What is Ethical Hacking? How is it different from other hacking?

What is Ethical Hacking? How is it different from other hacking?

As the scope of technology and the digital sector grows, so does the attack on this sector. Formerly limited to the Local Area Network (LAN), the area has now expanded to mobile devices, wireless networks, and the Internet of Things.

Institutions are also adopting various measures to solve various problems related to technology. However, the increasing scope of technology has also increased the range of attacks.

With the advent of SMACIT, Social, Mobile, Analytics, Cloud, and Internet of Things, any system can be easily attacked if there is even a small problem in its design, implementation, and operation.

Therefore, cyber-attacks are a growing threat, which can lead to economic losses, social stigma, privacy breaches, and data theft.

As a result, ethical hacking is now a top priority for most organizations. Ethical hacking helps to make an organization's security system effective and secure.

Ethical hacking is also a type of cyber attack, which detects and fixes problems in the system.

It can also be called a fake cyber attack. Such ethical hacking can be done by people outside the organization or by people appointed by the organization.

Ethical hacking, also known as penetration testing or pen testing, is carried out by cyber security experts in the same way as black hat hacking. But it is done by following all the laws and rules.

Ethical hacking involves gathering information, identifying problems, and preparing a report with full details of the damage that can be caused.

The hacker then informs the organization or stakeholders about the detected vulnerabilities and suggests how to fix the vulnerabilities.

Types of pain testing

To guarantee the security of information technology, many organizations have started conducting regular vulnerability assessments.

Pen-testing based on the scope of work is an in-depth study of the security standards of IT technology. Often pain testing and vulnerability assessments are done jointly.

There are two types of pen tests, internal and external. In external pen testing, hackers attack the system away from the internal system. In such an attack, the hacker can also misuse the detected vulnerabilities.

Another is internal pen testing, under which hackers can exploit the vulnerabilities of an organization's system by exploiting it. Experts say that internal pain testing is more dangerous than external.

Because hackers work from within the organization, they tend to have a lot of information. This helps the hacker a lot for hacking. Ethical hackers have similar skills and knowledge. But ethical hackers hack for security, not to cause harm.

Types of hackers

There are three main types of hackers: Black Hat Hackers, Gray Hat Hackers, and White Hat Hackers.

Black hat hackers: Black hat hackers are especially known as cybercriminals. Such hackers work with individuals or groups to find out the vulnerability of an organization's system and misuse it for money.

Gray hat hackers: Gray hat hackers also hack the system of an organization but may not do it for money. Gray hat hackers are less risky than black hat hackers.

Although some hack the system of organizations and fix it again, some may leave the same. Some even hack into organizations to detect vulnerabilities in their systems, even if only to inform them. Most of them do not have bad thoughts.

White hat hackers: White hat hackers are also called ethical hackers. Such hackers carry out pen tests only after obtaining permission from the concerned stakeholders. White hat hackers are hackers working for the IT security of the organization.

Types of pen tests

Like hackers, there are three types of pen tests; Black box, white box, and gray box.

Black box: Black box is also called zero-knowledge testing. In such testing, hackers complete the hacking process without knowing their target. Problems of any kind can be found as you go through the procedure. This type of pain testing is also called blind testing or double-blind testing.

White Box: Under White Box, that is, complete knowledge testing, hackers know our goal and move the hacking process forward. It helps to find out the vulnerabilities very effectively. It provides full coverage of testing.

Gray Box: Under Gray Box, ie partial knowledge testing, the hacker works by using both black and white boxes. In this case, the hacker knows very little about his goal.

What is email security? Here are 15 tips to know

With the increasing use of the Internet, there has also been an increase in cybersecurity-related incidents in recent times. Incidents of cyberattacks through various means are causing great damage both individually and institutionally.

We have been hearing about cyber attacks like phishing, sniffing, farming. Of these, email phishing is the most widespread.

This is where email security comes in. In the meantime, the regulatory body of the telecommunications sector, the Nepal Telecommunication Authority, has provided information related to email security.

What is email security?

Email security is a variety of security measures to prevent email communication, unauthorized access to email, email data loss, spam messages received in emails, phishing messages, etc., or to prevent unwanted or threatening messages from entering your email account.

Cybercriminals use emails as an easy tool for malware, spam, and phishing attacks. Malware is installed on a user's device by sending misleading messages in emails, opening attachments, or clicking on links.

They then carry out criminal activities such as monitoring user activity, stealing a person's financial statements, and disclosing confidential and sensitive company information.

Email security is therefore essential for both personal and business email accounts.

How to tell if an email received is an unsecured email?

Email messages may contain unsolicited emails if the following signs appear.

1‍‍‌. If there is an unusual type of email from a stranger.

2. If there is an email with tempting content like a prize, visa, lottery.

3. If there is an unnatural type of link and email sent.

4. If there is an email with attractive ads.

5. If you receive emails from people unrelated to you.

6. If  @ afhdo3e.com looks like an untrusted domain.

We are now teaching you how to stay safe from such emails as soon as you know whether the emails received in this way are insecure or not.

How to secure email?

1. Let's enable the security feature provided by the email service provider for email security.

2. Don't use business or your important email when registering online.

3. Don't make personal emails public at all. Let's use different emails for different purposes. Also, keep the personal details including emails kept on social media private.

4. Do not open suspicious emails, spam/junk emails as they may pose security risks including phishing/malware / social engineering. Also, do not reply to the email.

