Motley cabal of online hacker and librarians. All about online hacking and more ...

Posts tagged Ethical Hacking

Online Hacking Weblog: Malware Threat that Sneaks in through Facebook Images

Nov14
2011 Leave a Comment Written by blogadmin

Imagine this online hacking scenario: someone stealing information from your computer while you are uploading an image on Facebook. Scary, yes. Implausible? Think again; it may sound like its coming from a cyberpunk tale, but it’s quite possible with the latest online hacking techniques.

A collaborative effort between researchers from the University of Illinois at Urbana-Champaign and the Indraprastha Institute of Information Technology in New Delhi, India Online Hacking Weblog: Malware Threat that Sneaks in through Facebook Imageshave come up with “Steganobot”, a new generation botnet, which attaches itself to Facebook profiles and gains access to the user’s confidential data such as e-mail passwords while uploading Facebook pictures. The researchers said that Stegobot was developed to show how easy it could be for a hacker to exploit Facebook photos upload feature to sneak into the user’s computer.

Botnet Malware: Online Hacking Evolution

Malware is an extremely serious threat to modern networks. In recent years, anew form of general-purpose malware known as bots has arisen. Bots are unique in that they collectively maintain communication structures across nodes to resiliently distribute commands and data through a command and control (C&C) channel. The ability to coordinate and upload new commands to bots gives the botnet owner vast power when performing online hacking activities of a criminal nature, including the ability to orchestrate surveillance attacks, perform DDoS extortion, sending spam for pay, and phishing.

The evolution of botnets for online hacking has primarily been driven by the principle of `whatever-works’. Early botnets followed a centralized architecture. However, the growing size of botnets led to scalability problems. Additionally, the development of online hacking defense mechanisms that detect centralized command-and-control servers further accelerated their demise. This led to the development of a second generation of decentralized botnets.

Meet Steganobot: New Botnet developed to Study Future Online Hacking Threats

Stegobot initially gains access to computers through the usual channels such as infected attachments or directs to malware-laden content. After gaining access, Stegobot applies a technique called “steganography” to conceal data in the image files without affecting the picture’s appearance.

Online Hacking Malware: Streganobot

Topological Diagram of Steganobot

The botnet incorporates the information into any image you are uploading on Facebook. And then it waits for one of your friends to see your profile. Stegobot can then infect your computer even if your friend has not clicked on the corrupted image. In case your friend is also infected with the botnet, then any photo they upload will also pass on the stolen data. And the relaying of the data can eventually land into the hands of a botmaster, who will be then able to access your identity.

The study focuses on the development of a decentralized botnet based on a model of covert communication where the nodes of the network only communicate along the edges of a social network. This is made possible by recent advances in malware technologies. Social malware refers to the class of malware that propagate through the social network of its victims by hijacking social trust. Instances include targeted surveillance attacks on the Tibetan Movement and the non-targeted attack by the Koobface worm on a number of online social networks including Facebook.

By adopting such a communication model, a malicious network such as a botnet can make its traffic significantly more difficult to be differentiated from legitimate traffic solely on the basis of communication end-points. Additionally, to frustrate defense efforts based on traffic flow classification, Steganobot’s development team intends to explore the use of covert channels based on data concealment techniques. What if criminals used steganographic data hiding techniques which exploit human social behavior patterns in designing botnets? Would it be possible to design such a botnet? How would it be superior to existing botnets, and where would it be inferior to the same? These are some of the questions this study hopes to answer in this paper.

The research related to Stegobot is quite significant as this online hacking threat is virtually undetectable. Of late we have seen a spate of online hacking across the world. Whether it has been a government website or the IMF network, everything online seems vulnerable. Online hacking techniques such as botnets have only strengthened the contemporary need for more secure and foolproof methods to safeguard online identity. For continued updates about malware protection and safe web behavior, keep reading our online hacking weblog.

Posted in Hacking News, Online hacking, Online Privacy - Tagged , ,

Ethical Hacking: Facebook Offers Bounty for Detecting Bugs

Nov08
2011 Leave a Comment Written by blogadmin

As you’d have guessed from the previous posts about ethical hacking on our online hacking weblog, Over the past few months, Facebook has been running a bounty program of sorts aimed at rewarding white hat hackers for detecting security holes in the site.  At last count, Facebook had shelled out nearly $40,000 within the first three weeks of this program; if nothing else, this little piece of statistic does illustrate the merits of outsourcing your website’s cyber security jobs to freelance ethical hackers

Bug Bounty: Facebook Pays You for Ethical Hacking

Ethical Hacking: Facebook Offers Bounty for Detecting BugsThe objective of the “bug bounty” program is to encourage cyber security experts to help ramp up Facebook’s security against online hacking attacks. Facebook has already paid above $7,000 for detecting as many as six serious bugs in the site. The social networking company is running the ethical hacking program alongside its other measures to ward off internet-based threats to the site.

