Hacking(discussion)

[majidemo]

---

Kinsay interested ani nga topic?
Either white-hat, black-hat or in-between.

Share2 lang ta sa atong insights.
If you think you are being hacked, post your delima here.

Rules:
No talks on credit card fraud or anything related to fraud.
Reminder: rules sa Istorya.

Payr!



RootCon5 - Philippine Hacker Conference

=====================================

I have recently found a vulnerability on the database of a telecommunication company.
I don't know if they consider these information as important or confidential but it contains usernames,passwords,phone numbers and other personal information of all 68,000+ and growing number of postpaid users.

What do you think should I do with it?
I was planning to contact them, But they might just laugh at me.

~majidemo

=====================================

[Sand Man]

Pero NO DISCUSSION on HOW TO HACK.

Where's the fun in that??

==============

Just to clarify my comment. Since you started the topic, how do you propose to avoid discussions on how to hack in a Hacking thread?

Sample (dunno if it works, though)





.

[majidemo]

I know, But wheres the fun in getting banned here? hehe, Is hacking talks against the rules?
If not, then lets talk about HOW TO's..

[Sand Man]

I know, But wheres the fun in getting banned here? hehe, Is hacking talks against the rules?
If not, then lets talk about HOW TO's..

Maybe you should've checked that out before you created the thread? What was your original intention going into this? Talk about the great hackers? The movie 'Hackers'?

Most "fun hacks" can be found on Google anyways.

Google hits

And I bet most of them don't work anymore.

Hacking Credit Cards

How to hack networks

[Sand Man]

The Confessions of A White Hat Hacker

Using downloaded hacker utilities, Jude probes his network - and goes undetected

by Jude Thaddeus

Last week, I spent most of my time installing Linux and a few white hat applications from hacker Web sites: Firewalk, Nmap, Sniffit, Swatch and Tripwire. This week, I've had a bit of a chance to play around with them.

This "white hat" nomenclature confused me when I first heard it. White hat is a fairly common term for people who hack legitimately - security staff, researchers and so on. By contrast, black hat hackers hack maliciously. Basically, white hats are the good guys; black hats are the bad guys. Gray hats are somewhere between the two, and nobody knows where Red Hat Linux fits in with all this.

I'm told the terms come from the early Western movies. Because the movies were filmed in black and white, the chase scenes tended to get a bit confusing, until someone decided to give the good guys white hats and the bad guys black hats. Anyway, back to Linux.

Frills and Thrills

Nmap impressed me. It's simple, it's powerful, and it does exactly what it says it does: It maps your network. The author, who goes only by the name Fyodor, even includes a short but well-written HTML manual in a choice of five languages. The program is freeware, so you've got to admire the amount of work that he's put into it.

Nmap runs ping sweeps to find out what machines are connected to your local network, a port scan to find out what services each machine is running and TCP/IP fingerprinting to find out what operating system each is running. The result is a log file giving you a reasonably complete list of what's on your network and what it's doing. That's useful information both for a security manager and any hacker.

We also run Internet Scanner from Atlanta-based Internet Security Systems Inc. (ISS). Internet Scanner can do exactly what Nmap can do and much more. The big difference between the tools - apart from the fact that Nmap is free and Internet Scanner most certainly isn't - is the slant each puts on this function.

The ISS tool gives a much more user-friendly graphical user interface (GUI), advertises its presence to anyone being scanned and so on. It's clearly designed to fit into a corporate environment.

Nmap, on the other hand, is designed for technical staffers who want to dispense with the frills: It's much faster, and it's designed to be run in "stealth mode" so as to avoid detection by intrusion detection software. It certainly snuck in beneath the radar of our intrusion detection software, RealSecure from ISS. That's something we'll have to sort out.

Sniffing for Hack Attacks

Next up was Sniffit, a network packet sniffer. Packet sniffers are rather intriguingly named pieces of software that monitor network traffic.

Under many networking protocols, data that you transmit gets split into small segments, or packets, and the Internet Protocol address of the destination computer is written into the header of each packet. These packets then get passed around by routers and eventually make their way to the network segment that contains the destination computer.

As each packet travels around that destination segment, the network card on each computer on the segment examines the address in the header. If the destination address on the packet is the same as the IP address of the computer, the network card grabs the packet and passes it on to its host computer.

That's how I think it works, anyway. I'm sure there are many network engineers out there who are champing at the bit to explain the many subtle but important errors I've made (feel free to drop into my forum at Computerworld's online Security Watch Community, (Security Topic Center - Computerworld), but frankly, that little model seems to work for me.

