Archive for category Security
There are plenty of people out there who want to break systems, gain secret information, and edit the world to their fancy. There are some who accomplish this by hacking the world’s most guarded data systems, then there are those who take a slightly less code-genius approach to hacking the world. Take a look at some of the best no skill hackers.
The Jealous Girlfriend
No-Skills required: sticky fingers
Whether you go to hone your black hat hacker skills, white hat hacker skills, or just to get on the good side of some of the world’s most powerful system security experts, hacker events are where it’s hat… errr at. Hacker events provide hackers a chance to gather, learn, and compete with each other. Events often include lectures from world renowned hackers, break off groups, and hacker games such as Capture the Flag where teams hack and defend systems or Hackathons– 24 hours of collecting hacked systems. Word to the wise, undercover FBI agents attend hacker events by the drove, trying to recognize creative code and learn new faces in the hacker world. Even with the Fed presence, hacker events are notorious for extracurricular hacker pranks outside of the scheduled rubric. A quick synopsis of such pranks include hijacked hotel wifi, gaining access to hotel billing systems, and even an instance of hacking an ATM in the hotel lobby. Here’s a list of hacker events to look forward to in 2012.
If knowledge is power, and the Internet is the superhighway of information, then hackers are the BAMFest surfer-pirates in the whole wide world wide web. Some are more powerful than others however, and any hacker will tell you there is a pecking order to hackerdom. Here is a list of hacker hierarchy:
Hackers are coming up with more and more ways to gain control over information on the internet. There are dozens of reasons for hackers to do what they do, but here is a list of how they do it, and how to prevent them.
1. Cross site scripting (XSS)
The most commonly exploited security vulnerability in web applications. The weakness arises when an application does not validate or encode user data before the information is sent to a web browser. Hackers implement malicious script in a browser and gain access to user sessions, web sites, conduct phishing, and/or release malware.
Measuring the effectiveness and success of your security program can be quite difficult without the aid of auditing; particularly in terms of how well it protects data from outsiders and how well your users adhere to policies and procedures. It is very interesting then, that it is not entirely too uncommon to find organizations that conduct this aspect of security loosely or not at all. It is also not atypical to find that violations are only discovered when the occurrence of a serious breach of confidentiality takes place or when a whistleblower’s complaint escalates the issue.
For some time now, one of the ongoing movements in enterprise environments have been toward single sign-on systems (SSO). As an important priority in many organizations, the implementation of these systems bears review. Also critically important is the determination and scrutiny of the process towards implementing these solutions. In some such constructs middleware or intermediate environments are implemented, in others, this can also creep into identity integration constructs. Across all cases, it can be summarized that these authentication systems can be extremely beneficial to organizations with the appropriate scope, approach, and delivery in mind.
Risk is a part of any IT environment. Quantifying and even further – managing it, well that’s another matter. In recent client discussions the matter of risk has come into question during discussions about cloud and cloud services. The tradeoff between risk and enablement has been discussed in the past quite profusely and I admit to being on the risk side of the camp for quite some time, even writing about it at some point.
You may have seen our post from almost a year ago with an infographic explaining 8 levels of IT security in data centers. It is very important to make sure any cloud computing servers you are using are secure, especially for business purposes. Nonetheless, with cloud computing and rapidly advancing technologies, viruses, malware, and spyware seem to be getting more prevalent and smarter. “As more workers become virtual, cloud computing offers compelling ways to share information, but as workers connect, you never know what is going to be on their home PC.” At this point in time, it is not uncommon for one to experience the misfortune of being attacked. Rootkits viruses are becoming more common, and they are among the most difficult to clean from computers. This is because they hide their “presence from administrators by subverting standard operating system functionality or other applications” (Wikipedia). Anyone who has experience battling a rootkit knows that it can sometimes feel like you are at war with your computer under harsh conditions with little time for food or sleep. Oftentimes, viruses and malware scanners will discover and repair attacks on your computer, but they miss the rootkit in itself, which will then re-initiate the attacks on your computer. Here are four of the best freeware programs to bolster your rootkit fighting power and hopefully give you what it takes to achieve victory and win back your computer!
Chief executive officers, physician leaders, and boards of directors wield a number of responsibilities, quite often seen as more important than information security. Yet it’s important that leadership views information security in the same way they do other crucial tasks that help the organization function. All too often however, organizations at best appear to favor focusing strictly on compliance, as opposed to overall security.
The use of Polymorphic Malware by cyber criminals is on the rise. A recently cited report from Symantec regarding this trend stems from some of these exploding statistics. Malware of this type is known as polymorphic because it is described to constantly change in nature, making the detection and removal of infections a very difficult task. The code in such polymorphic malware retains its function through its evolution, but the code itself is known to change various characteristics and methods such as changing filenames, encryption, compression techniques, signature changes, among others.