HACKING !
What is hacking?
Hacking can be defined as the process of gaining unauthorised access to a computer or computerised system and the information it contains. Both corporate and home users can be at risk of hacking.
What are the risks to home users?The risk to home users from hacking is growing. Until recently, the use of conventional dial-up modems meant that users tended to be connected to the Internet for relatively short periods of time. However, broadband and cable connections, through which systems can be permanently connected to the Internet, make it easier for hackers to be aware of your presence online and attempt to gain access to your system. Faster connections can also make it easier to transfer information from your system very quickly. Some viruses are known as ‘Trojan Horses’ or ‘Trojans’. Once installed these will open a ‘back door’ to your computer and notify the sender. The sender can then access your computer and open, delete or copy files from it without your knowledge.
In addition, an increasing number of programmes, such as real-time chat applications, act as servers to exchange information online. Your system needs to 'open up' more of its resources to the Internet to do this, which can make it more vulnerable.
What can home users do?There are several steps you can take to help protect your computer and the information it contains:
Use a "firewall", a piece of hardware or software that blocks unauthorised access to your system. Software versions can be found on the Internet, and many computer magazines feature software in their cover CDs.
Don’t leave any files that contain sensitive information – for example, your bank details - where they could easily be found by someone hacking your system.
Make sure you are running the latest versions of any software that acts as a server.
Remember as long as your system is switched on and connected to the Internet, it could be at risk of being hacked. You don’t have to actively be using your system for it to be vulnerable.
As with other Internet crimes, the best cure is prevention. If you have been the victim of a hacker you may not realise until any sensitive information stored on your system has been put to use.
Corporate, business and public sector usersThe risk to businesses and the public sector is high, as the sensitive nature of information held on their computer systems makes them an attractive target for hackers. This makes the use of security technology paramount. Companies should consider the use of dedicated firewall hardware as well as software. They should look at the ways in which the outside can gain access to their network, and ensure that their systems are not using installed default system passwords etc. Organisations dealing with this area include:
Local police forces, who now work in conjunction with the National High-Tech Crime Unit (NHTCU)
Unified Incident Reporting and Alert Scheme (UNIRAS). This scheme's purpose is to ensure the integrity of government, public service and infrastructure-related systems. However, its alerts and briefings are also available to users outside the UNIRAS community, which also welcomes reports of significant threats and vulnerabilities.
Tuesday, August 26, 2008
INTERNET HACKING .
INTERNET HACKING .
Netspionage Costing Billions.
Two years ago, a fifteen-year-old boy logged onto the Internet under the alias 'Comrade'. To some of us, our idea of hacking might include breaking into an email account or viewing confidential company information. However, no one expected that 'Comrade' would cause a three-week shutdown at NASA, steal government email passwords, intercept over 3000 emails and download close to $2 million worth of software used to operate the international space station. If that was not shocking enough, he had twice gained access to the computers used by the Pentagon to monitor threats of nuclear and biological warfare.
