Google+ SECURITY CRACKING AND REQUIRED HACKING AGENCY: 2015
. skc

special

SECURITY CRACKING AND REQUIRED HACKING AGENCY

Thursday 9 April 2015

SMARTPHONE

Posted by at No comments:

Monday 6 April 2015

NEWS (7_4_15)


















































Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday 23 March 2015

Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition

The Annual Pwn2Own Hacking Competition 2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash.

During the second and final day of this year’s hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, were compromised by the two security researchers.

Sponsored by HP's Zero Day Initiative program, the Pwn2Own Hacking Competition ran two days at a security conference in Vancouver, Canada. The final highlights for Pwn2Own 2015 are quite impressive:

5 bugs in the Windows operating system

4 bugs in Internet Explorer 11

3 bugs in Mozilla Firefox

3 bugs in Adobe Reader

3 bugs in Adobe Flash

2 bugs in Apple Safari

1 bug in Google Chrome

$557,500 USD bounty paid out to researchers

The star of the show was South Korean security researcher Jung Hoon Lee, nicknamed "lokihardt," who worked alone and nabbed the single highest payout of the competition in the Pwn2Own history, an amazing bounty of $110,000 in just two minutes.

Lee was able to take down both stable and beta versions of Google Chrome browser by exploiting a buffer overflow race condition bug in the browser and nabbed $75,000 as bug bounty.

For this same bug, Lee also nabbed an extra $25,000 for gaining system access by targeting an information leak and a race condition in two Windows kernel drivers. To hack the beta version of Chrome, Google’s Project Zero rewarded Lee by an extra $10,000. So, he earned a grand total of $110,000.

"To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration," HP's security research team wrote in a blog post Thursday. "There are times when 'Wow' just isn't enough."

Earlier in the day, Lee also earned $65,000 for hacking the 64-bit Internet Explorer 11 with a time-of-check to time-of-use (TOCTOU) vulnerability that gained him read/write privileges on the browser. He used a sandbox escape via JavaScript injection to evade Windows defenses mechanism.

By using a use-after-free exploit and a separate sandbox escape, Lee also took down Apple's Safari browser. The hack earned him $50,000 and brought his total winnings to $225,000 from the contest.

                                -- Assembled by S.K

Posted by at No comments:
Labels: , , , , , ,

Hacking Facebook Account with 'Reconnect' Tool

"Signup or Login with Facebook" ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage 'Login with Facebook' feature.

The vulnerability doesn't grant hackers access to your actual Facebook password, but it does allow them to access your accounts using Facebook application developed by third-party websites such as Bit.ly, Mashable, Vimeo, About.me, Stumbleupon, Angel.co and possibly many more.

FLAW EXPLOITS THREE CSRFs PROTECTION

Egor Homakov, a researcher with pentesting company Sakurity, made the social network giant aware of the bug a year ago, but the company refused to fix the vulnerability because doing so would have ruined compatibility of Facebook with a vast number of websites over the Internet.

The critical flaw abuses the lack of CSRF (Cross-Site Request Forgery) protection for three different processes —

Facebook log in -

Facebook log out -

Third-party account connection -

The first two issues "can be fixed by Facebook," Homakov said, but have not done yet. However, the third one needs to be fixed by the website owners those who have integrate "Login with Facebook" feature into their websites.

TOOL TO HACK FACEBOOK ACCOUNTS

Therefore, blaming Facebook for dismal security in 'Login with Facebook' feature, the researcher publicly released a tool, dubbed RECONNECT, that exploits the bug and lets hackers to generate URLs that can be used to hijack accounts on third-party websites that use 'Login with Facebook' button.

"Go blackhats, don’t be shy!" Homakov wrote on his Twitter, allegedly encouraging hackers and cyber criminals to take benefit from his ready to use tool.

Homakov also published a blog post which gives hackers a step-by-step process for setting up rogue Facebook accounts that victims are redirected to when they tricked into clicking on malicious URLs provided by the attackers.