Facebook chief security officer Joe Sullivan has revealed some details of the ongoing bug bounty program in a blog post. He said in the post that the ethical hacking had helped make Facebook more secure by revealing “novel attack vectors, and helping us improve lots of corners in our code”. Sullivan revealed that the minimum sum paid for bug detecting is $500, which can be extended up to $5,000 depending upon the seriousness of the loophole detected. Facebook has already shelled out the maximum bounty once.

Sullivan adds that Facebook’s White Hats initiative has received positive response worldwide. He goes on to describe how Facebook received applause on launching their responsible disclosure policy last year, in which Facebook told ethical hacking researchers that they had the freedom to report the bugs in accordance with the policy without fearing adverse action by Facebook.

Turning to Ethical Hacking to Counter Rising Threats

Facebook’s bug bounty program comes in the backdrop of escalating threats to the social networking site from cyber criminals and vandals. According to reports, Facebook has been a prime target of the cyber criminals and that they are looking out for different ways to extract confidential and useful information from Facebook users and promote spamming on the site, necessitating the move to harness ethical hacking talent from the world over.

Facebook has apparently gone extra mile by inviting bug hunters to ensure site’s safety. Reports have claimed that Facebook is now in talks with third party institutions which are ensuring that the company’s privacy policy also covered the white hat ethical hacking researchers.

Researchers from more than 16 countries have successfully submitted bounty bugs, Facebook said. Its public “thank you” list names dozens of ethical hacking contributors.

That will be all for now, but we’ll continue to feature more news articles on ethical hacking on our online hacking weblog.

Posted in Online hacking - Tagged , ,

Cyber-security: Fighting Online Hacking makes for a Lucrative Career

Sep27
2011 Leave a Comment Written by blogadmin

Fight the Hacking Menace

Electronic fraud and Internet-related offenses such as hacking are fast-turning into a serious law-and-order issue, especially in the Western world. With internet technology becoming an ever pervasive part of our lives, it is becoming more and more crucial to be aware of security issues with respect to hacking and the dos-and -don’ts of being a netizen so as to not be a victim. Also, with corporations becoming more aware of the need for computer security, a qualification in cyber security can make for a lucrative career, turning you into a veritable cyber-Marshall who combats the evil of hacking. What’s more, a lot of these courses are available online!

Of course, there exist proper brick-and-mortar institutions that offer similar courses, but online learning affords you the luxury of learning at your own pace. Effectively, it lets you plan your course to suit your life instead of the other way round.

A Course to Counter Hacking

While yoCyber Security Against Hackingu’ll learn many things in this course, of utmost importance is the part where they teach you about countering cyber-terrorism. Cyber-terrorism is still a tentative term and aspects of it are still emerging. However, one can say that cyber-terrorism is where the menace of hacking, hitherto ranging from merely annoying fiddling to financial crimes or even corporate espionage, has now turned into a full-blown hazard threatening the national security of various countries and endangering millions of lives.

Cyber terrorism is the sort of hacking where a hacker breaks into a system containing sensitive classified information pertaining to a nation’s security interests; the access is usually granted via the internet, but sometimes a hacker may have to connect to a more secure, exclusive network through the internet, thus involving another layer of security that has to be compromised. The classified information thus accessed may be made public for all to see, or just sold to the highest bidder. Such hackers can even be in the employ of intelligence agencies seeking to spy on another country. Cyber-terrorism is just an extension of one way that hacking has been used by the business world for quite some time: corporate espionage by breaking into a rival company’s systems. The difference is that the stakes are much higher in this case than just corporate hacking. The anonymous nature of the Internet makes it easy for certain groups to attack rival groups or target individuals with impunity.

A few of the other topics of relevance that are taught in the course are cyber law, computer forensics, fighting malware and cyber-compliance. There is also a fair degree of stress on countering intrusion with software/ hardware and firewalls.

In a Nutshell

What it comes down to is protecting sensitive information and checking unauthorized access to any data. Implications of this can be very wide, from preventing national-security level espionage, to saving critical computer systems from malicious software, and even to preventing identity theft that ultimately leads to credit card fraud or possibly something more nefarious.

A computer is like a gun; it can be used for evil or for good, and that depends on the man controlling it. By being a cyber security professional, you are choosing to take things in your hands and do your bit to counter the threat of hacking.

