Mobile Security | Slow and Steady Need to Combat Mobile Malware

Remember when mobilegeddon was all the rage throughout the net?  It was interesting on the surface, but unless you were a marketing professional, you probably just took those announcements in stride.  Why focus your efforts on understanding the details of the mobile presence for Google if you barely have to interact with it?  In a way, that sort of thinking does make sense (unless, of course, you have a business that has any sort of digital presence), but the whole mobilegeddon event threw into light a major aspect of technology that has been digging its heals into every instance of our lives: mobile security and access. 

Mobile security is on the rise; with a lot of new efforts being made to try and secure data files that get accessed and stored on mobile devices from secure data centers.  For the hacking game, this means there is an increasing focus on the security of mobile devices in general.

Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Preventing Phishing Attacks | How to Protect Your Information Online

To this day, entering personal information online makes many of us feel uneasy. In fact, I sometimes find myself paying certain bills by submitting a hand-written check through the mail. In a personal attempt to prevent phishing attacks, it makes sense.  Now, some may call this old-fashioned method a waste of time. Maybe it's even being too paranoid or merely an under-utilization of technology’s modern-day user experience. What can I say, old-fashioned ways tend to have a better ability to prevent phishing attacks!

Authentication Best Practices - Brief History of Security

We talk a lot about the digital age of warfare here at HackerAttacker.  It’s kind of the most popular aspect of the digital age today.  Just take a look at history; war is always resting at or about the pinnacle of the public forum.  Why mess with a classic? When it comes to security and authentication best practices, however, there are more avenues to peruse than simply the digital side of warfare.  In that element, we are going to take a look at some older forms of deception and how they play a role in the social relationships inherent in digital security and authentication.

Phishing News: Windows Live Digital Certificate Risk

Looking to spend a little bit of that tax return on some sweet online deals? The latest news from Microsoft should make you do a double take before entering your credit card data. There is anew report of a windows live digital certificate risk making the rounds. They are reporting that an unauthorized SSL certificate was issued for “live.fi” that could have been used to leverage man-in-the-middle attacks or even spoof official Microsoft announcements.

Cyber Attack Defense: Are you a potential target?

The simple answer is yes. It seems that everyone is a potential target these days. Recently, even a major health insurance provider announced that they had been breached. Clearly, they lacked appropriate cyber attack protection. I would know, I am one of the 78.8 million people who got the letters in the mail. What were they saying? That they are doing everything they possibly can to ensure that my information is being protected. Great, now I get to join the countless people who suffer a successful cyber attack!

You may ask yourself: why me?

The Future of Warfare

“… The next Pearl Harbor that we confront could very well be a cyber-attack”

-Leon Panetta, Former CIA Director

This statement could not be truer, look at everything in this world, it is all going online. Movies, schooling, shopping, books, and more are all now online. It is almost like we never need to leave the house, heck you can even work from home if you land the right job. So why wouldn’t everything turn cyber?

Your Phone: Potentially Your Greatest Enemy

Cell phones . . . They have become one of the greatest tools that we use daily. Even if you are against the whole smart phone thing, chances are you have a phone that receives phone calls at the very least. Cell phones have become a way of life, and with the increase in the use of smart phones comes the increase in possible attacks on your personal data.

Did you know Sony Pictures was Hacked?

Unless you have been living under a rock for the past month, you know that Sony Pictures was hacked, not just a little . . . They were hacked a lot! Now as a movie goer, blogger, and hacking nut, I was not surprised that Sony got hacked. Companies get hacked all the time; heck, the US Government gets hacked a lot too. But the Sony hacking was much more than meets the eye.

What Came First . . . The Computer or the Hacker?

The chicken and egg version of this question has been asked and discussed for years, and I am not about to crack that question open and get egg on my face. But I do want to take a look at the computer and the black hat hacker (aka security cracker), and take you back in time to the first computer. So get ready to blast into the past to uncover some fascinating facts about the first computers.

Hackers: Experts in Their Field

When you think of someone being an expert in their field, commonly you think of someone with a Dr. in front of their name. However, with a hacker it is a little different, there is no real way to add the abbreviation to the beginning or end of their name. Plus, having the term “professional hacker” attached to your name may be cool to some, but like being a “professional hit man” it may not land you that corner office with a view of the bay.