Promiscuous Network Cards

Packet sniffers work slightly differently. Instead of just picking up the packets that are addressed to them, they set their network cards to what's known as "promiscuous mode" and grab a copy of every packet that goes past. This lets the packet sniffers see all data traffic on the network segment to which they're attached - if they're fast enough to be able to process all that mass of data, that is. This network traffic often contains very interesting information for an attacker, such as user identification numbers and passwords, confidential data - anything that isn't encrypted in some way.

This data is also useful for other purposes - network engineers use packet sniffers to diagnose network faults, for example, and we in security use packet sniffers for our intrusion detection software. That last one is a real case of turning the tables on the attackers: Hackers use packet sniffers to check for confidential data; we use packet sniffers to check for hacker activity. That has a certain elegant simplicity to it.

I've known of packet sniffers for years, and I've talked about the dangers of attackers using packet sniffers in many a consulting assignment, but like many consultants, I've never actually used one before.

One of the reasons for that is simple fear - I'm not that technical at the best of times, but networking is by far my weakest subject. So I've avoided trying packet sniffers because I expected to get swamped by all sorts of networking jargon and problems that would send me running to our network support guys. I feel embarrassed enough that I can't get my head around the concept of subnet masks, so I don't want to display my greater ignorance if I can possibly avoid it.

The thing that worried me most about Sniffit was how easy it was to install. It took about three commands and three minutes to get this thing installed and running on my Linux machine. It even has a GUI (not exactly pretty, but hey - it's free).

Like Nmap, Sniffit is very easy to use and does exactly what it says it does: It sniffs your network and shows you what sort of data is getting passed around.

I'd recommend that you install a packet sniffer and have a look at what sort of data you can see on your local network. Better still, get one of your network engineers to install it for you. They probably know of better, more professional sniffers and will be able to talk you through some of the data that you see going past. It's an interesting look into exactly what's going on within your network.

Firewalk, Swatch and Tripwire stumped me. I don't yet know what I'm doing wrong, but I can't get these things installed. I may not get around to it, though, because my long-awaited laptop has finally arrived. Now, I can get back on course with all those projects that have been on hold for the past couple of weeks.

Source

[Sand Man]

White Hat and Grey Hat Hacker – What is the Real Difference?

Thanks to movies and books, our image of hackers has been distorted. What is worse, the public is not able to understand terms like grey hat, white hat, linux OS, or cracker.
However, the truth is that the subculture of the hacker world is more complex than we think. Especially if we consider that, these are very intelligent people.

So, what is ethical hacking white hat and how does it differentiate from grey hackers? The only way to find out is to submerge ourselves in the world of hackers and understand, at least, the most basic concepts.

What Is A White Hat Hacker?

According to Hollywood, a hacker can be a wiz kid who spends too much time with computers and suddenly finds himself submerged in the world of cyber-security or criminal conspirators. On the other hand, he can be a master criminal who wants to obtain huge amounts of money for him, or even worse, dominate the world.

In the movie Matrix, the concept of hackers changed a bit. Although the agents of the Matrix considered them terrorists, the truth is that they were rebels fighting for the liberty of humanity. Things do not need to reach that extreme, though. We are not at war with intelligent ma chines so that kind of scenario is a bit dramatic.

Therefore, a hacker is an individual who is capable of modifying computer hardware, or software. They made their appearance before the advent of computers, when determined individuals were fascinated with the possibility of modifying machines. For example, entering a determine code in a telephone in order to make free international calls.

When computers appeared, this people found a new realm where they could exploit their skills. Now they were not limited to the constraints of the physical world, instead, they could travel through the virtual world of computers. Before the internet, they used Bulletin Board Systems (BBS) to communicate and exchange information. However, the real explosion occurred when the Internet appeared.

Today, anyone can become a hacker. Within that denomination, there are three types of hackers. The first one is the black hacker, also known as a cracker, someone who uses his computer knowledge in criminal activ ities in order to obtain personal benefits. A typical example is a person who exploits the weaknesses of the systems of a financial institution for making some money.

On the other side is the white hat hacker. Although white hat hacking can be considered similar to a black hacker, there is an important difference. A white hacker does it with no criminal intention in mind. Companies around the world, who want to test their systems, contract white hackers. They will test how secure are their systems, and point any faults that they may found. If you want to become a hacker with a white hat, linux, a PC and an internet connection is all you need.

Grey Hat Hackers?

A grey hat hacker is someone who is in between these two concepts. He may use his skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills in
order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment they cross that boundary, they become black hackers.

For example, they may hack the computer network of a public agency, let us say, NOAA. That is a federal crime. If the authorities capture them, they will feel the long arm of justice. However, if they only get inside, and post, let us say, their handle, and get out without causing any kind of damage, then they can be considered grey hackers

If you want to know more about hackers, then you can attend one of their annual conventions. Every year, hackers from all over the US, and from different parts of the world, reunite and meet at DEF CON. These conventions are much concurred. In the last one, 6,600 people attended it.

