to a range of server port addresses on a host, with the goal of
finding an active port and exploiting a known vulnerability of that service, although the majority of
uses of a port scan are not attacks and are simple probes to determine services available on a remote
machine.

N. Land Attack:

LAND (Local Area Network Denial) attack is a DoS (Denial of Service) attack that consists of
sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was
actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years
later in operating systems such as Windows Server 2003 and Windows XP SP2.

And to see how it workthe attack involves sending a spoofed TCP SYN packet (connection
initiation) with the target host's IP address to an open port as both source and destination. It is,
however, distinct from the TCP SYN Flood vulnerability.A LAND attack involves IP packets where
the source and destination address are set to address the same device. This causes the machine to
reply to itself continuously.Other LAND attacks have since been found in services like SNMP and
Windows 88/tcp (Kerberos/global services). These were design flaws where the devices accepted
requests on the wire appearing to be from themselves, causing repeated replies.

O. DNS Spoofing:

DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced
into a Domain Name System (DNS) name server's cache database, A domain name system server
translates a human readable domain name (such as example.com) into a numerical IP address that is
used to route communications between nodes. Normally if the server doesn't know a requested
translation offhand it will ask another server, and the process continues recursively. When a DNS
server has received a non-authentic translation and caches it for performance optimization, it is
considered poisoned, and it supplies the non-authentic data to clients. If a DNS server is poisoned, it
may return an incorrect IP address, diverting traffic to another computer (often an attacker's).

P. Telnet Attack:

We encounter three type of Telnet attacks.

This are:-
1.Telnet communication sniffing.
2. Telnet brute force attack.
 3. Telnet DoS – Denial of Service.
1. The biggest security issue in telnet protocol is surely lack ofencryption. Every
Communication from remote device to networking device that we are configuring is sent in plain
text. Of course, that is big security issue and in situations where we use telnet we are making our
command vulnerable to frame sniffing. Attacker can easily see what are we configuring on that
device and furthermore he can see the password that we have used to connect to device and enter
configuration mode.
2. Brute force password attack starts with the attacker using a list of common passwords and a
program designed to try to establish a Telnet session using each word on the dictionary list. You can
imagine attacker sitting on the computer all day and trying to guess your switch or router password.
He is to smart to do this. Instead he has the programming skills and makes a program that can make
this for him and maybe hundreds of times faster. He simply tells the program to use English
dictionary and try all the words inside. If you use word “bird” for your telnet access the program will
need a couple of second to get to this word in the dictionary and try it on the telnet connection. (First
will try all the words that begin with A, then B and so on…).
3. Another type of Telnet attack is the DoS – denial of service attack. DoS attacks in general is
simply a way to disrupt the communication of two network devices by using all the bandwidth that
they connection has to offer. To do so attacker sends many not useful and irrelevant data frames and
in this manner suffocate the connection. The genuine communication will not be able to get across
this connection and will not function. This sort of attack can be also used to prevent network
administrators to telnet into their devices.

Q.FTP Attack:

FTP bounce attack is an exploit of the FTP protocol whereby an

attacker is able to use the PORT command to request access to ports indirectly
through the use of the victim machine as a middle man for the request. This technique
can be used to port scan hosts discreetly, and to access specific ports that the attacker
cannot access through a direct connection. nmap is a port scanner that can utilize an
FTP bounce attack to scan other servers. Nearly all modern FTP server programs are
configured by default to refuse PORT commands that would connect to any host but
the originating host, thwarting FTP bounce attacks.

This Attack can be used to

-transfer data anonymously

-slip past application based firewalls

-remotely portscan
R. SMTP Attack.

Spammers often use open relay mail servers to hide their identity. These servers do
not have proper limitation on relaying, they accept mails from everyone and deliver to
everyone.

Most mail servers on the Internet are secured against unauthorized relaying using IP-
based relay restrictions, but many of them still allow authenticated users to relay. This
is the default setting on Exchange 2000/2003 servers and it is not a security risk as
long as the user accounts are protected.

Starting from July 2003 we received a number of reports from ORF users
complaining about unexpected authenticated sessions showing up in the ORF logs,
increased network traffic and unwanted relaying.