Posted in Hacking News, Online hacking - Tagged , , , ,

Using ‘Art of War’ to Fight Online Hacking

Sep20
2011 Leave a Comment Written by blogadmin

Be the Hacker to Counter Online Hacking

When it comes to combating cyber-crimes such as online hacking, the methods and technologies used mean that there’s a very thin line that divides you, the cyber-security expert, from Security Against Hackingthe criminal hacker (or cracker) you are meant to stop. In such a case, it is most important to be aware of yourself and where you stand, as also being aware of your opponent, the evil genius computer hacker (sounds melodramatic, but humor us) and his strengths and weaknesses.

Applying Sun Tzu & The Art of War to the ‘ War Against Online Hacking ‘

Ancient Chinese philosopher Sun Tzu has said something to the same effect: for certain victory, one must at all times recognize yourself and acknowledge of your enemy; being aware of yourself but not recognizing your enemy’s nature lowers your odds of victory to merely probable, while not being aware of either will lead to certain defeat.

Heed the immortal words of Sun Tzu, know yourself. Or perhaps more to the point, know your computer system; the security holes and the loopholes. Think like an online hacking expert as to how you would invade the system if you were a hacker; to stop the hacking attack, you must become the hacker, find the weaknesses, and plug them in anticipation of the actual online hacking attempt.

Your diligence or ingenuity in writing code is no guarantee of security from being compromised. You must be proactive and use an online hacking mindset in discovering faults in the system that can be exploited to gain unauthorized entry.  Even then, your job may only be half done.

Trying to trace a hacker on the Internet can be as elusive a task as looking for irrefutable proof that the ‘Loch Ness Monster’ exists. Of course, technologies exist in the field of cyber-forensics that can enable tracking online hacking miscreants, but as the proverb goes: a bird in the hand is better than two in the bush. So, it is better to thwart any attempts at online hacking than to detect and punish the hacker later, because a stitch in time saves nine. It might also save your company from featuring on the nine ‘o clock news as the latest victim.

Simply learning the most commonly exploited loopholes and the most widely used access methods would not help, especially if you slavishly follow what you’ve learnt by heart. You’ll be mistaken in your assumption that you’re secure from all online hacking activity. You must instead learn to be dynamic; understand that ordinarily, a hacker is one-step ahead of the law and would easily thwart all textbook attempts to prevent hihim from hacking into the system. You must therefore erase this lead a hacker has over you by being unpredictable yourself, then only shall you fulfill the tenets described by Sun-Tzu and only then shall you be assured of victory. Armed with this knowledge shall you go forth to fight online hacking.

Stay tuned to this online hacking weblog for more updates, articles and opinions of the world of (cyber)crime-fighting.

Posted in Hacking News, Online hacking - Tagged ,

Ethical Hacking: Think Like a Hacker

Aug03
2011 Leave a Comment Written by blogadmin

Ethical Hacking: A Contradiction Unto Itself?

There are those of you for whom the term ‘ethical hacking’ is an oxymoron. Hollywood and pop culture stereotypes have made sure that any ‘hacking’ activity is seen as negative and even criminally motivated. Well, it is true that hacking is, fundamentally, taking advantage of unprotected or weakly guarded sites or systems. It is equally true that this can be used to the hacker’s advantage for personal gain, often at the cost of others. It is these criminal-minded, often pointlessly destructive individuals who’re frequently referred to as hackers which, though technically incorrect, should be persisted with now if we are to even begin defining what ethical hacking is all about. So, it is already pretty clear that hackers (the criminal sort, anyway) can be a real menace due to the fact that they’re expert programmers, something that makes them superhuman as long as they have a computer close by.

Enter the Good Guys: Ethical Hacking

Ethical Hacking

Ethical Hackers: Detectives for the Information Age

Because of these super-powered villains, others (often companies,) who want to strengthen the protection of their online systems turn to professionals for help. These professional hackers (the good guys, sometimes known as “white hats,”) use an ethical hacking style to help build a stronger defense against real hacking threats. By purposely “attacking” the system, they can quickly discover its security holes, and then begin to come up with ways to stall, avoid or eliminate the hacking attacks of the sinister sort.

So let’s put this charade aside now, for you can now see that not all hacks are bad. However, for the sake of convenience, we’d still have to use the same terminology to distinguish ethical hackers from the harmful hacking (dubbed ‘cracking’ in the elite world of super-programmers). The act of hacking ethically into a system in order to expose possible weak points, ones that real hackers, or “black hats” (due to less savory intentions) can exploit, can help prevent the company from loss of earnings or reputation. Indeed, a lot of companies are now employing the skills of those who can perform this task because they understand that the only way to fight against skilled hackers is with another skilled albeit ethical hacking specialist of their own!

