Skip to main content

EMAIL-HIDDEN SECRET



Here we go ..come again with new topic on best E-mail service...Gmail..
in this article we will cover all the features of the G-mail along with the security of G-mail and stegnography,E-mail spoofing,hacking and much more...
this topicwill take long time to be cover in here..so stick with me.
        or 
like facebookfan page of this blog,that will keep you update what going on this blog.
https://www.facebook.com/hackerheavenofficialpage?ref=bookmarks

first of all start with the basic of E-mail service.how it work what are the responsible factor/protocols for this service.




………EMAIL PROTOCOL………….
 FIRST OF WE HAVE TO UNDERSTAND THE MAIL FUNCTIONALITY IN THE INTERNET BEFORE ANY THING IT IMPORTANT TO KNOW HOW ITS WORK ON THE INTERNET...WHAT ARE THE BASICS PROTOCOLS RESPONSSIBLE FOR SENDING ,RETRIEVING THE MAIL....

Interactions between email servers and clients are governed by email protocols.  The three most common email protocols are POP, IMAP and MAPI.  Most email software operates under one of these (and many products support more than one).  The most important reason for knowing of their existence?  To understand that the correct protocol must be selected, and correctly configured, if you want your email account to work.

MOST USED PROTOCOLS FOR MAIL TRANSFERING  ARE...
1.POP3(VERSION 3)
2.IMAP(VERSION 4)
3.MAIP
4.SMTP

ALL THESE PROTOCOLS DESCRIBE BRIEFLY BELOW ...
ITS IMPORTANT TO UNDERSTATND THE FUNCTIONALITY OF THE EACH OF THE 4...


1. POP......”currently in version 3, hence POP3....allows email client software to retrieve email from a remote server”

POP is the older design, and hails from an era when intermittent connection via modem (dial-up) was the norm.  POP allows users to retrieve email when connected, and then act on the retrieved messages without needing to stay "on-line."  This is an important benefit when connection charges are expensive.

The basic POP procedure is to retrieve all inbound messages for storage on the client, delete them on server, and then disconnect.  (The email server functions like a mailbox at the Post Office -- a temporary holding area until mail gets to its final destination, your computer.)

Outbound mail is generated on the client, and held for transmission to the email server until the next time the user's connection is active.  After it's uploaded, the server forwards the outgoing mail to other email servers, until it reaches its final destination.

Most POP clients also provide an option to leave copies of email on the server.  In this case, messages are only removed from the server when greater than a certain "age" or when they have been explicitly deleted on the client.  It's the copies on the client that are considered the "real" ones, however, with those left on the server merely temporary backups.

2.IMAP.....”now in version 4 or IMAP4....allows a local email client to access email messages that reside on a remote server.  There's a related protocol called SMTP”
as here name explain many thing that this protocol use for accessing email..

IMAP is the newer protocol and oriented toward a "connected" mode of operation.  The standard IMAP procedure is to leave messages on the server instead of retrieving copies, so email is only accessible when "on-line." 

IMAP is more suited to a world of always-on connections, particularly the fast connections offered by broadband mechanisms.  Having to be connected to read your email is a trivial obstacle when the connection is always available.  (It's a little like leaving your messages at the Post Office, and going there every time you want to read them.  That might be difficult in the physical world, but it's easy in the virtual one.)

Because messages remain on the server, until explicitly deleted by the user, they can be accessed by multiple client computers -- an important advantage when you use more than one computer to check your email.

IMAP does not preclude keeping copies on the client, but, in an inversion of the way POP works, it's the server's copies that are considered the "real" ones.  That offers an important security benefit -- you won't lose your email if, for some reason, your client computer's storage media fails.

IMAP has other advantages over POP (detailed in the links provided below).  It is the standard we recommend if you can't use MAPI.

3.SMTP...”simple mail transfer protocol”..here again name reviel the proporty of the protocol...
used for the sending any data from client server  machine to mail server.

