The chicken
and egg version of this question has been asked and discussed for years, and I
am not about to crack that question open and get egg on my face. But I do want
to take a look at the computer and the black hat hacker (aka security cracker),
and take you back in time to the first computer. So get ready to blast into the
past to uncover some fascinating facts about the first computers.
Tuesday, December 16, 2014
Hackers: Experts in Their Field
When you think of someone being an expert in their field,
commonly you think of someone with a Dr. in front of their name. However, with
a hacker it is a little different, there is no real way to add the abbreviation
to the beginning or end of their name. Plus, having the term “professional
hacker” attached to your name may be cool to some, but like being a
“professional hit man” it may not land you that corner office with a view of
the bay.
However, a professional hacker is a highly skilled
individual that knows their way in and out of a software, network, or database.
These men and women have a skill set that allows them find holes in a system,
but that is where the road can fork between a white hat and a black hat hacker.
How will they use their skills and the information they have gathered?
Thursday, December 11, 2014
TedTalk - A Future Without Secrets
When you think of social media being used to find out
information about you, you may be thinking that you have nothing to hide, and
your Internet identity is looking pretty good. In fact, you have spent a lot of
time creating an image of yourself that is pretty close to perfect in your
eyes. But do you believe that the data on Facebook alone can be used to guess your
Social Security Number, compromise a job opportunity, and manipulate
advertisement?
Any information can become sensitive information. By using
algorithms, technology, your friends on Facebook, and face recognition, you can
be manipulated both knowingly and unknowingly. Protecting this information is
important to your future, and it is time to take action!
Labels:
cybersecurity,
hack,
hackers,
hacking,
it,
ITsecurity,
tech,
tedtalk
How to Hack the Government!
What do you think of when you think of the government? Do
you think of greed, corruption, and wasteful spending, or do you think of
pride, liberty, and equality? Chances are if you think of the latter you may
feel that hacking into the government would be fun and prove a point that they
are not as powerful as they make themselves out to be. These feelings of
distrust can be seen in the eyes of many hackers that make it a point to take
down .gov websites.
Jeremy Hammond felt that way and wanted to take down those
sites and all that were connected to the government.
Tuesday, December 9, 2014
Why Did the Hacker Cross the Road?
The age old question of “why did the chicken cross the
road?” This random question has been asked time and time again by many people. This
question really has less to do with chickens, it’s more of a question of why do
hackers do what they do?
It depends on which type of hacker you look at really.
Hackers Gonna Hack
Whether a
white hat hacker or a black hat hacker, “hackers gonna hack.” Now not all
“hackers” are out for personal gain for to wreak havoc, but I do submit that
whether white or black, they are addicted to hacking.
Thursday, December 4, 2014
My Pain, Their Pleasure
Hack, after
hack, after hack, after hack . . .
They seem to
never end, and just when you think that the news has covered them all . . .BAM!
Another organization is breached.
Many of us sit
back and think “Oh, those BIG companies. They are the main target, the big
game, and no security cracker would go for the little guy.” The truth is that
many are susceptible to a breach, not just the big players. From websites to
blogs, security crackers are willing to take down any website or blog. This
concerns us at first but then we fall back into our daily routines and forget
that there is more at stake here than an annoying virus. You could be a victim
at this very moment . . .
Really? They
are after my stuff?
They sure are.
According to Nicole Perlroth, author of The New York Times blog, bits.com,
the Verizon “report shows that no matter the size of the organization — large,
small, government agencies, banks, restaurants, retailers — people are stealing
data from a range of different organizations and it’s a problem everyone has to
deal with.” This is a very serious truth that must be realized and dealt with.
Before you
start thinking that these breaches only happen from the inside, let’s take a
closer look. Perlroth states that the “14 percent of all data breaches were the
work of insiders. Most were the work of
external actors who are often difficult to pinpoint because attackers often
route their Web traffic through infected computers around the world,” and “30
percent of all attacks originated in China.”
But wait . . .
let’s not stop here!
