Doł±czył: 04 Lut 2007
Przeczytał: 0 tematów
|Wysłany: Nie 9:39, 04 Lut 2007 Temat postu: a new wave of technique
Hope you understand this
Glad I Found www.eduforum.fora.pl and its interesting.
Writing this due to a topic I saw here a few days ago
Yes here is a follow up article for that post - we need to understand this stuff
1. [common among security specialists] A cracker, someone bent on breaking into the system you are protecting. Oppose the less comon white hat for an ally or friendly security specialist; the term gray hat is in occasional use for people with cracker skills operating within the law, e.g. in doing security evaluations. All three terms derive from the dress code of formulaic Westerns, in which bad guys wore black hats and good guys white ones.
2. [spamfighters] ‘Black hat’, ‘white hat’, and ‘gray hat’ are also used to denote the spam-friendliness of ISPs: a black hat ISP harbors spammers and doesn't terminate them; a white hat ISP terminates upon the first LART; and gray hat ISPs terminate only reluctantly and/or slowly. This has led to the concept of a hat check: someone considering a potential business relationship with an ISP or other provider will post a query to a NANA group, asking about the provider's hat color. The term albedo has also been used to describe a provider's spam-friendliness.
black hat -[link widoczny dla zalogowanych]
A black hat (also called a cracker or Darkside hacker) is a person who uses their skills with computers and other technological items in a malicious or criminal manner.
Originally all people with a high level of skills at computing were known as hackers. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Two terminologies developed: the former became known as hackers or (within the computer security industry) as white hats, and the latter as crackers or black hats. The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly in written reports. In computer jargon the meaning of "hacker" can be much broader.
Usually a Black Hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many Black Hats promote individual freedom and accessibility over privacy and security. Black Hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A Black Hat hacker may have access to 0-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, Black Hats may work to cause damage maliciously, and/or make threats to do so as blackmail.
Black-hat hacking is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network (the somewhat similar activity of defeating copy prevention devices in software — which may or may not be legal depending on the laws of the given country — is actually software cracking). The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning. Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there is considered controversial. A definition of a group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and more common usage, refers to those who attempt to gain unauthorized access to computer systems. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the comm
on usage remains ingrained.
Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software, developed by others — often without understanding how the software itself works. Crackers who rely on the latter technique are often referred to as script kiddies. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs.
The reference to colored hats comes from Hollywood’s use of hats in old black-and-white Western movies to help an audience differentiate between the good guys (white hats) and the bad guys (black hats). The 'hat' terms do not fall under common use. Even inside the computing field they are very controversial.
A grey hat commonly refers to a hacker who releases information about any exploits or security holes they find openly to the public. They do so without concern for how the information is used in the end (whether for patching or exploiting).
* Side note- the terms White Hat, Grey Hat, and Black Hat were also take from the Spy vs. Spy comic strips in Mad Magazine.
Notable intruder and criminal hackers
Note that many of these individuals have since turned to fully legal hacking. [link widoczny dla zalogowanych]
* Jonathan James (also known as comrade) was most notably recognized for the unauthorized copying of software which controlled the International Space Station's life sustaining elements, as well as intercepting dozens of electronic messages relating to U.S. nuclear activities from the Department of Defense
* Mark Abene (also known as Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
* Dark Avenger — Bulgarian virus writer that popularized polymorphic code in 1992 as a means to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
* Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
* Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
* Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.
* Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement. Once "the most wanted man in cyberspace", Mitnick went on to be a prolific public speaker, author, and media personality. Mitnick Security Consulting, LLC is a full-service information security consulting firm.
* Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.
* Nahshon Even-Chaim (also known as Phoenix) — Leading member of Australian hacking group The Realm. Targeted US defense and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members Electron and Nom were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
* Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
* David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
* Frank Lebron flooded many large P2P networks with trojans, viruses, and worms. Arrested and charged by the FBI.
I spent 6 hours searching in the network, until find your forum! I think Its Great!
Post został pochwalony 0 razy