Ethical Hacking: Set a Thief to Catch a Thief?

Well, not always. But considering that ethical hacking modus operandi comprises of breaking into online systems, the likelihood of the really good white hats being hired professionals who have made their bones as black hat hackers. But it’s not always so cloak and dagger; those with a strong proficiency in computer programming can be trained to carry out these services and a fair number of white hat hackers actually are full-time employees of the company who have the desired level of skill.

So long as your actions have been approved by the company that owns the system you break into, whatever mayhem you create during the hacking process will entirely benefit that company provided they follow up and eliminate those weaknesses exposed by you.

Ethical Hacking in a Nutshell

This is not about good or bad hackers, white hats or black hats; ultimately it is about the good of the company, and the safety of sensitive data they have. If you had a rather shady past but have since gotten over your rebel streak and decided to work for the system rather than against it, you will be highly sought after for the services you can now provide.

Ethical hacking is all about getting results when it comes to shielding online systems against break-ins, malicious attacks and date theft. You are concerned only with keeping the assets and interests safe, and only by thinking and acting like a true hacker can this be achieved.

Without a doubt, this is a smart way to safeguard your information assets against online threats. If you’re a company, do not hesitate to employ a white-hat hacker, as they are armed with the requisite level of knowledge and skills to counter a threat from another hacker. On the other hand, if you’re involved in hacking yourself, and would be willing to consider a career on the right side of the law, ethical hacking beckons.

Posted in Online hacking - Tagged , , ,

Network Hacked? Call the Ethical Hacker

Mar14
2011 Written by blogadmin

My colleague to participate in an exclusive club and the logged on user’s website. Here he played on the club facilities for entertainment, exercise and socialization. The site had an online form to collect personal information.

My colleague is a “hacker” by the nature of the profession and just tried to enter the field and immediately found that the shape was the SQL injection vulnerability. Exploitation of this vulnerability could have created many opportunities, including access to all members of the database. Be “ethical”, he refrained from doing so.

So who is a hacker? And how the hacker to ethics? The original meaning of the word “hacker” is someone who is an expert, a guru who can ‘hack’ a program and make it do things not originally intended. Hackers have gained the nickname because they have spent hours hacking away on the keyboard. A ‘hacker’ is a malicious person who will use his technical expertise with criminal intent.

Somehow, the hacker term got associated with criminal intentions. Now it is assumed that a hacker will exploit any security weakness of a system for nefarious purposes. So we had to invent the term ‘ethical hacker’—a person with hacking skills who is ethically bound to help you identify and fix security weaknesses.

How does one become an ethical hacker? The essential ingredient which makes a hacker is unlimited curiosity about how things work, and how things can go wrong. The computer is an extremely complex system. The major components that need to work flawlessly are the operating system, application systems including web-based application systems, database systems and networking systems. And a hacker must have intricate knowledge of all these systems. An hacker should also be an accomplished ‘social engineer’. Famous hackers are also experts in exploiting human weaknesses. People are usually helpful and cooperative, which means they can also be manipulated, flattered, intimated or plain bullied by someone pretending to be an authority.

Hackers study new releases, identify weaknesses, and build superb tools with GUI front-ends to exploit these vulnerabilities. Most of the other hackers only use these tools, but they are so adept at using these tools that they are the real threat. Most ethical hackers study the same tools and become as proficient in the use of these tools as real hackers. If computer systems are tested using the same hacker’s tools, there is a good possibility of finding out most of the vulnerabilities, and then patching them.

Most ethical hackers undergo some formal or informal training on hacking tools. But the real expertise is only developed after long hours of working with these tools and learning to interpret the results correctly. It should be noted that hacking tools often give false positives or false warnings, which need to be correctly identified and weeded out. The danger is when the tools do not identify the latest vulnerabilities. A good hacker needs to know how to identify these using the basic knowledge of the system and not merely by using tools.

There are a number of certifications that an ethical hacker can acquire. But this is one profession where a certificate is no guarantee of one’s hacking skills.

An organization should minutely and independently verify the claims of an ethical hacker. Also, the type of experience should be relevant to the type of systems to be tested.

Reputation hacker ethic should be easy to check from former clients, in reality, it must be done, and any excuse to maintain confidentiality should be questioned. Remember, good hackers are as good as “social engineers”.

Posted in Online hacking - Tagged

Cryptography expert Paul Kocher says Quantum computing is no threat secure to web and wireless network traffic.