5. Configure/set up such emails as spam or junk in case of unnecessary emails.

6. Don't subscribe to unnecessary websites. If you have subscribed, please unsubscribe via the unsubscribe link in the email received from the website.

7. Let's use spam filters and antivirus for email security.

8. When logging an email from a computer in a public place, using the Killer on that computer can lead to username and password theft, so don't log in from such a computer as much as possible. If so, change the password from your personal computer as soon as possible.

9. Don't click on suspicious email links and attachments.

10. Keep strong passwords in your email and change passwords from time to time. Also, let's use multifactor for email recovery.

11. Don't open business emails or your important emails from public WiFi.

12. Use VPN to remotely open company emails

13. Use SSL / TLS / PGP / GPG encryption solution to receive secure email.

14. Let's use a Secure email gateway for the company/organization.

15. Formulate and implement an email security policy.

5 different passwords used by Nepalis, don't you have any?

With the widespread development and expansion of information technology, people have opened many kinds of online accounts. But such accounts are very weak in terms of security.

According to a recent fact, old-fashioned passwords are still being used in Nepal. Cyber ​​security researcher and expert Vijay Limbu has shared the top 5 passwords among the leaked passwords from Nepal.

According to the information he gave through Facebook, the leaked passwords are very basic and weak passwords, which can be easily cracked. Such passwords are bad for security.

It is still customary to create passwords with words, numbers, names, etc. Experts say that such passwords are unfavorable in terms of security.

5 passwords used by many Nepalis






If you want to keep your online account secure, you must have a strong password. But no matter how strong the password is, it is not impossible to crack it all.

Passwords can be cracked by various methods such as Rainbow Table Attack, Brute Force Attack, Social Engineering, Phishing, Malware, and Plain Old Guessing.

Weaknesses in Microsoft Cloud, urging thousands of companies like Coca-Cola to be safe

 Weaknesses have been found in the cloud service provided by Microsoft. With this, the company has urged thousands of companies like Coca-Cola, Exxon-Mobil to stay safe. The company has made the request with the assessment that its customer data in the cloud may have been leaked.

The company said it had found a major flaw in its flagship Azure Cosmos DB database service. Due to this weakness, hackers can read, change and delete data in the cloud.

This weakness has been discovered by the security research company 'Vij'. According to the company, due to this weakness, hackers will be able to gain access to the control provided to thousands of companies. "This is the biggest weakness we've ever seen in the cloud," said Amy Lutwalk, co-founder of Viz. In which we can take any data like any other user. '

Microsoft also acknowledged the weakness and offered a 40,000 reward for information leading to the capture of the security company. Together, the company urges its users to stay safe.

Of course, no such information has been released so far. Also, this weakness has been resolved. The company said, "However, we do not have the login details of the companies in the cloud. In that case, the companies themselves are requested to change the username and password immediately.

Tired of full phone storage? Do it

After the phone, it will have many necessary apps along with photos and videos. Mobile has become an important part of our lives today.

But sometimes we are surprised by this phone. It starts to hang again and again. Also, many times storage causes problems.

If your fan is sluggish or sluggish, you can go to the storage and check how much space is available. If the storage capacity is full or is about to be filled, you can delete some apps, apps, videos, recordings, and other media files.

This time you can move your media files to local storage on the cloud, pen drive, or computer. If you delete the file and restart it, it will start performing well again.

If every time you are bothered by phone storage, today we are telling you about the solution.

Use the cleaning app

As the phone's memory fills up, users are often using a cleaning app. Instead, use Google's File app.

It also works as a cleaning app. It contains junk files, duplicate files, mimes, large files, and more. Using it can free up a lot of storage.

Delete the temporary file

You can even free up the phone's storage by deleting the cache files on the phone. To do this, open the app by managing apps from the phone's settings and go to Clear Data and clear the cache.

You can even clear the cache of all the apps at once by going to the phone's storage.

Use cloud storage

Photos and videos consume most of the phone's storage. You can use Google Photos or other cloud services to save phone storage.

Recently, mobile companies have been offering cloud storage. This way you can put your photo and video files on the cloud server using cloud storage.

Simply understand QR code technology and its function

The full form of the QR code is the Quick Response Code. It is being used in every product and service today as it provides reliable and fast access to any kind of information contained in the code.

The technology, first used in Japan's automobile industry, is now expanding worldwide in the field of mobile marketing. The QR code, which looks like a small crossword puzzle in white and black pix pattern, contains the brand and company code, which can be quickly scanned and identified by technology with a large data capacity.

The QR code application includes item identification, tracking and time, and document management. This technology has become easier and more convenient since the feature of QR code sensors started coming in smartphones.

You can install a third-party QR code reader application on mobile. Google is also providing a QR code generator to easily convert URLs to QR codes.

In addition, Apple has just introduced an inbuilt QR code scanner on its iPhone. Users can easily get all the information about the product instantly by opening the camera app and focusing on the code.

The QR code has become an easy way to access everything from restaurants to hospitals, from the government to safety information, information and content. The QR code has become a paradigm shift for all types of customer brands in the Asia-Pacific region.

Meanwhile, the rapid digitization due to the Corona epidemic has made it more widely used in all kinds of marketing agents. QR code technology is not only a way of easy and reliable access to services and goods but also a way for companies to tell their brand story.

Billions of people use mobile payment services every day. They have included all their e-commerce, social media, and mobility services in one super app.

In this way, companies can not only track the whereabouts of their customers but also understand the pattern of their purchases from the QR code. This is one of the main purposes of QR codes for brands, marketers, and advertising agencies that spend in the media ecosystem to increase sales.