"Now our Facebook account is connected to the victim account on that website and we can log in that account directly to change email/password, cancel bookings, read private messages and so on," Homakov wrote in a blog post.

RECONNECT Facebook hacking tool can generate malicious URLs to hijack Facebook accounts on third-party website including Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable and Vimeo.
However, any website that supports 'Login with Facebook' can be hacked by manually inserting its link into the tool that generates Facebook login requests on behalf of its users.

HOW TO PROTECT YOURSELF ?

One could realize the dangerous consequences of RECONNECT Facebook hacking tool by calculating how many number of websites over Internet use that blue color ' f ' button of Facebook login. And once a hacker makes a way to get into you account, they could access your private information and use them to hack into your other online accounts.

So, in order to prevent your accounts from malicious hackers, Do Not click on any suspicious URLs provided to you via online messages, emails or social media accounts. And always be careful while surfing over the Internet.

FACEBOOK RESPONDS TO THE ISSUE

Facebook says it has been aware of the issue for some time now and that third-party sites can protect their users by utilizing Facebook's best practices when using the Facebook sign-in feature.

A Facebook spokesperson released a statement saying, "This is a well-understood behaviour. Site developers using Login can prevent this issue by following our best practices and using the 'state' parameter we provide for OAuth Login."

The company also added that they have also made various changes in order to help prevent login CSRF and are evaluating others while "aiming to preserve necessary functionality for a large number of sites that rely upon Facebook Login."

                              -- Assembled by S.K

Posted by at No comments:
Labels: , , , , , , , , , , , , ,

China Finally Admits It Has Army of Hackers

"It means that the Chinese have discarded their fig leaf of quasi-plausible deniability," McReynolds said. "As recently as 2013, official PLA [People's Liberation Army] publications have issued blanket denials such as, 'The Chinese military has never supported any hacker attack or hacking activities.' They can't make that claim anymore."

China finally admits it has special cyber warfare units — and a lot of them.

From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has admitted that it does have cyber warfare divisions – several of them, in fact.

In the latest updated edition of a PLA publication called The Science of Military Strategy, China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks.

An expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReynolds told TDB that this is the first time when China has explicit acknowledged that it has secretive cyber-warfare units, on both the military as well as civilian-government sides.

CHINESE CYBER WARFARE UNITS

According to McReynolds, China has three types of operational military units:

Specialized military forces to fight the network -- The unit designed to carry out defensive and offensive network attacks.

Groups of experts from civil society organizations -- The unit has number of specialists from civilian organizations – including the Ministry of State Security (its like China’s CIA), and the Ministry of Public Security (its like FBI) – who are authorized to conduct military leadership network operations.

External entities -- The unit sounds a lot like hacking-for-hire mercenaries and contains non-government entities (state-sponsored hackers) that can be organized and mobilized for network warfare operations.

According to experts, all the above units are utilized in civil cyber operations, including industrial espionage against US private companies to steal their secrets.

CHINESE CYBER UNIT 61398

In 2013, American private security firm Mandiant published a 60-page report that detailed about the notorious Chinese hacking group 'Unit 61398', suspected of waging cyber warfare against American companies, organizations and government agencies from or near a 12-story building on the outskirts of Shanghai.

The UNIT 61398 also targeted a number of government agencies and companies whose databases contain vast and detailed information about critical United States infrastructure, including pipelines, transmission lines and power generation facilities.

MOST WANTED CHINESE HACKERS

Last year, the United States filed criminal charges against five Chinese military officials, named Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, for hacking and conducting cyber espionage against several American companies.

The alleged hackers were said to have worked with the PLA’s Unit 61398 in Shanghai. Among spying on U.S companies and stealing trade secrets, they had also accused for stealing information about a nuclear power plant design and a solar panel company’s cost and pricing data.

