Hacking(discussion)

[majidemo]

---

Yes mr.Sand Man, This is true. Well atleast the part you quoted is, I haven't read through the full article yet. And yes, for a long time real hackers has been doing everything to defend this.
But Crackers a.k.a BlackHat Hackers is ruining this image of Hackers.

=====================================

I have recently found a vulnerability on the database of a telecommunication company.
I don't know if they consider these information as important or confidential but it contains usernames,passwords,phone numbers and other personal information of all 68,000+ and growing number of postpaid users.

What do you think should I do with it?
I was planning to contact them, But they might just laugh at me.

~majidemo

[majidemo]

Types of Hacking Attacks(BlackHat)

As the cost of hacking attacks continues to rise, businesses have been forced to increase spending on network security.
However, hackers have also developed new skills that allow them to break into more complex systems.

Hacking typically involves compromising the security of networks, breaking the security of application software, or creating malicious programs such as viruses.

The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs.
DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers.

When eBay was attacked in February 2000, its Web server was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash.

Network hackers
also try to break into secure areas to find sensitive data. Once a network is hacked, files can be modified, stolen, or erased.
A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games.

Application hackers
break security on application software—software including word processing and graphics programs—in order to get it for free.
One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found.
Application hackers also sometimes attack the program itself in an attempt to remove certain security features.

Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities.

A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself.
It can also cause a computer to crash by utilizing all of the computer's resources.

For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion.
Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date.
Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems.

The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to Worm.com Hacked by Chinese!"

Finally, a Trojan horse is a program that appears to do one thing, but really does something else.
While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.

Source: Hacking - Different Types Of Hacking Activity - Network, Security, Hackers, Computer, Attack, and Worm

[annann]

sites are of course dali ihack labaw na sa mga kabawo sa work around.
ang ihack ninyu kadtung mga email addresses or paypal accounts.

[Sand Man]

I have recently found a vulnerability on the database of a telecommunication company.

I don't know if they consider these information as important or confidential but it contains usernames,passwords,phone numbers and other personal information of all 68,000+ and growing number of postpaid users.

What do you think should I do with it?

I was planning to contact them, But they might just laugh at me.

~majidemo

Well if the users signed a piece of paper saying that the company assures the users that their information will not shared to the public, then I think laughing is out of the question .

I think mangluspad sila when you tell them that.

[majidemo]

sites are of course dali ihack labaw na sa mga kabawo sa work around.
ang ihack ninyu kadtung mga email addresses or paypal accounts.

Email address on big IT companies that host email services like Gmail, Yahoo... are almost impossible to hack(steal information from the database).
Because the people protecting the data(programmers) are also hackers.
They keep testing and hacking their own systems to protect it.

Therefore, to get this kinds of information you can either do 2 things:

ONE is to hack a low security site and get user data, + hope that the user data registered in the database like the password would be the same as their email add. password(In most cases it is, because people tend to use same passwords on every site they register to - w/c is really a bad habit).

TWO is to key log or R.A.T the victim.

Hacking as a "Script Kiddie" is easy, But Hacking as a "Real Hacker" is hard - but FUN.

~majidemo

[annann]

Email address on big IT companies that host email services like Gmail, Yahoo... are almost impossible to hack(steal information from the database).
Because the people protecting the data(programmers) are also hackers.
They keep testing and hacking their own systems to protect it.

Therefore, to get this kinds of information you can either do 2 things:

ONE is to hack a low security site and get user data, + hope that the user data registered in the database like the password would be the same as their email add. password(In most cases it is, because people tend to use same passwords on every site they register to - w/c is really a bad habit).

TWO is to key log or R.A.T the victim.

Hacking as a "Script Kiddie" is easy, But Hacking as a "Real Hacker" is hard - but FUN.

~majidemo

mao ngani.
so kanang mangdeface ug sites nagpabilib ra na. pero di mi mobilib lol kung makaencounter ka ug hacker nga pareha nimo kataw-an ra ka nga basin hangtud ron magphishing gihapon

[majidemo]

Well if the users signed a piece of paper saying that the company assures the users that their information will not shared to the public, then I think laughing is out of the question .

I think mangluspad sila when you tell them that.

I guess so, Pero naka huna2 lang jud ko nga basin ig ingon nako. Mu ingon sila - "ay? sus! mao rana? HAHA! Abi namo'g FREE LOAD na!" NYAHAHA!..

Bitaw, I don't know where to address this issue?
Should I go to their office, Call customer service...etc...?

[majidemo]

mao ngani.
so kanang mangdeface ug sites nagpabilib ra na. pero di mi mobilib lol kung makaencounter ka ug hacker nga pareha nimo kataw-an ra ka nga basin hangtud ron magphishing gihapon

Mao jud, kanang tig deface. Mga bata na, nga feeler
HAHA! ~mura sad ko'g wa ni agi ana..

[Sand Man]

I guess so, Pero naka huna2 lang jud ko nga basin ig ingon nako. Mu ingon sila - "ay? sus! mao rana? HAHA! Abi namo'g FREE LOAD na!" NYAHAHA!..

Bitaw, I don't know where to address this issue?
Should I go to their office, Call customer service...etc...?

If you see an email ad you could write them. Or call their CS.

Either way, they might hire you to fix it!

[majidemo]

If you see an email ad you could write them. Or call their CS.

Either way, they might hire you to fix it!

Yea, I'll try if I have the time. HAHA!
Neeh, I doubt they will hire me. Easily fixed man nga vulnerability, murag wala lang nila ma sanitize tarong ang code.
Murag wala sila nag expect nga naa mo exploit ato. Their IT staff can fix it.