Internet security and hackers (for beginners) This is my first article for antichat, so don't judge it strictly... =) INTERNET SECURITY and hackers. 1. Actuality of security. Definition of word “hacker”. The internet security is one of the most important things nowadays. That’s because of widespread usage of the internet, for example communication, sell/buy operations, searching for any information and so on… And if you want to protect your private information from “hackers” you have to pay a lot of attention to security, anything may get attacked by “hackers” from personal computer to server. The flaws, which “hackers” use, can be caused by bad scripts, wrong codes and also by users themselves! That’s why anyone has to know some simple and useful rules which decrease the possibility of being hacked. For example I will describe the method of choosing password: 1 Password’s length must be at least 6 characters 2 These characters must consist of both lower-case and capital letters 3 It is good to have special symbols in passwords like @#$& and digits 4 It is strongly recommended not to save your password on your computer Following these rules keeps your password in comparative safety. Now it’s time to give a definition to the word "hacker"… In computer security, a hacker is a person who specializes on work with the security mechanisms for computer and network systems, who attempts to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity, these people are called ethic hackers or “white hats”. But nowadays because of mass media disinformation “hacker” means not exactly the real hackers but those people who are trying to get access through security mechanisms. So “black hats” are those “bad” people who were incorrectly called hackers. Also there is one more type of hackers, it is “grey hat” this is something in-between “white hat” and “black hat”. 2. “White hats” and “black hats”. The history of computers and networks is closely connected with the term “hacker”, moreover Internet and some operating systems were made by hackers which were trying to make the information open for everyone. The example of “white hat” is Linus Torvalds who has originally developed the Linux kernel as a hobby OS for the Intel 80386 CPU. One of the most famous “grey hats” is Adrian Lamo. Adrian Lamo is best known for breaking into The New York Times' local computer network in February 2002, adding his name to confidential databases of expert sources, and using the paper's LexisNexis account to conduct research on high-profile subjects, although his first published activities involved operating AOL watchdog site Inside-AOL.com. The Times filed a complaint and a warrant for Lamo's arrest was issued in August 2003 following a 15 month long investigation by federal prosecutors in New York. At 10:15 AM on September 9, after spending a few days hiding, he surrendered to the US Marshals in Sacramento, California. He re-surrendered to the FBI in New York City on September 11, and pleaded guilty on one count of computer crimes against Microsoft, Lexis-Nexis and The New York Times on January 8, 2004. Later in 2004, Lamo was sentenced to six months long detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 as restitution. He was convicted of compromising security at The New York Times and Microsoft, and is alleged to have admitted to exploiting security weaknesses at Excite@Home, Yahoo!, Microsoft, MCI WorldCom, Ameritech, Cingular and has allegedly violated network security at AOL Time Warner, Bank of America, Citigroup, McDonald's and Sun Microsystems. Companies sometimes use proxies to allow their employees access to the internet, without giving the internet access to their internal network. However, when these proxies are improperly configured, they can allow access to the company's internal network. Lamo often exploited this, sometimes using a tool called ProxyHunter. Critics have repeatedly labeled Lamo as a publicity seeker or common criminal, claiming that he has refused to publicly refute. When challenged for a response to allegations that he was glamorizing crime for the sake of publicity, his response was "Anything I could say about my person or my actions would only cheapen what they have to say for themselves." When approached for comment during his criminal case, Lamo would frequently frustrate reporters with non sequiturs such as "Faith manages" and "It was a beautiful day." At his sentencing, Lamo expressed remorse for harm he had caused through his intrusions, with the court record quoting him as adding "I want to answer for what I have done and do better with my life." As of January 16, 2007, Lamo's probation was terminated, ending a three-year period during which the U.S. District Court's ruling prevented him from exercising certain freedoms, including the ability to employ any privacy protection software, travel outside certain established boundaries, or socialize with security researchers. 3. Protecting personal information from spyware and malware Today every user may face a big problem caused by malware(viruses, worms) or spyware(Trojan horses). This type of tiny programs is well known by its harmful effect on operating system. Here are descriptions of such programs: Virus A computer virus is a computer program that can self-copy and infect a computer unbeknown to user and without his permission..0 However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as it occurs in a metamorphic virus. A virus can only be spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss. Worm A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Worm + Virus Nowadays it’s common to face with a combination of virus and worm. This type of malware sends itself similar to worm and can destroys files like virus. Trojan horse A Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action, but in fact, performs another. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such badware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user (see Social engineering). It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term derives from the classical myth of the Trojan Horse. In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes which allow kernel code to access anything for which the access is not authorized. Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems. The nine main types of Trojan horse payloads are: 1 Remote Access. 2 Email Sending 3 Data Destruction 4 Downloader 5 Proxy Trojan (disguising others as the infected computer) 6 FTP Trojan (adding or copying data from the infected computer) 7 Security software disabler 8 Denial-of-service attack (DoS) 9 Trojan.ByteVerify 10 URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection) Some examples of damage are: 1 erasing or overwriting data on a computer 2 encrypting files in a cryptoviral extortion attack 3 corrupting files in a subtle way 4 upload and download files 5 allowing remote access to the victim's computer. This is called a RAT (remote administration tool) 6 spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector' 7 setting up networks of zombie computers in order to launch DDoS attacks or send spam. 8 spying on the user of a computer and covertly reporting data like browsing habits to other people 9 making screenshots 10 logging keystrokes to steal information such as passwords and credit card numbers (keyloggers) 11 phishing for bank or other account details, which can be used for criminal activities 12 installing a backdoor on a computer system 13 opening and closing CD-ROM tray 14 harvesting e-mail addresses and using them for spam 15 restarting the computer whenever the infected program is started 16 deactivating or interfering with anti-virus and firewall programs 17 deactivating or interfering with other competing forms of malware 18 randomly shutting off your computer The example of Trojan horse is Pinch, this Trojan was made by Russian hackers, it can get passwords from internet browsers and messengers. Methods of struggle with malware and spyware To avoid the problem of being infected by malware and spyware it’s worth to have antivirus program and firewall. One software helps to find suspicious programs and to delete them from HDD (the most popular antiviruses are Nod32 , Dr.Web, Kasperskiy, Symantec). Another software is intended to scan in/out coming traffic through network ports and if something is wrong the port will be shutdown to restrict external access to the computer, this is very useful against Trojans, because they can’t send information to hacker. This software helps in 60% of events, if user is careful and understands what he is doing, then this percentage will increase. There are some advises for users. It is recommended to check all files you get from the web and messengers, for example some time ago a virus was spread in popular ICQ messenger, which sent itself, so you could get this virus from your friend and open it without suspecting anything. Another advise is not to open strangely named websites, because they may have harmful content. 4. Security in the web Now I’m going to tell you about web security. The flaws on sites are divided on three groups: PHP-including, SQL-injection and XSS flaws. PHP-including PHP-including is one of the most dangerous mistakes of web-site developers. So what is php-including? It means injection of any php-code in the page. Let’s study why the problem appears (why it is possible to inject any code). For example there is a file index.php with this code: Code: <? echo "Configuration:<br>"; include "config.php"; ?> And a file config.php contents: Code: <? echo "Processor:1,7<br>RAM:64 MB"; ?> The interpreter will transform index.php into: Code: <? echo "Configuration:<br>"; echo "Processor:1,7<br>RAM:64 MB"; ?> so instead of include “config.php” it will be replaced with content of a file. This is an example of strong include (when the file which has to be included is strongly defined and can’t be changed). And now let’s examine a variant when the file can be freely chosen: Code: <? if($page!='') include "$page"; ?> in the beginning there is a check whether the file is empty or not, if not then file includes, and if we do this query index.php?page=config.php then there’ll be displayed: Code: Processor:1,7 RAM:64 MB It seems that there is no flaw, but there is!!! You may think that included files could be only from initial server, but this is incorrect!!! Included ones might be also remote files from other servers. It can be checked in this way: make a site like test.site.ru, upload a file in there index.php: Code: <? echo "Test to show including of remote files!"; ?