Posted by at No comments:
Labels: , , , , , , ,

Hacking Facebook source code is surprisingly easy

A bunch of tech commentators on Hacker News are talking about how easy it is to read Facebook source code, which they say could pose a risk to the social media site.

A bunch of tech commentators on Hacker News are talking about how easy it is to read Facebook source code, which they say could pose a risk to the social media site.

Users can literally look inside snapshots of Facebook's digital world because its engineers dumped a load of information in Pastebin, which is a platform for storing and sharing text.

The discussion is a reaction to a recent post on the Sinthetic Labs blog. A guy called Nathan Malcolm explains how, in 2013, he was fixing "a few bugs" while using software development tools and "ended up finding about a lot more about Facebook's internals that I intended". Sinthetic Labs is a security research group.

Malcolm says all he did was Google an error message and ended up finding a specific link to a Pastebin post. As he investigated further, he stumbled across various pieces of data that paint a picture of what Facebook looks like behind the scenes -- in a digital sense, anyway.

He found what looked to be names, commands, and other "interesting information". As you'll see in an example below, the code probably won't mean much to most people, but letting it roam free on the internet "probably wasn't the smartest move," Malcolm says.

When discussing some of the files (not the image below), Malcolm explains:

"The person who, likely, posted this was "emir". This may be the person's first name, or it could be their first initial and then their surname (E. Mir). It's clear this output was intended to be seen by another engineer at Facebook, so posting it on Pastebin probably wasn't the smartest move. This person may have made other slip ups which could make them a target if an attacker sees an opportunity."

Malcolm concedes that his findings don't really pose a direct threat to Facebook, but suggests the resources could in extreme circumstances.

He even found Facebook's password for MySQL -- the open source database management system. Crucially, Malcolm says Facebook's servers are heavily firewalled, so the information is effectively useless unless "you manage to break into Facebook's servers," he notes.

Overall, lots of people appear simply amazed at how easy it is to see this stuff. One comment on Hacker News says that "while some leaks may not even be effective outside Facebook's internet network, having actual code that may be in production does pose a risk. The possibility to see where, for instance, data isn't fully sanitized, or where information being fetched might not require proper authentication is more worrying".

Another person mentions another source of files. They say: "I'm amazed at how many username or passwords are freely available via github search." The bottom line is, "If you do not want someone to find it - do not publish it online."
                                      -- Assembled by S.K

Posted by at No comments:
Labels: , , , , , , , , ,

A hack that leaves no iPhone safe

The iPhone passcode is considered fairly secure, but apparently,its security can be tampered with a cheap IP box.

I've always thought of an iPhone passcode as being fairly secure - it's a 4-digit number, with a lockout that prevents just mashing buttons until you find the right answer. But apparently, there's a cheap box that can hack your security, no matter what.

According to MDSec, there's a $300 device called an IP Box that brute-forces iPhones over USB. Rather than trying each passcode physically on the screen, it uses USB to enter the passcode.

If the attempt is incorrect, the box cuts power to the phone, preventing it from recording the failed passcode attempt, and thereby granting the box unlimited guesses at your passcode.

Each PIN entry takes 40 seconds, which means that bypassing the passcode will take around 4-5 days. That might seem like a long time, but if it means that stolen iPhones can be sold as legitimate devices, it's probably worth the wait.

Just another reminder that the data on your phone is never really truly safe.

Posted by at No comments:
Labels: , , , , , , ,

Infosys putting together crack team of coders.

Why do infosys need crackers?

While Infosys' elite programmers will typically be deployed on challenging, futuristic projects and new areas of technology -- which also works as a retention strategy -- they can be called upon to solve complex problems arising at traditional outsourcing projects handled by normal programmers.

BENGALURU: A software glitch threatens to disrupt the launch of a cutting-edge product by a leading global mobile phone-maker with just hours to go. The company turns to its technology vendor's team of programmers, but for an immediate fix, the vendor decides to parachute in one from its elite team of ace coders.

