Hacking, and all the like. Discussion.

[daveyjones]

Hacking is really controversial, for the most part it's wrong, but that's not to say there aren't White-Hat Hackers out there. What's your take? Do you participate? Please discuss.

[T.Vengeance]

*for the most part, it's used wrongly. Hacking is probably just as comparable to any profession. Some chief bridge engineer could easily become a terrorist by signing off an unstable structure intentionally. A natural gas technician could make a buildup off gas and implement a spark. The reason why I think there is more illegal hacking is because of the anonymity of the internet. 

[Lyons]

I seriously don't understand how hacking works. Is it just writing a system on the fly that attacks a database or server which you're constantly chopping and changing until you get in or give up?

[Hazy125]

There's too many people that try hacking to get access to people's Facebook accounts or so much. The outcome is the download a hacking program that has a virus allowing them to get hacked or they download a program that does much more than just get access to a facebook account and get into serious trouble and can result in jail time. Hacking is controversial for a reason, I can do a quick google search and find a LOIC program and within about 3 minutes can cause a breakdown of a broad majority of networks just by keying in an ip address. As for whether I participate in hacking, I do... For things like I wanted a particular car in a need for speed game so I'd hack in some money or replace an instance of a particular car with another. I have many hacking tools on my computers included a dedicated Kali computer(hacking OS) but I've never really been a black hat hacker. More of a grey and conversely not much of a white hat hacker but I have done white hat before

[ShadyHost]

The term hacking is misused. People say all the time "oh my account got hacked" when really they were stupid and gave out their password.

 

My personal definition of "hacking" is when someone is actually breaking into a system, be it a server or even an account, and using backdoors/technical trickery to get around the security measures that were put in place by the person/people who created the system. 

 

Let's practice. 

 

Giving out your personal information and having your account stolen is not considered being "hacked"

 

People breaking into the servers of a bank and exposing tons of valuable/delicate information IS hacking. 

 

 

 

That's just my small rant. 

[Hazy125]

The term hacking is misused. People say all the time "oh my account got hacked" when really they were stupid and gave out their password.

 

My personal definition of "hacking" is when someone is actually breaking into a system, be it a server or even an account, and using backdoors/technical trickery to get around the security measures that were put in place by the person/people who created the system. 

 

Let's practice. 

 

Giving out your personal information and having your account stolen is not considered being "hacked"

 

People breaking into the servers of a bank and exposing tons of valuable/delicate information IS hacking. 

 

 

 

That's just my small rant. 

Hacking is making a piece of software do something it's not meant to do. Like changing money values in games, the engine isn't supposed to do that. Cracking is when someone breaks into servers and "cracks" security systems

[tom564]

Without hackers a lot of technology would not exist today, "hackers" are the people who tinker with technology and things to make them do something that they were not designed for. I hate that society blankets hacking as a negative profession to be involved in as they contribute a large amount .  "crackers" is a better term to define those who try to crack into a computer system/ crack cryptography and these people may have good intentions or bad IMO the main threat is from organised crime gangs that are involved in more serious crimes and i do not agree with individuals that "hacked" into a network to make a point should be severally punished if they did not cause damage and disclosed it responsibly .  "script kiddies" that DDOS with rented botnets and just use pre-made tools to attack a site  should not really be classed as hackers to me as it takes very little knowledge to press a button and take a site offline.  

 

I have a large amount of respect for white/grey hat hackers and i am interested in this field, it just disappointing when individuals get harsher sentences than killers for hacking something but not causing  major damage.

 

I do sometimes play around with some hacking tools on a test network and occasionally try to raise awareness to vulns with connecting to WIFI. I do not try to hack any site that i do not have permission to however do sometimes test friends sites for common vulnerabilitys.  

