When I read about
hackers and cyber criminals I often think of the old TV show Get Smart. After
vanquishing a villain, Agent Maxwell Smart would often recite a lament that
typically went "If only he had used his genius for good and niceness
instead of evil."
If only!
One thing that I find
scary about hackers is that are very willing to share knowledge that can be
used for nefarious purposes. In researching how a "man in the middle
attack" works I found a you tube video that provided a very easy to
understand tutorial. Such attacks insert the hackers process in between a
browser and a web server communicating. It's used to capture a site visitors
login credential and/or redirect the person to a phony web site where they can
prey on their victim.
Recently I came across a
hackers web site which provides instructions on how to trick a person into
going to their phony Facebook site. The scary part of their technique is that
the user will see Facebook.com on the URL line with no indication that they are
anywhere else but Facebook.com. The author is quite proud of his work and is
happy to share. He does put a disclaimer on the site that the information is
for "Educative Purposes Only". Uh, right.
However, there are some
legitimate purposes to learning hacking techniques. The US government is
training hackers to engage in the so called "cyber war". In fact, the
Air Force Academy offers a degree in "computer science-cyberwarfare"
and Naval Academy has made a course in "cyber security" mandatory for
Freshman.
The government is most
concerned about defending against attacks threatening us, our national security
and our infrastructure. In this"Cyber War" our side has an offense as
well as a defense. You do not hear about it as much because it is supposed to
be top secret, but Washington is not known for being able to keep secrets very
well. While it has never been officially confirmed, a combination of leaks and
evidence uncovered by security experts indicates that the United States has
launched a series of cyber-attacks against Iran and its allies designed to
hamper its nuclear program and its funding of terrorism.
In business and IT we
have to be on guard to protect our IT infrastructure and data assets from being
compromised, regardless of the source of the attack. Increasingly, business and
other organizations are turning to cyber security experts who do penetration
testing, aka pentesting.
Pentesting includes the
same activities as the malicious hackers, known as Blackhat Hackers, except
they are conducted by "good guys" as a service. They test networks
and websites by manually simulating a hacker attack to see if there are security
holes that could compromise sensitive data. They identify critical attack paths
in a network's infrastructure and provide advice on eliminating these threats.
They attempt to bypass security weaknesses to determine exactly how and where
the infrastructure can be compromised.
I often hear people say
that knowledge is a good thing. In this case, it depends on who has the
knowledge and what they use it for, good or evil. The same knowledge that can
be used to create antivirus and firewall protection can be used to
circumvent such protection
Article Source: http://EzineArticles.com/?expert=Kevin_Judge
Article Source: http://EzineArticles.com/7907917
No comments:
Post a Comment