In a few hours, the glitch is resolved and order is restored. The scenario isn't overstretched. It's just the kind of problem-solving ability Infosys is building, putting together a crack team of code writers to break tough programming and software challenges for its top clients.

The team will also focus on new technologies such as analytics and cloud computing and work in futuristic projects in areas such as artificial intelligence.

These ace programmers, with the ability to use complex software algorithms to crack business problems, will be given top billing and incentivised based on metrics specific to them, according to two people familiar with the developments, who requested anonymity.

The idea is to create a system akin to how "Navy Seals or Swat teams are deployed by the US government to help regular troops and quickly resolve tough battle or combat situations," one of the people mentioned above said. "These coders will be quintessential geeks who can solve problems on the fly and will obviously be different and more scholarly than your average programmer."

To be sure, the concept of having an elite programming team within an IT company is not new. Top companies such as Accenture have deployed ace coders to solve complex problems for quite some time now.

But this is the first known instance of such programmers being singled out for their talents and rewarded for their expert skills, at a time when outsourcing projects are getting increasingly commoditized and IT firms are anxiously looking to differentiate themselves from competition, amid slowing growth in software export revenues.

"Indian IT service providers are good at the services part but they need to provide solutions and products for specific industries," Roland Schuetz, Lufthansa's senior vice-president and chief information officer, said in a recent interview with ET.

While Infosys' elite programmers will typically be deployed on challenging, futuristic projects and new areas of technology -- which also works as a retention strategy -- they can be called upon to solve complex problems arising at traditional outsourcing projects handled by normal programmers.

"Any programmer who's really good and talented would probably end up joining these new-age ecommerce companies, like Flipkart or Snapdeal, unless these traditional IT firms can keep up in terms of the quality of work and assignments that they give to these programmers," said Viral B Shah, co-inventor of the Julia programming language. "Just money won't be enough to lure away these talented coders."

The initiative, called Infosys Expert Track, "is set up with the objective of encouraging technologists who are ace programmers. The intent is to create expert coders who will focus on current and future technologies. It is the path for those employees who want to focus exclusively on programming that can solve complex problems for Infosys' clients," an Infosys spokeswoman said in an email. "The track will have a flat structure with minimal people management responsibilities."

Dozen programmers identified
Infosys has identified around a dozen top programmers for the 'expert track'.

These coders have already undergone a rigorous test where each of them was given three problems to solve. For each of the problems, the coders had to develop a programming solution from the ground up within a few hours.

The process is still ongoing and within the next 2-3 months, shortlisted candidates will go through a final round of interview, before being selected into this firefighting team.

Infosys is not the only Indian IT company hunting for top talent in the world of coders. India's top software firm, Tata Consultancy Services, held a worldwide coding competition called CodeVita last month to handpick star programmers.

"What's happening is that the requirements of the clients of top IT firms are changing - they're coming back to Infosys/TCS, and saying, 'Hey, our engineering challenges are more diverse and bigger than what they were a decade ago, we need people who have broader skill sets and exposure to newer technologies," said Sachin Gupta, co-founder and CEO of Bangalore-based startup HackerEarth.