Soon after the first reports, we realized that spammers invented a new technique to
hijack mail servers: they search for weakly protected user accounts by SMTP
authentication attempts and use the accounts discovered to get relay rights. Once they
successfully authenticate using the user credentials, they are granted permission to
relay via the server, which is then used to send spam

S. E-Mail Spoofing:
A spoofing attack is a situation in which one person or program successfully masquerades as another
by falsifying data and thereby gaining an illegitimate advantage.The sender information shown in e-
mails (the "From" field) can be spoofed easily. This technique is commonly used by spammers to
hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam
backscatter).E-mail address spoofing is done in quite the same way as writing a forged return
address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP
protocol will send the message. It can be done using a mail server with telnet.
T. Phishing (Web Spoofing):
Phishing (credential harvesting) is an illegal activity where someone attempts to acquire sensitive
information such as user names, passwords and credit card information. Often, users are asked to
enter these details onto a website which they are stolen from. The term Phishing originates from the
internet argot lee speakw:Phishing, Phishing often employs highly advanced imitation websites
which steal digital information, however they often employ simpler messages like emails requesting
bank information disguised as a desperate cry for financial help or a random donation from a
wealthy individual. The purpose of the fraudulent sender is to "phish" for, or entice people to share,
their personal, financial, or password data. It's then used to commit crimes.
U. SYN Attack:

A SYN flood attack works by not responding to the server with the expected ACK
code. The malicious client can either simply not send the expected ACK, or by
spoofing the source IP address in the SYN, causing the server to send the SYN-ACK
to a falsified IP address - which will not send an ACK because it "knows" that it
never sent a SYN.

The server will wait for the acknowledgement for some time, as simple network
congestion could also be the cause of the missing ACK, but in an attack increasingly
large numbers of half-open connections will bind resources on the server until no new
connections can be made, resulting in a denial of service to legitimate traffic. Some
systems may also malfunction badly or even crash if other operating system functions
are starved of resources in this way.

2. In this section we will be discussing on what’s virus or malwareattack, and how does it work?
And how does the anti-virussoftware work?

First let us see what virus and malware is. And how it works:-
Virus Is A "deviant" program stored on a computer floppy disk, hard drive, or CD, that can cause
unexpected and often undesirable effects such as destroying or corrupting data. An example of a
virus was the "Love Bug" which started in the Philippines in May 2000 and caused approximately
$10 billion in damage.
Malware is any software that designed to damage a computer system without owner knowledge. The
examples of malware are worms, viruses, Trojan horses and etc. Some normal computer users are
unfamiliar with the term and never use it. Instead the term: "computer virus" is used. It describes all
kinds of malware, though not all malware are viruses. It is short for "malicious software."
Antivirus and how it works:-
Scans primary and secondary storage devices such as a hard drive, floppy drive, or main memory to
try to find viruses, quarantine them and destroy them. Ensuring you have update to date antivirus
software installed on your computer is a very important component of personal IT security. It works
in 2 ways: 1. it scans files to look for known viruses to compare to a virus dictionary. 2. It analyzes
suspicious behavior of computer programs
3. Now we will be seeing some type of computer virus and computer crimes.

Trojan horse:-A Trojan Horse is program that is packaged with a useful application, usually free,
such as a screen or game saver, but carries a destructive virus, that creates problems for your
computer without your knowledge. Once the program initiates, the camouflaged virus is released
creating havoc and mayhem. Example: FormatC. This virus is named after the mythical Trojan
horse that was left as a gift to the Trojan people from the Achaeans as a trick. By hiding in the horse,
Achaean soldiers were able to invade the walled city of Troy. A Trojan horse is one of the biggest
threats to computer security as they cannot be identified easily.
Logic bomb:- A logic bomb is when there is a piece of code that has been placed intentionally into a
software system. When specific conditions are met (like a date or a certain combination of keys
being pressed), this code will set off harmful activities within your computer. For example, a
programmer may place a logic bomb in the software so that when he leaves the company he is
working for, all the information on his computer will be destroyed. (Don’t try this at work) w: Logic
bomb.
Session Hijacking:-In computer science, session hijacking is the exploitation of a valid computer
session—sometimes also called a session key—to gain unauthorized access to information or
services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to
authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP
cookies used to maintain a session on many web sites can be easily stolen by an attacker using an
intermediary computer or with access to the saved cookies on the victim's computer (see HTTP
cookie theft).
Brown Out And Black out:-
A brownout is an intentional or unintentional drop in voltage in an electrical power supply system.
Intentional brownouts are used for load reduction in an emergency. The reduction lasts for minutes
or hours, as opposed to short-term voltage sag or dip. The term brownout comes from the dimming
experienced by lighting when the voltage sags. A voltage reduction may be an effect of disruption of
an electrical grid, or may occasionally be imposed in an effort to reduce load and prevent a blackout.