Computer hacking has been around for as long as we can remember - certainly as long as we have had a World Wide Web. Occasionally, the news speaks of silly pranks which imply nothing more than a temporary shutdown of a website, although 'Comrades' hack forced a three-week shutdown for repairs and cost the U.S. government $41,000.Recently, the case of the hackers tampering with the CIA's website, changing the title to 'Central Stupidity Agency' and filling it with obscenities was merely a nuisance for the agency. It posed no real threat because the CIA's files are inaccessible via that Internet site. Undoubtedly, there are some who see humour in this - a civilian, probably not even a professional, outwitting an elite US agency. Then there are more serious crimes, which are no laughing matter.In one case of corporate espionage, two 'heavy manufacturing' firms were bidding on a $900 million contract; one outbid the other by a fraction of a percent.This was no co-incidence as the losing company later discovered that someone had broken into the company's computer network and accessed files that contained bidding strategy information.In another case, authorities are chasing an individual who regularly hires U.S. teens to access confidential documents. One young hacker was paid $1,000 - and promised $10,000 more - for stealing design documents for kitchen appliances from U.S. firms.Beyond selling the trade secrets to a company's competition, some hackers resort to extortion of the company. In Sweden, a 15 and 17 year old tried to extort $2 million from a cellular company to destroy information they had illegally downloaded.Like most cases of extortion, the criminal's identity is especially difficult to trace and is magnified because of the nature of the Net.When the Internet was gaining immense popularity, businesses were scrambling to secure domain names and using the technology to expand their market. Seeing e-commerce as an untapped goldmine, many were eagerly diving headfirst into a slew of problems, including security breaches.Companies like eBay, Buy.com, Yahoo! Amazon and Excite were not prepared when 'Mafiaboy' decided to strike. The 16-year-old Montreal teen crippled their sites last year when he bombarded them with thousands of simultaneous messages, preventing legitimate users from gaining access. His five-day tirade caused an estimated $1.7 billion in damages.These malicious and insidious attacks threaten security and cost companies and organizations billions of dollars. A survey of the Fortune 1000 companies in 1999 estimates a loss of $45 billion from information theft.Of course, many organizations are taking extra security measures, including the usage of firewalls (a security mechanism that allows limited access to sites from the Internet).Still, hackers will gain access. If a fifteen year old can shutdown NASA, what hope is there?Recently, Ernst & Young, a major consulting and accounting firm, set up computer labs across North America which allow information security consultants to perform 'ethical hacks' to assess the strengths and weaknesses of a client's networks and systems.By using existing hacker tools, they're fighting fire with fire.'Ethical hackers' are being paid thousands of dollars to provide clients with clear evidence of how vulnerable their networks are to attacks that could compromise their most sensitive information.This is proving an effective way of gauging the level of security within a system.Hacking has become so prevalent that it is almost synonymous with the computer subculture. This "computer geek" culture is portrayed on television (X-files, the Lone Gunmen) and in movies (Hackers, Anti-Trust) as cynical and often self-righteous.With that, there is a sense of rebellion against big business; the proverbial David struggling against a corporate Goliath. In many of these crimes, people do them to defy corporations or the government; money is not always the motive. However, it is an act that is still unacceptable that victimizes all who use the Internet. Viruses, shutdowns, crashes and email hacking will be the burden of the user, a company's money lost to theft will be the burden of its customers and a government's money spent on security will be the burden of its citizens.Is there anyone not affected by Internet crime? Nope.
AntiVirus software is a good start to protecting yourself and your data
Netspionage Costing Billions.
Two years ago, a fifteen-year-old boy logged onto the Internet under the alias 'Comrade'. To some of us, our idea of hacking might include breaking into an email account or viewing confidential company information. However, no one expected that 'Comrade' would cause a three-week shutdown at NASA, steal government email passwords, intercept over 3000 emails and download close to $2 million worth of software used to operate the international space station. If that was not shocking enough, he had twice gained access to the computers used by the Pentagon to monitor threats of nuclear and biological warfare.