                                 -- Assembled by S.K

Posted by at No comments:
Labels: , , , , , , , , , , ,

Tuesday 24 February 2015

HISTORY OF HACKING

 History of Computer Hacking


Computer Hacking: A Timeline
1971: Computer hobbyist John Draper discovers that a toy whistle included in a box of children's cereal reproduces exactly the 2600-hertz audio tone needed to open a telephone line and begin making free long-distance calls. He adopts the moniker "Captain Crunch," after the cereal and is arrested dozens of times in the next few years for phone tampering.
1975: Two members of the Homebrew Computer Club of California begin making "blue boxes," devices based on Draper's discovery that generate different tones to help people hack into the phone system. Their names? Steve Wozniak and Steve Jobs, who would later go on to found a company called Apple Computers in 1977.
1983: The movie "War Games," starring Matthew Broderick, is released in theaters. Broderick plays a teenage hacker who taps into a Pentagon supercomputer nicknamed "WOPR" and nearly starts World War III. (WOPR is a spoof of NORAD's old central computer processing system, which had the acronym "BURGR.")
In one of the first high-profile cases against computer hackers, the FBI arrests six teenagers from Milwaukee known as the "414s," named after the city's area code. They are accused of breaking into more than 60 computer networks, including those of Memorial Sloan-Kettering Cancer Center and Los Alamos National Laboratory. One hacker gets immunity for his testimony; the others are given probation.
1984: Eric Corley begins publishing an underground magazine called 2600: The Hacker Quarterly, which quickly becomes a clearinghouse for telephone and computer hacking. The following year, a pair of journalists from St. Louis begin publishing Phrack, an electronic magazine that provides hacking information.
The Comprehensive Crime Control Act is passed, which gives the Secret Service jurisdiction over cases of credit card and computer fraud.
1986: Congress passes the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act, which makes it a crime to break into computer systems. In typical congressional fashion, the law doesn't apply to those individuals largely responsible for computer crimes - juveniles.
1987: Herbert Zinn, a 17-year-old high-school dropout who lives with his parents in Chicago and goes by the nickname of "Shadow Hawk," is arrested and admits to breaking into AT&T's computer network after bragging about it on an electronic bulletin board. Federal authorities say the teenager - who did most of his hacking from a computer in his bedroom - was only a few steps away from tapping into the company's central telephone switching system, which could have brought most of the nation's telephone networks and communications systems to a standstill.
Brain, the first known MS-DOS computer virus, is released on the internet. The program itself is mostly harmless; users whose computers are infected with the virus find a small file added to their hard drive containing an unencrypted text message giving contact information for a "Brain Computer Services" in Pakistan.
1988: Robert Morris, a 22-year-old graduate student from Cornell University releases a self-replicating virus on the Internet designed to exploit security holes in UNIX systems. The virus eventually infects more than 6,000 systems - roughly one-tenth of the Internet's computers at the time - and virtually shuts down the entire network for two days.
Morris is arrested for releasing the virus and is sentenced to three years probation, 400 hours of community service and a $10,000 fine. Despite the online havoc he wreaks, he's more than absolved by the Internet community; he later forms a startup internet company, Viaweb, which is bought in 1998 for approximately $49 million.
As a result of the Morris virus, the federal government forms the Computer Emergency Response Team. Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate attacks on computer networks.

1990: Four members of a band of hackers from the Southeastern United States affectionately known as the "Legion of Doom" are arrested for stealing the technical specifications for BellSouth's 911 emergency telephone network. The hackers are accused of lifting login accounts, passwords and connect addresses for its computer networks, information that could "potentially disrupt or halt 911 service in the United States," according to a subsequent indictment. Three of the hackers are found guilty and given prison sentences ranging from 14 to 21 months; they are also ordered to pay BellSouth nearly a quarter of a million dollars in damages.
The Secret Service, in conjunction with Arizona's organized crime unit, unveils Operation Sundevil, a nationwide project designed to hunt down computer hackers. They eventually seize computer equipment in 14 cities, including Tucson, Miami and Los Angeles.
The Electronic Frontier Foundation is created, with the primary goal of defending the rights of people accused of computer hacking.
1991: The General Accounting Office reveals that during the Gulf War, a group of Dutch teenagers broke into a Defense Department computer network and gained access to "sensitive" information on war operations, including data on military personnel, the amount of military equipment being sent to the Persian Gulf, and the development of certain weapons systems.
1993: After hackers break into AT&T's computer networks and bring long-distance telephone service to a halt on Martin Luther King Jr. Day, the Secret Service initiates a national crackdown on computer hackers, arresting members of a group titled "Masters of Deception" in New York, and other hackers in St. Louis and Austin, Texas. The members all plead guilty of computer crimes and conspiracy.
Twenty-eight-year-old Kevin Poulsen, who was already facing charges for stealing military documents and disrupting telecommunications services, is charged along with two other hackers, of using computers to rig promotional contests at three Los Angeles radio stations. In a rather ingenious scheme, Poulsen and his cohorts use computers to seize control of incoming phone lines at the radio stations and make sure that only their calls get through. The three hackers wind up "winning" two Porsches, $20,000 in cash and two trips to Hawaii before being caught.