Lest you think
all are password guessed or email based attacks, stopthehacker.com’s
blog expounds the Ten Scariest Hacking Statistics:
- PlayStation Network: 77 million user accounts
compromised
- Intellectual Property Stolen: $1 trillion
dollars worth of intellectual property stolen
- Passwords: It takes only 10 minutes to crack a
lowercase password that is 6 characters long
- Victims: 73 percent of Americans are victim to
some type of cyber crime
- Time is Not on Your Side: 156 day lapse between
the attack and detection
- Business is Booming: 90 per of all businesses
were attacked
- Zombies Everywhere: bot net of 1.9 million
zombie computers
- Infected Sites: every day 30,000
websites are infected with malware
- Vulnerable Sites: the average site has over 115
serious vulnerabilities
- Who are You: 27 million Americans have fallen
victim to identity theft
Can I remind
you that identity theft is a serious issue? The United
States Department of Justice states, “A victim's losses may include not
only out-of-pocket financial losses, but substantial additional financial costs
associated with trying to restore his reputation in the community and
correcting erroneous information for which the criminal is responsible.” There
are other great resources on this site like What Should
I Do to Avoid Becoming a Victim of Identity Theft? With identity theft
there is no messing around. This is your identity, it is who you are, a record
of your character. Don’t let someone without an identity take that away from
you . . . ever!
I am not here
to scare you into taking your blog or website off of the Internet, but rather,
make you aware of the very real dangers that are out there waiting to make you
one of the countless victims. Don’t let the security crackers and black hackers
of the world take pleasure in your pain.
Do something
about it!
Note: this is not an attack against
those that are helping advance technology for the greater good.
What Do Hackers Do With Our Data?
In the past couple of years, there have been more and more
hacker attacks, leading us as consumers to feel a little uneasy. As a society,
we almost seem desensitized to the news on TV at this point, and the only time
we take real notice is when the brand that has been hacked is one that we
frequent. Even then our brain signals us to be concerned for a little while,
but as a group, we continue to shop ‘til we drop. From time-to-time we wonder,
where does our information go once it is stolen?
They sell it.
End of story, but really, that is what they do with it.
Everything has a price tag on it these days and like a knockoff Rolex, you can
buy it on the black market. There are international trading sites that are the
marketplace of choice for those both shopping for and selling the stolen data.
In early 2014, RAND Corporation’s National Security and Research Division reported that the trade of names and information has become more profitable than illegal drug trading.
Like trading baseball cards, in these black market trading
grounds some information is more valuable than others. For instance, medical
records are worth far more money than credit card information. Why you may ask?
Unlike a credit card number that can easily be canceled at
any point in time, medical records are solid and cannot be changed. Gaining
someone’s personal health information exposes things like date of birth, full
name, social security number, address, and even more information that can allow
someone to create a fake you. This allows the person to apply for credit cards,
loans, heck even government issued ID’s. Now that is scary.
According to Don
Jackson, Director of Threat Intelligence at PhishLabs, medical records can
trade at more than 10 times the dollar amount of a credit card or user name and
password credentials.
The social network effect
In 2012, Russian Hackers stole 6 million passwords from
LinkedIn and eHarmony, this may not seem very serious since there is not a lot
of pertinent information that could be had from these websites. Both are social
networks, one with your work history and the other with descriptions that may
sound more like the classic Rupert Holmes song about Pina Coladas, but that is
not the data they are after. Breaking in and obtaining these passwords has more
to do with gaining the user names and passwords than anything else. The hackers
have hopes that you are like the typical computer user and use those
credentials on other sites allowing them to access your accounts freely and
sell them on the black market.
Personal insight
While researching to write this blog article it made me
think about my account information and passwords, it inspired me to go in and
change almost all of my passwords to unique account passwords. I suggest you do
the same to protect yourself from identity theft. This can be a very effective
way to protect yourself, and on accounts that offer a two-step or two-factor
authentication option it is definitely a best practice to enable this feature.
By adding two-factor authentication to your account you can ensure that you are
doing everything you can to protect yourself online.
How many passwords do you use?
Tuesday, December 2, 2014
Benjamin Franklin: Hacker
This morning I was sent a link to a Ted Talk featuring Catherine Bracy, Why Good Hackers Make Good Citizens. A good friend thought I would be interested in this video since I write for this blog and they were right! In my life I like to look at the big picture and see what is beyond the painting or lyrics, what is the meaning of the words or imagery? It helps keep my mind open and fresh as an intellectual.
This Ted Talk was right up my alley and took a different
approach to the term “hacker” and opened my eyes to a new term: “civic hacker.”
A civic hacker is someone who sees a problem and wants to figure out a solution
to make it better, improve a way of life or make a change for the greater good
of society.
She calls out Benjamin Franklin as a civic hacker, he
invented so many things that we use everyday, however he invented something
that is life saving and yet not something that immediately comes to mind when
you think of the only non-president to grace a US currency note. He invented
the first volunteer
fire department. He recognized that Philadelphia’s fire department was
struggling to put out fires in a timely manner, which was very troubling to him
and he looked at the situation and thought there was room for improvement.