Every year, DEF CON is celebrated at Las Vegas, Nevada. However, hackers are not the only ones who go to this event. There are also computer journalists, computer security professionals, lawyers, and employees of the federal government. The event is composed by tracks of different kind, all of them related, in some way, to the world of hackers (computer security, worms, viruses, new technologies, coding, etc). Besides the tracks, there are contests that involve hacking computers, l ock picking and even robot related events. Ethical hacking, white hat hacking or whatever names you wish to use, at the end, it has a purpose: to protect the systems of organizations, public or private, around the world. After all, hackers can now be located anywhere, and they can be counted by the millions. Soon, concepts like white hat, linux operating system or grey hat will become common knowledge. A real proof of how much has our society been influenced by technology.

source

[blizzaga4]

There should be a subject course on "Hacking" in IT or CS schools. Pfffft they always teach us how to code and code and code and code and code web systems and applications without teaching us how to encrypt and safeguard our source code.

That is why I'm joining RootCon 5.

[majidemo]

There should be a subject course on "Hacking" in IT or CS schools. Pfffft they always teach us how to code and code and code and code and code web systems and applications without teaching us how to encrypt and safeguard our source code.

That is why I'm joining RootCon 5.

Bitaw, agree jud ko. Pero its a luxury schools can't afford. HAHA!
Most IT professionals here in cebu that focuses on security are either working for big companies or going freelance. Wala jud nag professor.

And thats why I'm also going to rootcon5, See you there.

======
Sand Man, thanks sa post.

For example, they may hack the computer network of a public agency, let us say, NOAA. That is a federal crime. If the authorities capture them, they will feel the long arm of justice. However, if they only get inside, and post, let us say, their handle, and get out without causing any kind of damage, then they can be considered grey hackers

Anyways, Maybe this is before. But now intruding and leaving a handle(defacing) is a crime.

[Sand Man]

Whooah ... sounds like a pretty big event!

RootCon 5.

Gear up everyone.



ROOTCON 5 will be hot, ROOTCON 5 will be happening on September 9-10, 2011 at Cebu Parklane International Hotel, Cebu City, the event will run 2 days with wide variety of tracks, there will be vendor showroom, job fair, hacking contest and many more.

Who and Why You Should Attend? -- Because its the real and coolest hacker conference in the country, get to meet ninjas at their bests.

Sponsorship - ROOTCON is a perfect time for your organization to showcase your products, services and capitalize on this convergence of influential buyers, organization and IT Professionals. Through strategically mapped and uniquely coordinated opportunities, ROOTCON sponsorship packages are designed to ensure vendors and sponsors have full access and maximized exposure to event attendees without sacrificing the "vendor-neutral" policy of the organization. These tactically crafted sponsorship packages underscore and highly value your image and reputation as a leader in the Information Security and ICT industry.

Top 10 Reasons to Attend

Don't pay to attend a conference only to listen to vendors giving product sales pitches from the podium. We are rewriting the rules on conferences.

Gone are the days when you spent a lot of money only to return with bits and pieces of information. Other industry conferences merely identify security issues you face. We tackle those issues with specific how-to-advice to conquer your toughest questions and challenges in your organizations.

1. Complimentary Admission
- For sponsors and partners

2. No sales pitches disguised as content!

3. Vendor-neutral expertise
- Solutions from top vendors are featured during the exhibit hours

4. Guarantees you attend with a senior-level audience of your peers for network opportunities

5. Learn about technologies and products to build and enhance your security policies

6. Different Topics, Trainings and Seminars focused to manage risk in all phases

7. Solutions, techniques and critical tips from industry's leading experts and top security strategists

8. Identify new markets, agents and distributors

9. Keep up with the latest technology

10. Promote your organization within the industry



WHO WILL ATTEND

* Security Administrators
* CIOs and IS Management
* Security Analysts, Network Administrators
* Security Managers, Security Engineers
* Security Monitoring Engineers / Analysts
* System Technicians
* IT Auditors
* Security Officers
* System Programmers
* Network Analysts
* Chief Technology Officers
* IT Security Manager/Director
* CEO/COO/President
* Owner/Principal/Partner
* Consultant
* System Architects and Developer
* System Administrators and Analysts
* Cyber Crime Investigators
* IT Professionals
* Students, Faculties and School Directors / Administrators
* Military, Police and Government Officials


source

[majidemo]

I posted a topic about rootcon5 here bro,
https://www.istorya.net/forums/career...-job-fair.html

Mayta, I'll see you there sad.