1995: Russian hacker Vladimir Levin is arrested in Britain after allegedly using his laptop computer to break into Citibank's computer network and transfer funds to various accounts around the world. Levin is eventually extradited to the U.S., where he is sentenced to three years in prison and order to pay Citibank $240,000. The exact amount of money stolen by Levin remains unknown; estimates range between $3.7-$10 million.
Legendary computer hacker Kevin Mitnick is arrested in Raleigh, North Carolina and accused of a number of security violations, such as copying computer software, breaking into various networks and stealing private information, including 20,000 valid credit card numbers. He spends four years in jail without a trial, then pleads guilty to seven counts in March 1999 before finally being released on parole in January 2000. Mitnick had previously been convicted of stealing software and long distance telephone codes from two telecommunications companies in 1989.

1997: The hacking program "AOHell" is released, aimed at wreaking havoc for users of America Online. For days, the AOL network is brought to a virtual standstill, as hundreds of thousands of users find their mailboxes flooded with multiple-megabyte e-mail messages and their chat rooms disabled or disrupted with "spam" messages.
1998: The Symantec AntiVirus Research Center, a leader in security and antivirus software, reports that 30,000 computer viruses are circulating "in the wild" on the internet.
For the first time, federal prosecutors charge a juvenile with computer hacking after a boy shuts down the Bell Atlantic airport communications system in Worcester, Massachusetts. The boy's attack interrupts communications between airplanes and the control tower at Worcester Airport for more than six hours, but no accidents occur. The boy, whose name and exact age are not released, pleads guilty and is sentenced to two years probation, 250 hours of community service, and is ordered to repay Bell Atlantic $5,000.
Members of a hacking group called the Masters of Downloading claim to have broken into a Pentagon network and stolen software that allows them to control a military satellite system. They threaten to sell the software to terrorists. The Pentagon denies that the software is classified or that it would allow the hackers to control their satellites, but later admits that a less-secure network containing "sensitive" information had been compromised.
Deputy Defense Secretary John Hamre announces that hackers have carried "the most organized and systematic attack the Pentagon has seen to date" by breaking into unclassified computer networks, then viewing and altering payroll and personnel data at dozens of federal agencies. Two teenagers from Cloverdale, California are originally implicated. Three weeks later, authorities arrest an Israeli teenager known as "The Analyzer," who claims to have taught the two Californians how to conduct the attacks.
Two hackers are sentenced to death by a court in China for breaking into a banks computer network and stealing 260,000 yuan ($31,400).
U.S. Attorney General Janet Reno announces the creation of the National Infrastructure Protection Center, an organization designed to protect the nation's telecommunications, technology and transportation systems from hackers.
In May, members of "L0pht," a well-known hacker group, testify before Congress. They cite serious security weaknesses in many of the government's computer networks; one member claims that if the group wanted to, it could shut down the entire internet in half an hour.
Two "internet terrorists" defame the New York Times website, renaming it "Hackers for Girls" and expressing anger at the arrest of Kevin Mitnick, who was the subject of a book written by a reporter at the Times.
The hackers group Legion of the Underground (LoU) breaks into China's human rights website in October and replaces the front page with a message asking consumers and businesses to boycott all Chinese goods and services. A few months later, LoU issues a statement declaring a "cyber war" on Iraq and China calling for "the complete destruction of all computer systems" in those countries.
1999: In March, a hacker by the name of MagicFX breaks into the popular online auction site E-Bay, destroying the site's front page. According to the company, the attack was so severe that MagicFX was able to change auction prices, post fake items for sale, and divert traffic to other sites.
Throughout May and June, dozens of government and consumer sites, including those of the U.S. Senate, the White House and the U.S. Army, fall prey to cyber attacks. In each case, the hackers defame the site's front page with arcane messages that are quickly erased.