Computer hacking has been around for as long as we can remember - certainly as long as we have had a World Wide Web. Occasionally, the news speaks of silly pranks which imply nothing more than a temporary shutdown of a website, although 'Comrades' hack forced a three-week shutdown for repairs and cost the U.S. government $41,000.Recently, the case of the hackers tampering with the CIA's website, changing the title to 'Central Stupidity Agency' and filling it with obscenities was merely a nuisance for the agency. It posed no real threat because the CIA's files are inaccessible via that Internet site. Undoubtedly, there are some who see humour in this - a civilian, probably not even a professional, outwitting an elite US agency. Then there are more serious crimes, which are no laughing matter.In one case of corporate espionage, two 'heavy manufacturing' firms were bidding on a $900 million contract; one outbid the other by a fraction of a percent.This was no co-incidence as the losing company later discovered that someone had broken into the company's computer network and accessed files that contained bidding strategy information.In another case, authorities are chasing an individual who regularly hires U.S. teens to access confidential documents. One young hacker was paid $1,000 - and promised $10,000 more - for stealing design documents for kitchen appliances from U.S. firms.Beyond selling the trade secrets to a company's competition, some hackers resort to extortion of the company. In Sweden, a 15 and 17 year old tried to extort $2 million from a cellular company to destroy information they had illegally downloaded.Like most cases of extortion, the criminal's identity is especially difficult to trace and is magnified because of the nature of the Net.When the Internet was gaining immense popularity, businesses were scrambling to secure domain names and using the technology to expand their market. Seeing e-commerce as an untapped goldmine, many were eagerly diving headfirst into a slew of problems, including security breaches.Companies like eBay, Buy.com, Yahoo! Amazon and Excite were not prepared when 'Mafiaboy' decided to strike. The 16-year-old Montreal teen crippled their sites last year when he bombarded them with thousands of simultaneous messages, preventing legitimate users from gaining access. His five-day tirade caused an estimated $1.7 billion in damages.These malicious and insidious attacks threaten security and cost companies and organizations billions of dollars. A survey of the Fortune 1000 companies in 1999 estimates a loss of $45 billion from information theft.Of course, many organizations are taking extra security measures, including the usage of firewalls (a security mechanism that allows limited access to sites from the Internet).Still, hackers will gain access. If a fifteen year old can shutdown NASA, what hope is there?Recently, Ernst & Young, a major consulting and accounting firm, set up computer labs across North America which allow information security consultants to perform 'ethical hacks' to assess the strengths and weaknesses of a client's networks and systems.By using existing hacker tools, they're fighting fire with fire.'Ethical hackers' are being paid thousands of dollars to provide clients with clear evidence of how vulnerable their networks are to attacks that could compromise their most sensitive information.This is proving an effective way of gauging the level of security within a system.Hacking has become so prevalent that it is almost synonymous with the computer subculture. This "computer geek" culture is portrayed on television (X-files, the Lone Gunmen) and in movies (Hackers, Anti-Trust) as cynical and often self-righteous.With that, there is a sense of rebellion against big business; the proverbial David struggling against a corporate Goliath. In many of these crimes, people do them to defy corporations or the government; money is not always the motive. However, it is an act that is still unacceptable that victimizes all who use the Internet. Viruses, shutdowns, crashes and email hacking will be the burden of the user, a company's money lost to theft will be the burden of its customers and a government's money spent on security will be the burden of its citizens.Is there anyone not affected by Internet crime? Nope.
AntiVirus software is a good start to protecting yourself and your data
Death from the mailroom – iPhone hacks your company from the inside.
Death from the mailroom – iPhone hacks your company from the inside.
Las Vegas (NV) – The Apple iPhone is great for phone calls and viewing YouTube videos, but it can also be turned into one heck of a wireless hacking tool capable of wrecking havoc on almost any company or government organization from the inside. In a talk at the Defcon security convention, Robert Graham and David Maynor of Errata Security explained how they could defeat firewalls, intrusion detection systems and even armed security guards by Fedexing a modified iPhone to a fictitious employee. The phone calls home every hour and can then be instructed to sniff network traffic, discover nearby wireless devices and even download information.
