Hacking

Hacking

 The word hacking or hacker has significantly changed its meaning from past to now. For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. Traditional hackers—the good kind—prefer to use the term "cracker" to refer to these individuals. 

Hacking can be of any types or any ways of act. Some of the most common types of hacking include:

• Breaking into computer networks;
• Bypassing passwords or copy protection in computer software;
• Defacing and/or damaging Internet web sites;
• Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);
• Stealing valuable information such as passwords and credit card data.

Experts have identified six steps that are generally followed in the hacking process. These include

 (1) footprinting (reconnaissance);

 (2) scanning;

 (3) enumeration;  

 (4) penetration;

 (5) advance; and

 (6) covering tracks.

Footprinting.

The first technique often used by hackers is called footprinting or homework on the target. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—this is Prakysh and I forgot my password. Can you remind me what it is?"

Scanning.

Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.

Enumeration.

The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.

Penetration.

During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system.

Advance.

In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or Trojan horse programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.

Covering Tracks.

In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—a series of programs that replace the existing system software to both cover his tracks and gather new information.

Hope you enjoy the ways of hacking and be able to trace the hackers so go on buddies enjoy the technology.

Viruses

Viruses

Computer virus is that type of program which acts as an parasite to the computer system. They come unwantedly in the system and damage the system.

A virus is a computer program that is designed to replicate itself from file to file (or disk to disk) on a single computer. Viruses spread quickly to many files within a computer, but they do not spread between computers unless people exchange infected files over a network or share an infected floppy diskette.

Currently, there are three categories of malicious software threats: viruses, worms, and Trojan horses. All of these threats are built from the same basic instructions and computer logic that make up application programs on one's computer such as word processors, games, or spreadsheets. Like traditional application programs, malicious software is written by people and must be intentionally designed and programmed to self-replicate or cause damage.While almost all Trojan horses attempt to cause harm to the computer system, more than 70 percent of all computer viruses and worms are designed only to self-replicate. Those viruses, worms, and Trojan horses that do inflict intentional damage to computer systems are said to deliver a "payload." Common payloads include formatting a hard drive, deleting files, or gathering and sending passwords to an attacker. These threats typically have trigger criteria. They wait until the criteria are met before delivering the payload (for example, waiting until July 28 to reformat the hard drive).

The typical malicious software author is male between fourteen and twenty-five years of age (only a few female virus writers are known). These demographics are expected to change as organized crime, terrorist groups, and rogue organizations begin to target the Internet. In addition, many governments around the world are researching how to use malicious software for both offensive and defensive information warfare.

Virus Types:

Viruses are classified by the type of file or disk that the virus infects:

• Boot viruses attach themselves to floppy diskettes and hard drives. When a user boots from an infected floppy diskette or hard drive, the virus is activated and the computer becomes infected. The virus spreads to other floppy diskettes as they are used on the system.
• Application viruses spread from one application to another on the computer. Each time an infected application program is run, the virus takes control and spreads to other applications.
• Macro viruses spread through documents, spreadsheets, and other data files that contain computer macros. A macro is a small, self-contained program that is embedded directly within a document or spreadsheet file. Typically, macros are used to automate simple computer tasks such as summing a set of numbers in a spreadsheet. Modern macros are powerful enough to copy themselves between documents or spreadsheets.
• Script viruses infect other script files on the computer. Script viruses, which are written in high-level script languages such as Perl or Visual Basic, gain control when a user runs an infected script file.

A typical computer virus works as follows:

First, the user runs infected program A. Program A immediately executes its viral logic. The virus locates a new program, B, that it thinks it can infect. The virus checks to see if the program is already infected. If program B is already infected, the virus goes back to locate another program to infect. If it is not already infected, the virus appends a copy of its logic to the end of program B and changes program B such that it, too, will run the malicious logic. The virus then runs program A so the user does not suspect any malicious activities.

Viruses can be written in numerous computer programming languages including assembly language, scripting languages (such as Visual Basic or Perl), C, C, Java, and macro programming languages (such as Microsoft's VBA).

How Antivirus Works

Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.

How Antivirus Works

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk. 

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.

Issues of concern

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released everyday, it is most essential to update the antivirus software so as to keep the virus definitions up-to-date. Most softwares will have an auto-update feature so that the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user education is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.

INTERNET

 INTERNET

                    The internet can de defined as the network that helps us to connect us or the local server with the rest of the world. the Internet had become a popular form of telecommunication for personal computer users. The dramatic growth in the number of persons using the network heralded the most important change in telecommunications since the introduction of television in the late 1940s. The Internet, popularly called the Net, was created in 1969 for the defense department. Funding from the Advanced Research Projects Agency allowed researchers to experiment with methods for computers to communicate with each other. In the early 1970s, other countries began to join ARPANET, and within a decade it was widely accessible to researchers, administrators, and students throughout the world. The National Science Foundation (NSF) assumed responsibility for linking these users of ARPANET, which was dismantled in 1990.

The Internet grew at a fast pace in the 1990s as the general population discovered the power of the new medium. A significant portion of the Net's content is written text, in the form of both electronic mail (e-mail) and articles posted in an electronic discussion forum known as the Usenet news groups. In the mid-1990s the appearance of the World Wide Web made the Internet even more popular. The World Wide Web is a multimedia interface that allows for the transmission of text, pictures, audio, and video together, known as web pages, which commonly resemble pages in a magazine. Together, these various elements have made the Internet a medium for communication and for the retrieval of information on virtually any topic.

The sudden growth of the Internet caught the legal system unprepared. Before 1996, Congress had passed little legislation on this form of telecommunication. In 1986, Congress passed the Electronic Communications Privacy Act (ECPA) (18 U.S.C.A. § 2701 et seq. [1996]), which made it illegal to read private e-mail. The ECPA extended most of the protection already granted to conventional mail to electronic mail. Just as the post office may not read private letters, neither may the providers of private bulletin boards, on-line services, or Internet access. However, law enforcement agencies can subpoena e-mail in a criminal investigation. The ECPA also permits employers to read their workers' e-mail. This provision was intended to protect companies against industrial spying, but it has generated lawsuits from employees who objected to the invasion of their privacy. Federal courts, however, have allowed employers to secretly monitor an employee's e-mail on a company-owned computer system, concluding that employees have no reasonable expectation of privacy when they use company e-mail.