In 1733 he addressed this problem and a new concept to the
city in the newspaper the Pennsylvania Gazette.
"Soon after it [a
fire] is seen and cry'd out, the Place is crowded by active Men of different
Ages, Professions and Titles who, as of one Mind and Rank, apply themselves
with all Vigilance and Resolution, according to their Abilities, to the hard
Work of conquering the increasing fire."
This action of civic hacking took a concept that existed and
through innovation, improved on it to the point that it ended up
revolutionizing the way we fight fires in America today. Growing up in a small
town, we did not have a full time fire department; we had a volunteer fire
department made up of men and women from all walks of life that would go into
action when called upon.
The theory that Bracy presented of a hacker simply being someone
who simply looks at something and makes improvements, it raised a question in
my mind, who else could be considered a hacker? Henry Ford, Nikola Tesla, John
D. Rockefeller, Andrew Carnegie, and so many leaders of industry took a concept
and improved it to make a better system. What do all of these men have in
common beyond implementing improvements? They were all around before the
internet and computers were ever conceived.
Current day civic hackers
The civic hacker, in modern times, can actually be seen all
around us. For example authentication companies that provide two-factor
authentication solutions to protect not only the company’s information and
assets, but their customer’s personal information as well. Companies like PortalGuard
and others understand the importance providing a secure way to login and
protect information from getting into the wrong hands. Although two-factor
authentication is not the end-all-be-all answer for protecting data from the
black hat hackers of the world, it is a secure step in the right
direction.
Benjamin Franklin was a hacker, who knew?
Book Review - Hacking: The Art of Exploitation
The general
public today would not think of hacking (that is the black hat hacking or
better called security crackers) as an art form. I would submit that it is an
ingenious art form, an art form that requires expertise, crafting, and practice.
Like painters or musicians, you have those that dabble in the art form, not
ever really perfecting it. Then you have those that push the boundaries,
opening up a whole new appreciation or even genre. In my research of hackers
and crackers, I came across Jon Erickson’s book, Hacking: The Art of Exploitation and found a master of in the art of exploitation.
Author
With a formal education
in computer science, Jon Erickson has been programming and hacking since he was
5 and speaks around the world on computer security regularly. He wrote the book
Hacking: The Art of Exploitation in
2003, and it was revised in 2008 in a second edition. Erickson is currently
working in Northern California as a computer security specialist and vulnerability
researcher.
The book
This book
received 4 stars on Amazon
and 4.1 stars on gooreads.com.
Both easy to
read and clear on explaining how computer hacking works, Hacking: The Art of Exploitation at the very least will give you a
great respect for those that understand the inner workings of technology. The 2nd
edition opens up with a clear statement against illegal hacking. Erickson
stresses following the law, and he does not condone hacking that is used in the
end for wrong reasons.
The book
encourages you to be creative, think outside the box, and use the knowledge of
hacking to protect your own personal computer against network attacks. This is
not a book on how to run existing exploits, but rather, gives you an
understanding on how these exploits work. The book is intended to give you the
foundation needed to really push the envelope and advance technology by finding
the weaknesses within the technology and encouraging you to be creative. The
book will give you an understanding of network communications, machine
architecture, programming, and hacking techniques.
A closer look
- Program computers using C, assembly language,
and shell scripts
- Corrupt system memory to run arbitrary code
using buffer overflows and format strings Inspect processor registers and
system memory with a debugger to gain a real understanding of what is
happening
- Outsmart common security measures like
nonexecutable stacks and intrusion detection systems
- Gain access to a remote server using
port-binding or connect-back shellcode, and alter a server's logging
behavior to hide your presence
- Redirect network traffic, conceal open ports,
and hijack TCP connections
- Crack encrypted wireless traffic using the FMS
attack, and speed up brute-force attacks using a password probability
matrix
List taken
from amazon.com
http://books.google.com/books/about/Hacking.html?id=0FW3DMNhl1EC
http://www.goodreads.com/book/show/61619.Hacking
Tuesday, November 25, 2014
The Hackers Cookbook
The title suggests that this posting may have some delicious
recipes that hackers might enjoy, but I am thinking more like the classic book The Anarchist Cookbook, by Steven
Schragis. However, I will provide you with a link with directions on how to be
a white hat hacker!