A black out:
A power outage (also power cut, blackout, or power failure) is a short- or long-term
loss of the electric power to a computer. Can harm the computer or a device with or with
out a serge protector if a comutetr is writing some thing to a hrad drive at the time of black
out then yes data can be lost.geting a ups will temporarly help the problem by giving enough
time to turn of the computer and saving unfinished data first.
Serge/Spike:
Serge is ununexpected amount of electric voltage in an electrical line.a power serge can provide
power to a computer or a electrical device.calusing to damage to the device making the device
not operate at all or inproperly.user can help privent power seges with a serge protectors.
Traffic analysis: - is the process of intercepting and examining messages in order to deduce
information from patterns in communication. It can be performed even when the messages are
encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even
intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in
the context of military intelligence or counter-intelligence, and is a concern in computer security.

Wire Tapping:-Wiretapping is any interception of a telephone transmission by accessing the

telephone signal itself. Electronic eavesdropping is the use of an electronic transmitting or
recording device to monitor conversations without the consent of the parties. Although many types
of conversations may be subject to electronic eavesdropping, this fact sheet deals only with
eavesdropping on telephone conversations

Wire Dialing:-is a technique of using a modem to automatically scan a list of telephone numbers,
usually dialing every number in a local area code to search for computers, Bulletin board systems
and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and
crackers - malicious hackers who specialize in computer security: for guessing user accounts (by
capturing voicemail greetings); or locating modems that might provide an entry-point into computer
or other electronic systems. It may also be used by security personnel: for example, to detect
unauthorized devices, such as modems or faxes, on a company's telephone network.

Dos/DDos;-

Dos= this attack involving flooding the victims with IP traffic ,thrs saturating the reamote
site’s available bandwidth.

-Allows an attacker to inhibit network connectivity to the target network

-High-bandwidth beats low bandwidth

-spoofable,thus easy to hide source

DDos Attacks:-its similar to smurf attacks

:-Attackers does not have to be online during attack

:-Near inpossible to defend against

:-best defense is to not to be a “tool”.

Both Attacks Application Layears.

4.Lastly we will be discussing on the protection used by Yahoo? Hotmail?Gmail?

Yahoo:-we will be seeing the security step the yahoo have taken and the security step
the users can take.
Yahoo! takes your security seriously and takes reasonable steps to protect your
information. No data transmission over the Internet or information storage technology
can be guaranteed to be 100% secure. The following is a summary of the measures
Yahoo! takes to protect your information and descriptions of ways we implement
these measures for different types of information you may provide to us. Please see
the Yahoo! Security Center for additional information on how to reduce your security
risk when online.

Yahoo! continues to evaluate and implement enhancements in security technology

and practices, however we can only take steps to help reduce the risks of
unauthorized access. Each individual using the Internet can take steps to help protect
their information and further minimize the likelihood that a security incident may
occur. We describe some of those measures and provide links to information that may
be helpful in these pages and within the Yahoo! Security Center.

Security Steps Yahoo Have Taken

 Secure Socket Layer (SSL)

Yahoo! uses SSL (Secure Socket Layer) encryption when transmitting certain
kinds of information, such as financial services information or payment
information. An icon resembling a padlock is displayed on the bottom of most
browsers window during SSL transactions that involve credit cards and other
forms of payment. Any time Yahoo! asks you for a credit card number on
Yahoo! for payment or for verification purposes, it will be SSL encrypted.
The information you provide will be stored securely on our servers. Once you
choose to store or enter your credit card number on Yahoo!, it will not be
displayed back to you in its entirety when you retrieve or edit it in the future.
Instead of the entire number, you will only see asterisks and either the first
four digits or the last four digits of your number.