Robert Graham, co-founder and CTO of Errata Security
Graham and Maynor first came up with the idea of the hacking iPhone when a client wanted them to perform a wireless penetration test at a faraway facility. Graham told TG Daily that such a test would have required costly travel and losing nearly a day sitting in airports and on a plane. The simpler way seemed to send them an iPhone with special scanning tools installed.Installing the software wasn’t the biggest problem as you can pretty much do anything to the phone after you jailbreak it. Graham and Maynor had to figure out how to power the phone for several days as it crisscrossed the United States. They also had to figure out how to control the phone from anywhere in the United States because the phone’s IP address would constantly change as it traversed cell towers and wireless access points on its journey.An APC extended battery pack fixed the power issue by providing approximately five days of power in a deck of cards form factor. Graham and Maynor solved the control issue by having the phone call home every hour with an SSH connection. Once connected, the pair could instruct the phone to launch wireless sniffing tools like Graham’s Ferret which enumerates nearby computers and all the hotspots they’ve connected to recently.The phone and the APC battery fit inside the original iPhone box which worked out great for Maynor as he walked to the local UPS store to ship the unit. “I just told people that someone won an eBay auction for an iPhone,” he joked.In initial runs, the iPhone’s scanning showed some interesting results. Graham told the audience that the phone would just sit in a receiving facility, usually a mailroom, for a long time. Fedex and UPS generally will deliver numerous boxes in a shipment and then a secretary or internal mailman (in larger companies) will then sort everything to its final destination. But if the package is addressed to someone who doesn’t work at the company, then employees will have no real urge to move it. Calls need to be made to verify that the employee doesn’t exist and then someone will finally call the shipping company to pick the package – this all takes time, time that the phone can use to scan the internal network.Once the phone was inside a business, Graham said most of the wireless networks were wide open. This should probably come as no surprise as companies usually trust employees and anyone’s who has made it past the front door must be friendly.While the notion of an iPhone attack may seem a bit too Hollywood-ish to some, Graham and Maynor say the idea is much better than a hacker sitting outside of a company sniffing for wireless traffic. They say police and even average citizens are quite suspicious of people sitting in their cars with glowing computers screens. Furthermore sending a company an iPhone means you can completely anonymous with a jailbroken iPhone and a third-party SIM card.Companies typically spend thousands even millions of dollars on physical and network security, but Maynor said their iphone can foil all of that by “getting past all the firewalls and crap that they’re buying.” He added that many organizations have armed guards that will stop any intruders, yet they let in the Fedex guy at 10 AM every morning.Graham was scheduled to demonstrate the sniffing software and promises to release it as open source in the near future. Unfortunately Graham and Maynor weren’t able to demonstrate the software because they accidentally left the prototype in a Las Vegas cab. “Some cabbie now has the power to take down the CIA,” Graham joked.
Las Vegas (NV) – The Apple iPhone is great for phone calls and viewing YouTube videos, but it can also be turned into one heck of a wireless hacking tool capable of wrecking havoc on almost any company or government organization from the inside. In a talk at the Defcon security convention, Robert Graham and David Maynor of Errata Security explained how they could defeat firewalls, intrusion detection systems and even armed security guards by Fedexing a modified iPhone to a fictitious employee. The phone calls home every hour and can then be instructed to sniff network traffic, discover nearby wireless devices and even download information.
Robert Graham, co-founder and CTO of Errata Security
Graham and Maynor first came up with the idea of the hacking iPhone when a client wanted them to perform a wireless penetration test at a faraway facility. Graham told TG Daily that such a test would have required costly travel and losing nearly a day sitting in airports and on a plane. The simpler way seemed to send them an iPhone with special scanning tools installed.Installing the software wasn’t the biggest problem as you can pretty much do anything to the phone after you jailbreak it. Graham and Maynor had to figure out how to power the phone for several days as it crisscrossed the United States. They also had to figure out how to control the phone from anywhere in the United States because the phone’s IP address would constantly change as it traversed cell towers and wireless access points on its journey.An APC extended battery pack fixed the power issue by providing approximately five days of power in a deck of cards form factor. Graham and Maynor solved the control issue by having the phone call home every hour with an SSH connection. Once connected, the pair could instruct the phone to launch wireless sniffing tools like Graham’s Ferret which enumerates nearby computers and all the hotspots they’ve connected to recently.The phone and the APC battery fit inside the original iPhone box which worked out great for Maynor as he walked to the local UPS store to ship the unit. “I just told people that someone won an eBay auction for an iPhone,” he joked.In initial runs, the iPhone’s scanning showed some interesting results. Graham told the audience that the phone would just sit in a receiving facility, usually a mailroom, for a long time. Fedex and UPS generally will deliver