[ShadyHost]

Hacking is making a piece of software do something it's not meant to do. Like changing money values in games, the engine isn't supposed to do that. Cracking is when someone breaks into servers and "cracks" security systems

exactly 

[AMICLG]

There's too many people that try hacking to get access to people's Facebook accounts or so much. The outcome is the download a hacking program that has a virus allowing them to get hacked or they download a program that does much more than just get access to a facebook account and get into serious trouble and can result in jail time. Hacking is controversial for a reason, I can do a quick google search and find a LOIC program and within about 3 minutes can cause a breakdown of a broad majority of networks just by keying in an ip address. As for whether I participate in hacking, I do... For things like I wanted a particular car in a need for speed game so I'd hack in some money or replace an instance of a particular car with another. I have many hacking tools on my computers included a dedicated Kali computer(hacking OS) but I've never really been a black hat hacker. More of a grey and conversely not much of a white hat hacker but I have done white hat before

Game "hacking" is just being a script-kitty and/or cracking not actually hacking.

[Hazy125]

Game hacking is just being a script-kitty and/or cracking not hacking.

The most I actually hack is hotel wifi things and home networks so I can have Internet access everywhere. I just used that as an example because it's more "friendly"

[AMICLG]

The most I actually hack is hotel wifi things and home networks so I can have Internet access everywhere. I just used that as an example because it's more "friendly"

Well I wouldn't really call cracking wifi passwords as hacking but I catch your drift.

[tom564]

Well I wouldn't really call cracking wifi passwords as hacking but I catch your drift.

If they use WEP or WPS that means that its public WIFI :)

[Hazy125]

Most use WPA2-SPK these days

[Flynn]

heres some help

 

Cracking:  someone finds out your password or information using the next term

 

Social Engineering:  Using non-technical or low technology methods of to attack information systems.

 

Data Mining:  Analyzing information that already exists, best way for pursuing attack avenue or illegitimate business transaction.

 

Penetration:  Gaining access to logical sensitive data by circumventing a system's protective layers.

 

Hardening:  Process of identifying and fixing vulnerabilities (soft and hard) of a system (VERY important in White Hat Hacking, aka pen testing).

 

Hijacking:  active process where the attacker gains control of an already established connection or communication to establish a new association.

 

Phishing:  Redirection of a single legitimate request to an illegitimate source.

 

Pharming:  Utilizing redirection of multiple legitimate requests to illegitimate sources.

 

Rootkit:  collection of tools or sources used by an attacker to mask or spoof intrusions and gain access to systems or networks.

 

Worm:  Program that runs independently of the user, can propagate a complete version of itself on connected hosts or networks, consumes resources until the system fails.

 

Virus:  Self-replicating hidden softwares that cause malicious logical insertions of programs or processes in order to activate a program or connection.

 

Zombie:  A system or Computer connected to a network or internet that is compromised by a non-authoritative source (human or program) that operates without the user's permission or even knowledge.  (Hence the term zombie).

 

So what does all this mean?  Nothing, unless you have learned about it and are working for or against the terms I showed above.  If you really want to learn about legitimate hacking, aka penetration testing, look into getting your CEH (certified ethical hacker).  Many schools use this at a benchmark for abilities.  I've done pen testing and general scripting for systems from the DoD to even private companies that just want to know their healthcare database is secure.  Hacking is a very general term used by those who do not know what it means.  Hacking can be used as a term by those who know the difference between crackers, script kiddies, pen testers, and even droppers.  It's basically a catch-all of ignorance that people can use (kind of like saying Gas to describe what makes a combustion engine go vroom, even though some engines use JP5 or even liquids more comparable to oil).

 

Anyway, I just figured I would toss out some terms I learned while training.  Mainly so people can see that there are a great many out there who are educated, and versed, in the proper usage of systems and protection of those systems.  Just remember that technology soldiers are just like regular ones.  There are a doze good guys for every bad.  And even though you hear about the bad ones more than the good, that's just because the good are good enough to not gain notice.  So what you hear about is a very small percentage of the truth of what happens with "hackers".

 

Just food for thought.