However, a professional hacker is a highly skilled individual that knows their way in and out of a software, network, or database. These men and women have a skill set that allows them find holes in a system, but that is where the road can fork between a white hat and a black hat hacker. How will they use their skills and the information they have gathered?

How to Hack the Government!

What do you think of when you think of the government? Do you think of greed, corruption, and wasteful spending, or do you think of pride, liberty, and equality? Chances are if you think of the latter you may feel that hacking into the government would be fun and prove a point that they are not as powerful as they make themselves out to be. These feelings of distrust can be seen in the eyes of many hackers that make it a point to take down .gov websites.

Jeremy Hammond felt that way and wanted to take down those sites and all that were connected to the government.

Why Did the Hacker Cross the Road?

The age old question of “why did the chicken cross the road?” This random question has been asked time and time again by many people. This question really has less to do with chickens, it’s more of a question of why do hackers do what they do?

It depends on which type of hacker you look at really.

My Pain, Their Pleasure

Hack, after hack, after hack, after hack . . .

They seem to never end, and just when you think that the news has covered them all . . .BAM! Another organization is breached.

Many of us sit back and think “Oh, those BIG companies. They are the main target, the big game, and no security cracker would go for the little guy.” The truth is that many are susceptible to a breach, not just the big players. From websites to blogs, security crackers are willing to take down any website or blog. This concerns us at first but then we fall back into our daily routines and forget that there is more at stake here than an annoying virus. You could be a victim at this very moment . . .

Really? They are after my stuff?

They sure are. According to Nicole Perlroth, author of The New York Times blog, bits.com, the Verizon “report shows that no matter the size of the organization — large, small, government agencies, banks, restaurants, retailers — people are stealing data from a range of different organizations and it’s a problem everyone has to deal with.” This is a very serious truth that must be realized and dealt with.

Before you start thinking that these breaches only happen from the inside, let’s take a closer look. Perlroth states that the “14 percent of all data breaches were the work of insiders. Most were the work  of external actors who are often difficult to pinpoint because attackers often route their Web traffic through infected computers around the world,” and “30 percent of all attacks originated in China.”

But wait . . . let’s not stop here!

Lest you think all are password guessed or email based attacks, stopthehacker.com’s blog expounds the Ten Scariest Hacking Statistics:

• PlayStation Network: 77 million user accounts compromised
• Intellectual Property Stolen: $1 trillion dollars worth of intellectual property stolen
• Passwords: It takes only 10 minutes to crack a lowercase password that is 6 characters long
• Victims: 73 percent of Americans are victim to some type of cyber crime
• Time is Not on Your Side: 156 day lapse between the attack and detection
• Business is Booming: 90 per of all businesses were attacked
• Zombies Everywhere: bot net of 1.9 million zombie computers
• Infected Sites: every day 30,000 websites are infected with malware
• Vulnerable Sites: the average site has over 115 serious vulnerabilities
• Who are You: 27 million Americans have fallen victim to identity theft

Can I remind you that identity theft is a serious issue? The United States Department of Justice states, “A victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.” There are other great resources on this site like What Should I Do to Avoid Becoming a Victim of Identity Theft? With identity theft there is no messing around. This is your identity, it is who you are, a record of your character. Don’t let someone without an identity take that away from you . . . ever!

I am not here to scare you into taking your blog or website off of the Internet, but rather, make you aware of the very real dangers that are out there waiting to make you one of the countless victims. Don’t let the security crackers and black hackers of the world take pleasure in your pain.

Do something about it!

Note: this is not an attack against those that are helping advance technology for the greater good.

http://bits.blogs.nytimes.com/2013/04/22/the-year-in-hacking-by-the-numbers/?_r=0

https://www.stopthehacker.com/2012/04/20/ten-scariest-hacking-statistics/

http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked-a-day-how-do-you-host-yours/

What Do Hackers Do With Our Data?

In the past couple of years, there have been more and more hacker attacks, leading us as consumers to feel a little uneasy. As a society, we almost seem desensitized to the news on TV at this point, and the only time we take real notice is when the brand that has been hacked is one that we frequent. Even then our brain signals us to be concerned for a little while, but as a group, we continue to shop ‘til we drop. From time-to-time we wonder, where does our information go once it is stolen?

They sell it.