numerous boxes in a shipment and then a secretary or internal mailman (in larger companies) will then sort everything to its final destination. But if the package is addressed to someone who doesn’t work at the company, then employees will have no real urge to move it. Calls need to be made to verify that the employee doesn’t exist and then someone will finally call the shipping company to pick the package – this all takes time, time that the phone can use to scan the internal network.Once the phone was inside a business, Graham said most of the wireless networks were wide open. This should probably come as no surprise as companies usually trust employees and anyone’s who has made it past the front door must be friendly.While the notion of an iPhone attack may seem a bit too Hollywood-ish to some, Graham and Maynor say the idea is much better than a hacker sitting outside of a company sniffing for wireless traffic. They say police and even average citizens are quite suspicious of people sitting in their cars with glowing computers screens. Furthermore sending a company an iPhone means you can completely anonymous with a jailbroken iPhone and a third-party SIM card.Companies typically spend thousands even millions of dollars on physical and network security, but Maynor said their iphone can foil all of that by “getting past all the firewalls and crap that they’re buying.” He added that many organizations have armed guards that will stop any intruders, yet they let in the Fedex guy at 10 AM every morning.Graham was scheduled to demonstrate the sniffing software and promises to release it as open source in the near future. Unfortunately Graham and Maynor weren’t able to demonstrate the software because they accidentally left the prototype in a Las Vegas cab. “Some cabbie now has the power to take down the CIA,” Graham joked.
Nine Hacks That Will Make You the Master of Your IPhone.
Nine Hacks That Will Make You the Master of Your IPhone.
Only a few days after the iPhone went on sale, hackers were already kicking the wheels and checking under the hood to see if they could pimp out Apple's locked-down smartphone. After a month, they've made surprising progress. Below, we detail some of the milestone hacks for what has been called "the most significant consumer electronics product ever."
Department of Continuous Improvement
Corrections? Additions? Edit this article in the Wired How To Wiki.
Most of the hacks that have been publicized so far are aimed at controlling or enhancing your own iPhone, but a darker side has emerged too. A security firm announced a possible Wi-Fi-based browser exploit, which could give hackers access to an iPhone's microphone, surfing history and contact information -- and possibly website and e-mail passwords stored on the phone, too. Make no mistake: The iPhone is a magnet for hackers, both good and bad.
The hacks below run the gamut from easy hacks almost anyone can do to advanced mods that require serious hardware and software skills. Proceed at your own risk: With any hack, there is a chance you could permanently damage your iPhone or render it unusable, and you're almost certainly voiding your warranty if you try most of these hacks. You have been warned.
Activate the IPhone Without AT&T Ordinarily, the iPhone needs to be activated from within iTunes and registered with the carrier, AT&T, before it can be used for anything except telling the time and calling 911. Jon Lech Johansen (aka "DVD Jon"), who is notorious for cracking the CSS protection scheme on DVDs, took only five days to write a program that can bypass the activation step. It's called Phone Activation Server 1.0. Of course, if you don't have an AT&T account, the phone part won't work, but this hack does get you Wi-Fi, web surfing, e-mail and music capabilities. Difficulty: Medium Details: DVD Jon Hacks iPhone: No Activation Required
Use the IPhone with a Business or Prepaid Account Once the iPhone has been activated, it is possible to substitute the supplied AT&T SIM with another AT&T or Cingular SIM. Why would you do this? If you already have an account with AT&T, you can transfer it to your iPhone by dropping in your old phone's SIM card. This hack will let you use a business account (otherwise not available for the iPhone) or a pre-paid account with your iPhone. Another way to get a prepaid account for your iPhone is to fake bad credit. Here's how: During activation, keep entering a bogus Social Security number and eventually iTunes will give up and offer you a pre-pay account. Sweet. (The same trick also works if you actually do have bad credit and use your real Social Security number.) Difficulty: Beginner Details: Hackers Saw Through IPhone AT&T Shackles
Play Tilt Tilt is a game which takes advantage of the iPhone's tilt sensors, the things which cause the display to flip when you change the orientation of the handset. Developer Joe Hewitt created Tilt at iPhoneDev Camp, and the game involves tilting the phone to control the main character, Flip, and help him eat falling leaves and butterflies. It's no Wii Tennis, but it is a nice demonstration of the iPhone's innovative controls. Difficulty: Beginner Details: Play Tilt on your iPhone
Store Files on Your IPhone IPhoneDrive is a graphical file transfer tool for the iPhone. Just hook the phone up to your Mac and you can drag and drop files to and from the iPhone, using it as an external hard drive the way God intended. Why on earth Apple didn't include this feature from the start is a mystery, since every other iPod already has a similar capability. IPhoneDrive costs $10. Difficulty: Beginner Details: iPhoneDrive Product Page
Only a few days after the iPhone went on sale, hackers were already kicking the wheels and checking under the hood to see if they could pimp out Apple's locked-down smartphone. After a month, they've made surprising progress. Below, we detail some of the milestone hacks for what has been called "the most significant consumer electronics product ever."