 Security Key

The Yahoo! Security Key is an additional optional layer of security to control

access to sensitive information or services on Yahoo!. Users of financial
services such as Yahoo! Wallet, Yahoo! Bill Pay, and Yahoo! Money
Manager are asked to create a security key during the sign-up process or when
you purchase certain services that require a Yahoo! Wallet. Please note that
the Security Key automatically "times out" after an hour and requires the user
to sign in again to access Security Key protected areas.

 Secure Storage
 Yahoo! maintains reasonable physical, electronic, and procedural safeguards
that comply with federal regulations to protect personal information about
you.

 Vendors and Partners

Yahoo! works with vendors and partners to protect the security and privacy of
user information.

 Employee and Contractor Access to Information

Yahoo! limits access to personal information about you to those employees

who we reasonably believe need to come into contact with that information to
provide products or services to you or in order to do their jobs.

 Education and Training for Employees

Yahoo! has implemented a company-wide education and training program

about security that is required of every Yahoo! employee.

Security Steps usercantake

The following is information about topics that a user may want to learn more
about and steps a user can take to help maintain theirs account and computer
security when online.

 Password Scams
 Viruses, Trojan Horses and Worms
 Spyware
 Software
 Interacting Online With Strangers
 Shared Computer

Hot mail-

Hotmail lets down its over 350 million users when it comes to security, by not giving
them an easy way to tell if their account has been accessed by unauthorised third
parties.
With hacks of web mail accounts being worryingly common, you would imagine that
any popular online email service would give its users a way to check if their account
has recently been accessed from somewhere unusual, or at a time when you weren't
surfing, or from a device that you don't own.Google and Yahoo, both arch-rivals of
Hotmail, have just such a system.But where it it on Microsoft's Hotmail service?
Sadly, it doesn't appear to exist.

Gmail

Gmail is a free, advertising-supported email service provided by Google.

Users may access Gmail as securewebmail, as well as via POP3 or IMAP4 protocols.
Gmail was launched as an invitation-only beta release on April 1, 2004 and it became
available to the general public on February 7, 2007, though still in beta status at that
time. The service was upgraded from beta status on July 7, 2009, along with the rest
of the Google Apps suite.

Extra security features

When creating a Gmail account, users are asked to provide a recovery email address
—to allow them to reset their password if they have forgotten it, or if their account is
hacked. In some countries, such as the United States, the United Kingdom and India,
Google may also require one-time use of a mobile phonenumber to send an account
validation code by SMS text messaging or voice message when creating a new
account. This requirement to associate a unique recovery email and/or phone number
with an account makes it difficult for would-be spammers to set up multiple accounts.

Google also offers a 2-step verification option—for extra security against hacking—
that requests a validation code each time the user logs in to their Google account. The
code is either generated by an application ("Google Authenticator") or received from
Google as an SMS text message, a voice message, or an email to another account.
Trusted devices can be "marked" to skip this 2-step log-on authentication. When this
feature is switched on, software that cannot provide the validation code (e.g. IMAP
and POP3 clients) must use a unique 16-character alphanumeric password generated
by Google instead of the user's normal password.

Security Warnings

On June 5, 2012, a new security feature was introduced to protect users from state-
sponsored attacks. Whenever Google analyses indicate that a government has
attempted to compromise an account, Gmail will display a notice that reads
"Warning: We believe state-sponsored attackers may be trying to compromise your
account or computer".

Other Additional way of securing your Gmail account

Choosing a strong password is not enough, you should be well aware how people try
to gain access to other people’s email accounts by unfair means. Here are some useful
tips on securing your Gmail account and avoid getting hacked:

1. Always Check The URL before Logging in to Gmail

2. Avoid checking Emails at Public Places
3. Forward Emails to A Secondary Email account
4. Regularly Monitor Gmail Account Activity
5. Check for Bad Filters
6. Do not Click on Suspicious Links
7. Choose a Strong Alphanumeric password