> and now if we make a query index.php?page=http://test.site.ru/index.php then we’ll see this: Code: Test to show including of remote files! It means that including was successful and that a hacker can send any code to server. This can cause loosing information or turning off the server. To avoid this problem in this script there must be the filtration of file types and directories implemented which can be used in queries. But this example is not the only one… SQL-injection SQL-injection is one of the most spread critical flaws. As every flaw sql-injection is caused by programmer's mistake. So what benefits can a hacker have from sql-injection? This flaw allows a hacker to carry out any code in the database. The result of this flaw is getting information from databases (passwords, private information) in the worst case the whole site can be destroyed. Often sql-injection proceeds because of bad filtration. For example if we have such site www.site.ru/index.php?page=1 parameter page can be integer or string type, if hacker adds ‘ in this URL then the interpreter will display an error message like this one: MySQL Error: mysql_query(.......) error expression syntax... It means that there is mistake in filtration. After that a hacker can build any query, for example like this: www.site.ru/index.php?page=1’ +union+select+1,login,password,4,5+from+users+limit+1,1/* this will show logins and passwords of users registered on the site. As it was said before the solution of the problem is filtering what user inputs. XSS(cross site scripting) This type of flaw is intended to attack not the site server but its user. XSS is an injection of javascript code in the site page; mostly this code has reference to sniffer. Sniffer is a program which intercepts in/out coming information. So this program can steal users' cookies, after that the hacker can enter the site under user’s login and do things which can undermine user’s reputation. This flaw is caused by filtration too. Often the form of entering messages automatically closes the text with “>, if hacker inputs string “><script>alert()</script> then <script>alert()</script> will be injected in the html page. To solve this problem a programmer has to filter html tegs and special symbols like ‘<>”. 5. Other hacker’s methods In this part I’m going to tell you about other types of hackers' attacks. These type are: Brute force A brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out. Accordingly, one definition of "breaking" a cryptographic scheme is to find a method faster than a brute force attack. The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code. Carding Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the bank's attention. A website known to be susceptible to carding is known as a cardable website. In the past, carders used to use computer programs called "generators" to produce a sequence of credit card numbers, and then test them to see which of them were valid accounts. Another variation would be to take false card numbers to a location that does not immediately process card numbers, such as a trade show or special event. However, this process is no longer viable due to widespread requirement by internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiry date, as well as the more prevalent use of wireless card scanners that can process transactions right away. Nowadays, carding is more typically used to verify credit card data obtained directly from the victims by Skimming or Phishing (fake site with input form for credit card pin). Social engineering Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim. All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques. For example Trojan horse gimmes: Gimmes take advantage of the victims' curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything from a "cool" or "sexy" screen saver, an important anti-virus or system upgrade, or even the latest dirt on an employee. Victims succumb by opening the attachment. Since naive users will blindly click on any attachments that seem even mildly legitimate, the technique can be quite effective. 6. Conclusion In the end I’d like to say that terms “security” and “hacker” can’t be separated. To be good at internet security in turn means to be a good hacker. It doesn’t mean that everybody has to become hackers and test their skills in breaking sites and frauding users, but it means that people must study security problems to be always well-informed on recent errors in their soft- and hardware that may be used by “black hats”, because when you know where the danger is you’ll be in comparative safety!!!
Thats all, great thanks to antichat, cause i've borrowed some information from our guru's articles. And of course thanks to google.ru =) Waiting for your complaints!!!
that's too impolite and just means that you are too young and inexperienced to give constructive criticism, may be you suffer from inferiority complex, in that case i feel sorry for you...
why? not at all. the only thing u r really able to do is offering your baseless statements which have no sense. btw if u wanna show off ur good english the place u've chosen for it is not correct. and i'm sure that u r not able to answer a question "what's the point of this article?", as there're plenty of other articles of the same contents both in english and in russian. any arguments?
have u seen any one in there? of course i can answer: this topic is some kind of FAQ for the beginners, which are asking silly questions and get banned. if you'll show me that all antichat's users know each definition in this article(i don't mean specialists), i'll delete it, but im not sure it's so... this is minimum for further studings!
Actually I found out a few unknown things from this article even though it may appear to be very basic to antichat's "elders". Why? Quite contrary, this IS the place, where else? Besides, his article is self-written and compiled, I've no idea why you wanna argue so much. *shrugs*