Department of Continuous Improvement
Corrections? Additions? Edit this article in the Wired How To Wiki.
Most of the hacks that have been publicized so far are aimed at controlling or enhancing your own iPhone, but a darker side has emerged too. A security firm announced a possible Wi-Fi-based browser exploit, which could give hackers access to an iPhone's microphone, surfing history and contact information -- and possibly website and e-mail passwords stored on the phone, too. Make no mistake: The iPhone is a magnet for hackers, both good and bad.
The hacks below run the gamut from easy hacks almost anyone can do to advanced mods that require serious hardware and software skills. Proceed at your own risk: With any hack, there is a chance you could permanently damage your iPhone or render it unusable, and you're almost certainly voiding your warranty if you try most of these hacks. You have been warned.
Activate the IPhone Without AT&T Ordinarily, the iPhone needs to be activated from within iTunes and registered with the carrier, AT&T, before it can be used for anything except telling the time and calling 911. Jon Lech Johansen (aka "DVD Jon"), who is notorious for cracking the CSS protection scheme on DVDs, took only five days to write a program that can bypass the activation step. It's called Phone Activation Server 1.0. Of course, if you don't have an AT&T account, the phone part won't work, but this hack does get you Wi-Fi, web surfing, e-mail and music capabilities. Difficulty: Medium Details: DVD Jon Hacks iPhone: No Activation Required
Use the IPhone with a Business or Prepaid Account Once the iPhone has been activated, it is possible to substitute the supplied AT&T SIM with another AT&T or Cingular SIM. Why would you do this? If you already have an account with AT&T, you can transfer it to your iPhone by dropping in your old phone's SIM card. This hack will let you use a business account (otherwise not available for the iPhone) or a pre-paid account with your iPhone. Another way to get a prepaid account for your iPhone is to fake bad credit. Here's how: During activation, keep entering a bogus Social Security number and eventually iTunes will give up and offer you a pre-pay account. Sweet. (The same trick also works if you actually do have bad credit and use your real Social Security number.) Difficulty: Beginner Details: Hackers Saw Through IPhone AT&T Shackles
Play Tilt Tilt is a game which takes advantage of the iPhone's tilt sensors, the things which cause the display to flip when you change the orientation of the handset. Developer Joe Hewitt created Tilt at iPhoneDev Camp, and the game involves tilting the phone to control the main character, Flip, and help him eat falling leaves and butterflies. It's no Wii Tennis, but it is a nice demonstration of the iPhone's innovative controls. Difficulty: Beginner Details: Play Tilt on your iPhone
Store Files on Your IPhone IPhoneDrive is a graphical file transfer tool for the iPhone. Just hook the phone up to your Mac and you can drag and drop files to and from the iPhone, using it as an external hard drive the way God intended. Why on earth Apple didn't include this feature from the start is a mystery, since every other iPod already has a similar capability. IPhoneDrive costs $10. Difficulty: Beginner Details: iPhoneDrive Product Page
Subscribe to:
Posts (Atom)