End of story, but really, that is what they do with it. Everything has a price tag on it these days and like a knockoff Rolex, you can buy it on the black market. There are international trading sites that are the marketplace of choice for those both shopping for and selling the stolen data.

In early 2014, RAND Corporation’s National Security and Research Division reported that the trade of names and information has become more profitable than illegal drug trading.  

Like trading baseball cards, in these black market trading grounds some information is more valuable than others. For instance, medical records are worth far more money than credit card information. Why you may ask?

Unlike a credit card number that can easily be canceled at any point in time, medical records are solid and cannot be changed. Gaining someone’s personal health information exposes things like date of birth, full name, social security number, address, and even more information that can allow someone to create a fake you. This allows the person to apply for credit cards, loans, heck even government issued ID’s. Now that is scary.

According to Don Jackson, Director of Threat Intelligence at PhishLabs, medical records can trade at more than 10 times the dollar amount of a credit card or user name and password credentials. 

The social network effect

In 2012, Russian Hackers stole 6 million passwords from LinkedIn and eHarmony, this may not seem very serious since there is not a lot of pertinent information that could be had from these websites. Both are social networks, one with your work history and the other with descriptions that may sound more like the classic Rupert Holmes song about Pina Coladas, but that is not the data they are after. Breaking in and obtaining these passwords has more to do with gaining the user names and passwords than anything else. The hackers have hopes that you are like the typical computer user and use those credentials on other sites allowing them to access your accounts freely and sell them on the black market.

Personal insight

While researching to write this blog article it made me think about my account information and passwords, it inspired me to go in and change almost all of my passwords to unique account passwords. I suggest you do the same to protect yourself from identity theft. This can be a very effective way to protect yourself, and on accounts that offer a two-step or two-factor authentication option it is definitely a best practice to enable this feature. By adding two-factor authentication to your account you can ensure that you are doing everything you can to protect yourself online.

How many passwords do you use?

Book Review - Hacking: The Art of Exploitation

The general public today would not think of hacking (that is the black hat hacking or better called security crackers) as an art form. I would submit that it is an ingenious art form, an art form that requires expertise, crafting, and practice. Like painters or musicians, you have those that dabble in the art form, not ever really perfecting it. Then you have those that push the boundaries, opening up a whole new appreciation or even genre. In my research of hackers and crackers, I came across Jon Erickson’s book, Hacking: The Art of Exploitation and found a master of  in the art of exploitation.

Author

With a formal education in computer science, Jon Erickson has been programming and hacking since he was 5 and speaks around the world on computer security regularly. He wrote the book Hacking: The Art of Exploitation in 2003, and it was revised in 2008 in a second edition. Erickson is currently working in Northern California as a computer security specialist and vulnerability researcher.

The book

This book received 4 stars on Amazon and 4.1 stars on gooreads.com.

Both easy to read and clear on explaining how computer hacking works, Hacking: The Art of Exploitation at the very least will give you a great respect for those that understand the inner workings of technology. The 2^nd edition opens up with a clear statement against illegal hacking. Erickson stresses following the law, and he does not condone hacking that is used in the end for wrong reasons.

The book encourages you to be creative, think outside the box, and use the knowledge of hacking to protect your own personal computer against network attacks. This is not a book on how to run existing exploits, but rather, gives you an understanding on how these exploits work. The book is intended to give you the foundation needed to really push the envelope and advance technology by finding the weaknesses within the technology and encouraging you to be creative. The book will give you an understanding of network communications, machine architecture, programming, and hacking techniques.

A closer look

• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

List taken from amazon.com

http://books.google.com/books/about/Hacking.html?id=0FW3DMNhl1EC

http://www.goodreads.com/book/show/61619.Hacking

http://en.wikipedia.org/wiki/Hacking:_The_Art_of_Exploitation

The Hackers Cookbook

The title suggests that this posting may have some delicious recipes that hackers might enjoy, but I am thinking more like the classic book The Anarchist Cookbook, by Steven Schragis. However, I will provide you with a link with directions on how to be a white hat hacker!