A little history
lesson: The Anarchist Cookbook
“The Anarchist Cookbook, first published in 1971, is a book that contains instructions for the
manufacture of explosives, rudimentary telecommunications phreaking devices,
and other items. The book also includes instructions for home manufacturing of
illicit drugs, including LSD. It was written by William Powell at the apex of
the counterculture era in order to protest against United States involvement in
the Vietnam War.” -Wikipedia
For those of you who were not around when this book was
published, this book caused a lot of controversy when it was published and of
course grabbed the attention of the Feds at the FBI. One FBI memo called the
book “one of the crudest, low-brow, paranoiac writing efforts ever attempted.”
The lack of a Hackers
Cookbook
When considering that The
Anarchist Cookbook was written as a proverbial middle finger to the
government and an exercise in freedom of speech, how has there not been a
similar book written about hacking? Hackers are known to rage against the
machine and expose the corruption in either a corporation or government, wait
didn’t Ralph Nader do a similar type of thing? More on Ralph ahead.
What I see the hackers cook book containing is not just tips
on how to crack into a network or take down a website, but how to successfully
protest and plan a movement that can make a statement. Because at the end of
the day, isn’t that what hacking is all about? Beyond those who hack for either
personal gain or to support an organization, we forget that even these
brilliant computer geniuses serve a purpose. They can keep the checks and
balances of society online.
The Ralph Nader
Effect
Ralph Nader, beyond having a few unsuccessful Presidential
runs over the years, started life as a protector of the people. Not in the
sense of a member of a police department or military movement, he was
interested in exposing safety problems that affect the average Joe. In 1965, he
claimed that many US made automobiles were simply not safe and even published a
book Unsafe at Any Speed. The
internet was not around back then, but I am willing to bet he would have taken
his research online if he had the opportunity. Specifically, Nader took aim at
the Chevrolet Corvair, a rear engine compact car that had been involved in many
accidents that resulted in lawsuits against Chevy’s parent company General
Motors.
In typical corporate fashion, GM took to the streets and
tried to discredit the claims and even went as far as to hire prostitutes to
try and trap him into compromising positions, look it up on Wikipedia, it is
interesting stuff. Nonetheless they could not stop him, and his efforts made
the government take notice and instate a new division of government: the
National Highway Traffic Safety Administration.
Making the Connection
Nader was an activist, plain and simple. Many did not agree
with his stance at the time, but like Schragis, he took his view of corruption
and put his ideas out there, publishing them to make a difference. Even though The Anarchist Cookbook took a totally
different angle of protest, are these two authors any different than White Hat
and Black Hat hackers?
Nader being a White Hat hacker in the sense that he took his
opinions of corruptions and wanted to put them to work in a positive light by
publishing a book that spawned the development of a consumer safety
organization, Schragis being a Black Hat of sorts by compiling a book of
instructions to overthrow harm and cause chaos.
Perhaps I am far off here, what are your thoughts?
Oh yeah, here
is the white hat instructions I promised you!
Happy Holidays!
TedTalk - Hackers: The Internet's Immune System
Do we really
know what happens behind the scenes of the cyber world? If we don't slow down, open our eyes, and take a closer look at things around us, we could be influenced in many different directions and led to believe almost anything. I am not saying to question or doubt everything, but I am saying that you must NOT be spoon-fed beliefs or
perspectives.
So go ahead .
. . ask the right questions and educate your self.
TedTalks is a great place to get another
perspective on controversial topics, one eye opening talk I
recently watched was Karen Elzari’s “Hackers: The Internet’s Immune System.” .
Are some
hackers justified in their actions?
Her
TedTalk, takes on the controversial
topic of the “robin hood hackers” and sheds some light on our rapid growing
technology and the role that hackers must play.
Karen Elzari
is a cyber-security expert. Her love for science fiction and her overwhelming
curiosity fueled her exploration of the underground world of the hacktivists.
She is currently an industry analysis with GIGAOM Reseach. She is also a sought after speaker at
conferences such as TedTalk, DEFCON, WIRED, and more.
Elzari does
not call them hackers but rather “Security Researchers.” She believes that the
hacker must decide what they are going to do with this powerful information.
With technology becoming our future, the credit for exposing gaps and
weaknesses in the security is accredited to hackers and hacktivists groups.
Because they have unearthed these problems, Elzari states that it “has an
evolving effect to our technology. . . and if we fight hackers, we are stifling
innovation.”
Maybe, just
maybe, hackers are not ALL as malicious as the general public has been led to
believe. “Security Researchers have impacted civil liberties, innovation, and
internet freedom,” states Elzari.
What are you
doing to protect civil liberties, innovation, and Internet freedom?
Subscribe to:
Posts (Atom)