[Flynn]

Game "hacking" is just being a script-kitty and/or cracking not actually hacking.

 

Script-KIDDIE not kitty.  Kitties are cute and cuddly, kiddies are annoying and obnoxious.

 

The most I actually hack is hotel wifi things and home networks so I can have Internet access everywhere. I just used that as an example because it's more "friendly"

 

You don't hack, you crack.  Please refer to my terms list.

 

exactly 

 

No...

 

Hacking is making a piece of software do something it's not meant to do.

 

Not true, hacking can make a software do exactly what it's designed to do just not for who it's designed to do it for, or even when it's designed to do it.  Software will always do what it is programmed to do, but the user isn't always privy to the capabilities of a program when it's been tampered or simply asked politely to do something else.

 

Cracking is when someone breaks into servers and "cracks" security systems

 

Not even close.  Cracking (refer to my terms list) takes place when someone uses external or subjective methods of "tricking" the user to provide sensitive information.  Without the user, crackers are useless (so many ways this can be taken, just stick to technology).  Most Crackers don't circumvent security systems, they dodge the authentication methods using information volunteered unwittingly by the user.

[AMICLG]

heres some help

 

 

You forgot about RATs.

[AMICLG]

Script-KIDDIE not kitty.  Kitties are cute and cuddly, kiddies are annoying and obnoxious.

 

 

I'm on a phone so that was all swiftkeys fault.

[Hazy125]

Script-KIDDIE not kitty.  Kitties are cute and cuddly, kiddies are annoying and obnoxious.

 

 

You don't hack, you crack.  Please refer to my terms list.

 

 

No...

 

Hacking is making a piece of software do something it's not meant to do.

 

Not true, hacking can make a software do exactly what it's designed to do just not for who it's designed to do it for, or even when it's designed to do it.  Software will always do what it is programmed to do, but the user isn't always privy to the capabilities of a program when it's been tampered or simply asked politely to do something else.

 

Cracking is when someone breaks into servers and "cracks" security systems

 

Not even close.  Cracking (refer to my terms list) takes place when someone uses external or subjective methods of "tricking" the user to provide sensitive information.  Without the user, crackers are useless (so many ways this can be taken, just stick to technology).  Most Crackers don't circumvent security systems, they dodge the authentication methods using information volunteered unwittingly by the user.

Thanks for all this, I know a lot of random stuff... Not anything legitimate. I've never trained in anything computer related really. Just things I've taught myself. Even the small amount of knowledge in this thread is overwhelming. Like fitting terms and things with previous knowledge

[Flynn]

You forgot about RATs.

 

For those who don't know what he is refering to, he's talking about a "Remote Access Trojan", it give the user a backdoor to the infected system.  It's often the launcher to create zombies.  

 

Only reason I didn't mention it specifically is that it's one of a great many hijackers, which I mentioned (arguably a virus, but by definition a virus replicates, trojans usually dont).

 

BTW:  one more term, Honey Pot.  It's what you have to deal with if you are dumb enough to try to crack the wifi network I publicly broadcast in my home....

 

FUN (just think Winnie the Poo with his hand stuck in the tree truck and bees buzzing around)

[Flynn]

Thanks for all this, I know a lot of random stuff... Not anything legitimate. I've never trained in anything computer related really. Just things I've taught myself. Even the small amount of knowledge in this thread is overwhelming. Like fitting terms and things with previous knowledge

 

I actually have a TON of CEH training materials that I would happily share with anyone who is actually willing to go after the certification.  It doesn't give you the classes, just the training materials used in the classes.  

 

Here is the basic webpage used for information on the training:  http://www.eccouncil.org/

Here is the planning map for where it fits in on a legitimate career:  http://certification.comptia.org/ExploreCareers/careerpaths/career_roadmap.aspx

 

Click on security to the right, you will see the list of certs.  It's recommended you get one of each tier before moving to the next tier.  For those who are studying for A+, stop now.  Move on to the next tier because A+ is covered in Security+ and Linux+, there is no need to get A+ unless you just want to brag about it (which your peers will laugh if you use it as a point of reference to your skill).  By all means, look through the material, but don't waste your money on the test unless you can get it for free.