A little history lesson: The Anarchist Cookbook

“The Anarchist Cookbook, first published in 1971, is a book that contains instructions for the manufacture of explosives, rudimentary telecommunications phreaking devices, and other items. The book also includes instructions for home manufacturing of illicit drugs, including LSD. It was written by William Powell at the apex of the counterculture era in order to protest against United States involvement in the Vietnam War.” -Wikipedia

For those of you who were not around when this book was published, this book caused a lot of controversy when it was published and of course grabbed the attention of the Feds at the FBI. One FBI memo called the book “one of the crudest, low-brow, paranoiac writing efforts ever attempted.”

The lack of a Hackers Cookbook

When considering that The Anarchist Cookbook was written as a proverbial middle finger to the government and an exercise in freedom of speech, how has there not been a similar book written about hacking? Hackers are known to rage against the machine and expose the corruption in either a corporation or government, wait didn’t Ralph Nader do a similar type of thing? More on Ralph ahead.

What I see the hackers cook book containing is not just tips on how to crack into a network or take down a website, but how to successfully protest and plan a movement that can make a statement. Because at the end of the day, isn’t that what hacking is all about? Beyond those who hack for either personal gain or to support an organization, we forget that even these brilliant computer geniuses serve a purpose. They can keep the checks and balances of society online.

The Ralph Nader Effect

Ralph Nader, beyond having a few unsuccessful Presidential runs over the years, started life as a protector of the people. Not in the sense of a member of a police department or military movement, he was interested in exposing safety problems that affect the average Joe. In 1965, he claimed that many US made automobiles were simply not safe and even published a book Unsafe at Any Speed. The internet was not around back then, but I am willing to bet he would have taken his research online if he had the opportunity. Specifically, Nader took aim at the Chevrolet Corvair, a rear engine compact car that had been involved in many accidents that resulted in lawsuits against Chevy’s parent company General Motors.

In typical corporate fashion, GM took to the streets and tried to discredit the claims and even went as far as to hire prostitutes to try and trap him into compromising positions, look it up on Wikipedia, it is interesting stuff. Nonetheless they could not stop him, and his efforts made the government take notice and instate a new division of government: the National Highway Traffic Safety Administration.

Making the Connection

Nader was an activist, plain and simple. Many did not agree with his stance at the time, but like Schragis, he took his view of corruption and put his ideas out there, publishing them to make a difference. Even though The Anarchist Cookbook took a totally different angle of protest, are these two authors any different than White Hat and Black Hat hackers?

Nader being a White Hat hacker in the sense that he took his opinions of corruptions and wanted to put them to work in a positive light by publishing a book that spawned the development of a consumer safety organization, Schragis being a Black Hat of sorts by compiling a book of instructions to overthrow harm and cause chaos.

Perhaps I am far off here, what are your thoughts?

Oh yeah, here is the white hat instructions I promised you!  

Happy Holidays!  

TedTalk - Hackers: The Internet's Immune System

Do we really know what happens behind the scenes of the cyber world? If we don't slow down, open our eyes, and take a closer look at things around us, we could be influenced in many different directions and led to believe almost anything. I am not saying to question or doubt everything, but I am saying that you must NOT be spoon-fed beliefs or perspectives.

So go ahead . . . ask the right questions and educate your self.

TedTalks is a great place to get another perspective on controversial topics, one eye opening  talk  I recently watched was Karen Elzari’s “Hackers: The Internet’s Immune System.” .

Are some hackers justified in their actions?

Her TedTalk,  takes on the controversial topic of the “robin hood hackers” and sheds some light on our rapid growing technology and the role that hackers must play.

Karen Elzari is a cyber-security expert. Her love for science fiction and her overwhelming curiosity fueled her exploration of the underground world of the hacktivists. She is currently an industry analysis with GIGAOM Reseach. She is also a sought after speaker at conferences such as TedTalk, DEFCON, WIRED, and more.

Elzari does not call them hackers but rather “Security Researchers.” She believes that the hacker must decide what they are going to do with this powerful information. With technology becoming our future, the credit for exposing gaps and weaknesses in the security is accredited to hackers and hacktivists groups. Because they have unearthed these problems, Elzari states that it “has an evolving effect to our technology. . . and if we fight hackers, we are stifling innovation.”

Maybe, just maybe, hackers are not ALL as malicious as the general public has been led to believe. “Security Researchers have impacted civil liberties, innovation, and internet freedom,” states Elzari.

What are you doing to protect civil liberties, innovation, and Internet freedom?

http://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_system?language=en#t-49461