At the risk of overloading you with information, you should know that strictly speaking it's only the incoming mail that is handled by a POP or IMAP protocol.  Outgoing mail for both POP and IMAP clients uses the Simple Mail Transfer Protocol (SMTP).

When you set up a POP or IMAP email account on email client software, you must specify the name of the (POP or IMAP) mail server computer for incoming mail.  You must also specify the name of the (SMTP) server computer for outgoing mail.  These names are typically in the same form as Web addresses (e.g., "imap.med.miami.edu").  Depending on the client, there may also be specifications for email directories and searching.

4.MAPI....
As noted, MAPI is Microsoft's proprietary email protocol.  It provides greater functionality than IMAP for Outlook email clients interacting with an Exchange email server.  It doesn't work for anything else.  (In Outlook you may simply see the connection option "Microsoft Exchange Server" rather than MAPI.  It's offering the same thing.)

Remote access using MAPI may require use of a VPN connection, because the ports (communications channels) that MAPI uses are otherwise blocked for security reasons.  (That's the case when accessing the medical campus Exchange system remotely.)

Web browser email access

Many email systems can now be accessed using only a Web browser.  There is no need to install client email software of any kind.  Logically, Web browser interfaces to email are like IMAP, in that all the messages remain on the server unless explicitly deleted.  (Message copies can be saved on the client computer.)

For example, the medical campus Exchange email system can be accessed by Outlook Web Access (OWA); it provides most of the functionality of an installed version of Outlook.  OWA is compatible with most browsers, such as Firefox, Netscape, Opera or Safari, though it works best with Microsoft's Internet Explorer browser.

.......................SECURITY/PRIVACY IN G-MAIL.................
Actually G-mail highly concern about his clients security.
intially when this service started other mail service was also their like hotmail(indian founder sabir bhatia).,yahoo...
they give space in his account free only..2 mb...but that time G-mail provide 1 gb free space for their users.thats make it much special.first here we discuss about "2-way authentication" service..
and their is much more features in g-mail...
so lets start learning.....

...............G-mail two way authentication......

Every body wants to secure the online account.their are the feature to secure your account...like in gmail,but many of them don't know or they want but don't know how to secure much your account.
In gmail or facebook both have an feature '2-way authentication'....
as name clear the meaning that for opening you account 'username','password' required must but along with an google generated code required every time when you login.
G-mail is highly concern about his client security...their is 4 method to much secure your account.

1.verificatins code
2.app-specific password
3.registered computers
4.security key

this is the theory portion..its much ,,now its time to do practical pose......

For the security of gmail.....steps are.......

Step 1..
go to account.....

step 2. go to sign-in security..option......



step 3.
in sign-in security you will see option for 2-step authentication...
in my case its on..but if your account have not enabled just enable it...
 step 4.
in the 2-step authentication you will see the 4-option to secure the account and its application(app).



          ....................VERIFICATION CODES...........,..


 In 2-step authentication field first option...verification codes...
you have three option.
      ................GOOGLE AUTHENTICATOR APP.............

1.for the android mobile their is an app called .....google authenticator app....
install it from playstore.



Initially when you install it and open it you have to sign in into it.
After that an number is generated every 30 second.
So every time you sign in into the account you have to entered that number.





     

................TEXT/VOICE SMS AUTHENTICATOR..........

in this service G-mail ask you for registering an number(note:-always use number which is always with you.) for two purpose.....
1. for  authentiacation
2. for backup purpose

here we only concern about authentication purpose....
so if you enable this authenticator...then every time you sign-in it will ask for g-mail code..that is send to your registered mobile number...it may be voiceor text as  you selected.


Note:- actually this way authentication have trouble when no network in your mobile sim...mean if you use vodaphone sim...and in your home(or somewhere)..no network...that cause you trouble while you sign into the account..because every time it ask for verification nuber send into your mobile....
so..first authentication method must be enabled in your account...first means 'google authenticator app'....because it refresh /generate an new number every 30 second...it does not depend on the network....


        .....................BACK UP CODES..................