Jun19
2010 Leave a Comment Written by admin

Leading cryptography expert Paul Kocher says the new breed of quantum computers will not be able to crack encryption currently used to secure web and wireless network traffic.

The statement follows concerns among some security experts that the high processing power of quantum compute technologies could be used to crack the encryption used by most organisations.

Kocher, chief executive at Cryptography Research Inc, said: “Quantum computing is interesting because it changes fundamentally the way we do computations.”

But, he added, “there are other things besides quantum computing that keep me awake at night. Implementation errors in algorithmic cryptography and buffer overflows cause me to lose vastly more sleep than quantum computing.”

The most secure algorithm in use today is the 256-bit advanced encryption standard, also known as AES. And Kocher says this is safe from quantum computing.

“If anybody making purchasing decisions is troubled about quantum computing, they’re worrying about completely the wrong cryptographic problems,” he said.

Currently quantum compute systems are at a similar stage in development to early transistor-based classical computer systems. The hope is that their increased computational efficiency will allow problems not within the reach of classical computers to be solved.

Posted in Hacking News, Security Software - Tagged , , , ,

Specialists believe packaged apps are full of hackable bugs, security

Jun04
2010 Leave a Comment Written by admin

Nearly one in three (31 per cent) of the respondents to Fortify Software’s survey admitted their organisation had been hacked in the past, and a similar number said they didn’t know if it had.

The vast majority (83 per cent) said they thought off-the-shelf software was buggy and insecure and more than half (56 per cent) said that it was vulnerable to hackers. Consequently many are hacking into their own systems to test the defences they have built.

A small number (three per cent) confessed to attacking competitors’ systems too.

The best way to check that applications are secure is to combine all available solutions, including code and static analysis, web application firewalls, application scanners and pen testing, said 57 per cent of the group. Five per cent admitted that their organisations didnt employ technology for software security.

Of those that admitted to previous hacking experience, 29 per cent learned to hack at work; 26 per cent on the internet; 13 per cent at university; and eight per cent at school. A further eight per cent used friends to help them hone their talent.

The survey was conducted among 300 security specialists in companies of over 1,000 employees.

Posted in Online hacking - Tagged , , ,

Pirates cost software firms $51bn

Jun02
2010 Leave a Comment Written by admin

The world’s software industry lost $51bn to piracy in 2009 as the unlicensed software rate rose to 43%, but losses were less than expected, the Business Software Alliance said today.

The 2% rise over 2008 figures was due to more sales of PCs in emerging markets, the BSA said in its annual global study of software piracy, prepared by IDC.

BSA CEO Robert Holleyman said, “Given the economy, 2009 piracy rates are better than we expected.”

He called on governments in emerging economies to act harder and faster to deter piracy.

Holleyman said a 43% piracy rate meant that for every $100 worth of legitimate software sold in 2009, $75 worth of unlicensed software also made its way into the market.

“This underscores the increasing sophistication of pirates and the urgent need for stronger anti-piracy efforts,” he said.

IDC’s chief research officer John Gantz said cutting software piracy by just 10 percentage points for the next four years would create nearly 500,000 new jobs and pump $140bn into ailing economies.

The US piracy rate was 20%, the lowest in the world, but cost $8.4bn in 2009, IDC found after looking at 182 discrete sets of data from 111 countries.

Piracy rates increased in 19 countries, up from 16 in 2008. This was due to growth in the consumer PC base and in emerging markets, IDC said.

PC shipments to consumers rose 17% in 2009, while shipments to businesses, governments and schools dropped 15%. Brazil, India and China accounted for 86% of the growth in PC shipments worldwide.

China saw the largest increase in the commercial value of pirated software of any country, growing $900m to $7.6bn.

India, Chile and Canada each cut their piracy rates by 3%.

Tagged , ,

Former IT worker arrested for “hacking” hospital network

May27
2010 Leave a Comment Written by admin

The New York Post reported Tuesday that a former IT worker from a Manhattan hospital was arrested last Friday and charged with computer trespass, unauthorized use of a computer, and fourth-degree computer tampering.

According to the article, Jason Wang “wreaked havoc with the computer system at North General Hospital in Harlem after he was fired by official there in September 2009…” The report doesn’t specify what kind of “havoc” Wang is accused of wreaking, but it does indicate that authorities believe Wang used “a doctor’s password and credentials to send a scathing e-mail to other hospital staffers, accusing Michele Prisco, North General’s vice president and chief information officer, of being a racist.”

Whether Wang is eventually convicted of these charges or not, the situation demonstrates the importance of strong internal IT security procedures.

Posted in Hacking News - Tagged ,
« Older Entries
wordpress visitor
© 2011 USRlib.info