[tom564]

I actually have a TON of CEH training materials that I would happily share with anyone who is actually willing to go after the certification.  It doesn't give you the classes, just the training materials used in the classes.  

 

Here is the basic webpage used for information on the training:  http://www.eccouncil.org/

Here is the planning map for where it fits in on a legitimate career:  http://certification.comptia.org/ExploreCareers/careerpaths/career_roadmap.aspx

 

Click on security to the right, you will see the list of certs.  It's recommended you get one of each tier before moving to the next tier.  For those who are studying for A+, stop now.  Move on to the next tier because A+ is covered in Security+ and Linux+, there is no need to get A+ unless you just want to brag about it (which your peers will laugh if you use it as a point of reference to your skill).  By all means, look through the material, but don't waste your money on the test unless you can get it for free.

Do you know of any good teaching resources for the Security + and the Linux +? 

[AMICLG]

Do you know of any good teaching resources for the Security + and the Linux +? 

Hackforums.net just try not to be to much of a noob over there.

 

EDIT: not really teaching but go place to learn tactics in the real world.

[xkronusx]

I personally want to be able to hack just to fix peoples computers where they can not handle it by themselves.

 

A true white hat, a hero.

 

Takes to much time and effort to learn to ethically hack though.

[Flynn]

Do you know of any good teaching resources for the Security + and the Linux +? 

 

Yes, A great place to go for Microsoft Certifications, CompTIA certs (Everything with a + at the end is CompTIA):

 

http://www.professormesser.com/

 

Messer does videos and has a live chat available (there are always experts there) for you to ask questions in.  It's leterally some of the best training I've ever seen, and it's all free and online.  Messer is an expert trainer in his fields of study, so it's a great thing for him to offer the priceless information in his head.  I'd recommend checking out http://www.professormesser.com/about/ if you would like to learn more about what he does and how he provides you with the content he does.  Using his resources has literally saved me hundreds and hundreds of dollars in training materials and time.

 

Also, look at some brain dumps for VCE's, I believe Messer might have some downloads for VCEs, otherwise you have to obtain a free copy, which is limited, or pay for a full copy.  But let's face it, we all know how to find software here :)

 

I personally want to be able to hack just to fix peoples computers where they can not handle it by themselves.

 

A true white hat, a hero.

 

Takes to much time and effort to learn to ethically hack though.

 

It takes as much time as learning to read, learning to play a musical instrument, learning to to be the perfect drifter in a car, mastering a martial art, learning to do anything really.....A Lifetime.

 

No one who wishes to perfect any craft puts in a few hours and does it, you will hone your skills in any discipline over your lifetime.  BTW, I'm thoroughly proficient in everything I listed, that's because i put a lot of time into it.  I don't have cable so I don't sit and watch TV, I spend my nights reading classic literature, I go out and socialize on the weekends so as to not be closed off to the world, I put time and effort to into making sure I'm always going to be better tomorrow than I started out today.  This includes Mind, Body, and Spiritual awareness.  It takes a lifetime to become who you are going to be (Totally a quotable line there lol), thinking anything takes too much time just closes your mind off to the world and what it has to offer you.  If you want to learn it, if you really want to be a "Hero", you will make the time to make it happen.

 

Otherwise you will always be one of those people that says at the end, "Yeah I could have done that, but I was too busy.  I just don't remember what I was too busy doing."

 

Empty.

 

BTW, feel free to message me if you have any questions.  I'll try to answer every message.  The information in my head is free (to me it's priceless lol, but if it teaches you something to better yourself, I see that as worth giving away) and I have no problem sharing it with anyone who has the heart of a student and truly want's to learn.

[bradscoolio]

I like all hackers, because they can do what I can't. Props :)