In November, a Norwegian hacker group, MoRE (Masters of Reverse Engineering), cracks a key to decoding copy-protected DVDs. The group creates a DVD decoder program, which is widely distributed for free on the internet.
2000: The Symantec AntiVirus Research Center estimates that one new computer virus "enters the wild" every hour of every day.
In a 72-hour period in early February, more than a dozen of the internet's most popular websites, including Yahoo, Buy.com, Amazon.com, E-Bay, CNN.com, eTrade and ZDNet, are hacked via "denial of service" attacks that overloaded the sites' servers with an overwhelming number of information requests.
The "I Love You" virus debuts on the Internet in May, appearing first in the Philippines, then spreading across the globe in a matter of hours. It causes an estimated $10 billion of damage globally in lost files and computer downtime before a solution is found.
The trade publication Computer Economics estimates that computer viruses will cost companies a total of $17 billion worldwide in ruined or lost data and lost production time.
A study released by PC Data in the summer reveals an alarming trend: although most people have some type of antivirus software on their personal computer, almost 45 percent of those who log onto the Internet regularly still don't have that software engaged, even if it's installed. In effect, this leaves nearly half of all home computer users exposed and vulnerable to attack from a virus.
In October, in what many people see as a fit of poetic justice, software giant Microsoft admits to having its computer network infiltrated by a hacker (or hackers) from Russia. According to company statements, the hacker(s) used a trojan horse program to create a surreptitious e-mail account and were able to access the source code of an as-yet-unnamed Microsoft product still being developed. Microsoft security experts later admit they were able to track the movements of the hacker(s) throughout their network but were unable to actually catch them in the act.
2001: In early May, groups of Chinese hackers infiltrate several U.S. government sites, including those of the White House, the Central Intelligence Agency, and the Department of Health and Human Services. The attacks are believed to be a form of retaliation for an incident involving a U.S. spy plane earlier in the year.
Also in early May, Microsoft websites in the U.S., Great Britain, Mexico and Saudi Arabia are temporarily disrupted by distributed denial-of-service (DDOS) attacks.
Don't Hate the Hacker
Having just read this timeline, I'm sure that few (if any) of you probably feel sorry for computer hackers. I can't blame you. Like hundreds of companies, Dynamic Chiropractic fell victim to the "I Love You" virus late last year; in fact, I was the one who accidentally opened the file containing the virus. As a result, our company's e-mail system was shut down for two days, and it took the better part of a week before every computer in the office was declared virus-free.
Because of that virus, our company has instituted a policy whereby every computer in the office automatically receives the latest virus updates weekly, and every file sent to DC via e-mail is scanned for viruses before it is opened. Those policies weren't in place before the virus attacked; we've now taken steps to insure such an accident doesn't happen again.
Personally, I think hackers play a necessary role in the advancement of technology; in fact, they've been a major influence on modern society long before computers were invented. Most of our greatest inventions were created by people who broke into existing technologies, examined how they worked, and looked for ways to improve or expand those technologies. In effect, the Kevin Poulsens and Vladimir Levins of today are providing the same type of service that people like Bell, Marconi and Thomas Edison did a century ago.
I also think hackers serve a useful purpose in that they make companies take action and be responsible for their laziness and lack of organization. Last year, CNN reported that more than 100 federal computer systems were compromised by hackers. They were so successful because many federal system operators failed to download and apply a software patch from Microsoft, even though it had been available on line - for free - for more than a year.


HACKING IS ILLEGAL DO IT ON YOUR OWN RISK...............................................
Posted by at No comments:
Subscribe to: Posts (Atom)
Google+Google+