An condition may be arise when your resistered number SIM stolen..then that cause you to not login into your account...for this g-mail have an backup for this satuation...
their is another method to secure your account ......actually above two methods are most secure than this...
actually back up codes are the pdf file generated by your g-mail account where 9 distinct number are their....by these numbers you will able to login into your accout...



Advice:-every time you use these back up code...just generate another backup code...
actually this is an pdf file...if your friend access this file physically from your mobile or laptop...so he can access your account.....

or what ever satuation may arise...but for security you should generate another backup code every time.

     ........................NOTES........................
benifit of authentiacation code is that even an hacker/friend or any one have your username and password even that he can not access your account.


    .............APP  SPECIFIC PASSWORD..........

now a days their are to many softwares annd app that use your gmail account ..
these app or software make your account more vernible which let your account to hacked.
But as i said G-mail highly concernet about his client...their is an another option to make more safe your account.


………………RESISTERED COMPUTER…………
Actually this G-mail feature help user when your mobile phone is lost.so so user can get acess into his account without the 3-party app authentication or the google generated code.
Its mean that resistered computer only required user name and its password for login into his G-mail account.
as you can see in ther screen shot their is an option for resistering currently use computer.

after you can disable this feature.but i suggest you to only resistered your personal computer for that,where you have autherisedor password protection in your pc/laptop.

........................SECURITY KEY...................


it's an physical device like an your credit card/USB drive,after resistering it into your account that will give you autherisation that by this device you can acess your account by inserting the security key(credit card/USB drive) instead of typing a verification code.

so , how configure your security key for your account.

step 1.
click button 'add security key' after click button 'resistered'.
step 2.
after that insert your security key(drive/card).
that's it.
 so its done so when ever you have to sign in into your account just insert that securty key instead of typing the verification code.

Note:- through security key doen't mean that you can access into account without password.
still you required your user name and password.
but it just help only when your SIM network is not working..so by just inserting youe security key into USB port of your device will gave you access to your account without typing verification code.

thats it in this tutorial...
but its not mean we are quitting....we have other lots of security privacy and many things.
so i next lecture we will cover all other topic.

like and share this tutorial if you like...

SO, UNTIL NEXT TUTORIAL THIS IS

..............ZEROCOOL
                SIGNING OUT..........
Labels:

Popular posts from this blog

DEEP SOUND -STEGNOGRAPHY

In the series of the steganography ..today we are going to discuss the hiding of data in the music file through the help of the window based tool name       "DEEP SOUND" ..now a days very famous TV series name             Mr. Robot . . off course i am  fan of this show..where elliot use this tool for hiding his secret data.. read previous article on steganography                                                         so without wasting much time lets start .. 1.install the DEEP SOUND go to the official website of the deep sound and download it to your machine.  and open up the interface of the deep sound. 2. setting click on the setting gear icon, an pop-up window show up...where languge remain same as english,           change your output  directory ..like i change it to the documents by browsing the folder. after that check the box for encrypt files .. after that it will ask for the password.. input your password for the sec
Read more

KALI LINUX -SECURITY ,CONFIGURATIO AND UPDATES

      Configuring network services and  secure  communications The first step in being able to use Kali is to ensure that it has connectivity to either a wired or wireless network to support updates and customization. You may need to obtain an IP address by DHCP (Dynamic Host Configuration Protocol), or assign one statically. First, confirm your IP address using the  command  ifconfig command from a terminal window, as shown in the following screenshot: IP address is 192.168.1.11.... If an IP address was not obtained, an address can be assigned by DHCP using the command dhclient eth0 (or other available interfaces, which will depend on the  specific configuration of the system being used). If a static IP address is used, additional information may be required. For example, you can assign a static IP of 192.168.1.11as follows:                     inet addr:192.168.1.11            Bcast:192.168.1.255            Mask:255.255.255.0        Securing com
Read more

EVERY LINUX_ADMIN-COMMANDS TO BE KNOW

Hello Friends,             in todays article i am gonna cover the most used 16 linux commands,every linux admin should know it.in the whole article i just show the uses of all the commands and their additional attributes too.
Read more