Daily Hacks

Hacking - What, When, And How?

•What is hacking?

According to Computer Crime Research Center (US), “Hacking is unauthorized use of computer and network resources”.

•Who is a hacker?

A hacker is a gifted programmer; a programmer for whom computing is its own reward and also enjoys the challenge of breaking into other computers, networks, cracking applications, etc.

•How the hacker can hack a system?

Hackers hack by exploiting the weaknesses of the target system, network, etc, for poor configuration applications and web servers, unpatched or old software, poorly chosen or default passwords and disabled security controls.

•Why hack at all?

Hackers hack because they want it that way. There is no specific reason why they do that. Some does hacking to test their computer skills, others do that to steal specific data from the target. Once a vulnerable point is identified in the system, they definitely attempt to hack to try to gain administrative access to the machine.

•Different types of hackers

The different types of hacker are

1.WhiteHats are the hackers that try to make the movement go forward by working as system administrators, security experts and by maintaining web sites with new technologies, news events, bug reports, and much more.

2.Black hackers attack other’s systems; whereas White hackers do exactly opposite i.e., defend against attacks.

3.Crackers penetrate networks and try to take advantage of something they discover in the process; they are really malicious.

4.Script Kiddie, does not really possess any skills except for the tools, uses tools and techniques developed by WhiteHats, BlackHats and Crackers to deface sites, destroy information, and do other types of digital-vandalism.

•Basic Hacking Methodology

The basic steps for any hacking methodology are

1.Information gathering (Probe)

2.Attack (Advancement & Entrenchment)

3.Infiltration or Extraction

•Most Prevalent Hacking Attack Categories

Hackers preferably attack the organizations systems infrastructure and commercial applications. If the systems are well secured then the hacker may resort to social engineering or focus upon the target application vulnerabilities.

The four most prevalent attack categories are

1.Exploitation of Application-related privileges: Some server-based applications run with specific User or group permissions. By using Race conditions or Buffer overflow attacks these applications’ security can be compromised.

2.Client-side manipulation: Hackers bypass client-side validations by supplying incorrect data formats or data to the server in an attempt to reveal both the functionality and secured data.

3.Race Conditions: When the coding is not done properly for an application to access specific variables, files, and data or installed the appropriate checks to implement simultaneous accesses then the hacker can get unintended access to data through both trusted and untrusted server application components.

4.Buffer Overflow Attacks: Normally applications take data as an input and pass it to memory buffers for manipulation. If the coders do not put a checkpoint to check whether the size of data is too big for a buffer then they are bound to be a complications. Hackers may take this condition as an advantage and can embed their own commands within the oversized data package. Perfectly implemented, these commands can acquire System Administrator privileges to the hacker.

•Cyber attacks: What are they?

Cyber attacks happen on a nation-wide scale and includes clogging up the adversary country’s computers which handle sensitive information like logistics, communications, war strategies, shutting down their civil utilities, like national power grid, jamming radar sites, crushing military’s computers, and downing commercial websites, etc.

•Hacker’s tools

There are so many tools available in the Net and also in the market using which anybody can do the basic hacking. A few tools are

1.DSniff — a suite of programs that can be used in penetration and auditing testing.

2.Ethereal — the widely used network protocol analyzer.

3.AirSnort — a wireless LAN (WLAN) tool which recovers encryption keys.

4.Netcat — a simple Unix utility which writes and reads data across network connections, using UDP or TCP protocol.

•Hacking in day-to-day life

To name a few…

1.Application hacking

2.Email hacking

3.Password hacking

4.Key Loggers…

•The key to winning the war against hackers…

The first step is to know both the state of one’s own network and its vulnerabilities and also the tactics hackers employ and deploy. Strategic analysts proclaim the key, to escape being hacked by somebody, is network security. But again, unfamiliarity of hacker’s activities and ignorance of how to deploy firewalls and other security features effectively can make you the hacker’s favorite target.

“Hope for the best and plan for the worst” should be the motto in drawing strategies against hackers.

More »

Tags: buffer overflow, email, firewalls, Hacker, Hacker Attitudes, hackers, hacking, ignorance, key loggers, knowledge, password

Preventing E-Gold Hacking

In the past thousands of E-gold accounts have been hacked and all funds stolen. One of these E-gold accounts was ours. Luckily we only lost a very very small amount of money. We have spent a few hours researching the issue and have come up with some precautions:

#1 - Never use your E-gold password on any other sites.

#2 - Use the SRK feature while entering your password. This is the little blue circular link next to the password entry box. Click on it and a small keypad will popup in which you can use your mouse to punch in your password. This can prevent Trojan virus’s from gathering info on your password.

#3 - Never download any software from suspicious looking sites. It is possible that it may be a trojan virus waiting to infect your computer.

#4 - E-gold will never email you and ask you to log into your account with a provided link. If you get an e-gold link via email. Do not open it, and whatever you do, don’t go to the site that is provided. Hackers have been sending out various emails that look like they are from E-gold.

#5 - If you own a publicly known site with a publicly known e-gold account, then open another E-gold account in which nobody knows about. Then transfer funds.

#6 - If it’s not a hassle, change your account info so that only your IP address can login to your account. This will almost certainly stop any hackers from infiltrating your E-gold account.

#7 - Run a good anti-virus software that will scan for Trojan virus’s. You may have picked one up wthout knowing it.

#8 - Change your password every couple of weeks. This will prevent hackers from gaining too much info on your password. Also make sure your password is more then just 5 or 6 charactors. Use #’s, letters and symbols.

Here are some good anti-virus sites:

Symantec Anti-Virus site: http://www.symantec.com/avcenter/

CERN Recommendations: http://security.web.cern.ch/security/Recommendations/Default.htm

windows 95/98 computer security: http://www.cert.org/tech_tips/win-95-info.html

Stay safe, and protect your Gold!

About the Author: Owner of some of the Largest Online Investing forums which include: http://www.talkgold.com/forum http://www.thehyipforum.comhttp://www.web-life.org/vbhttp://www.filesharingtalk.com­

Tags: hacking, password, phishing, Security