Zombie Computers Computer Hackers A computer hacker is someone who seeks and exploits weaknesses in a computer system security or computer network.
Print Advertisement Julie J.
The term hacker is fairly controversial in its meaning and interpretation. Some people claim that hackers are good guys who simply push the boundaries of knowledge without doing any harm at least not on purposewhereas crackers are Computer hackers real bad Computer hackers. This debate is not productive; for the purposes of this discussion, the term unauthorized user UU will suffice.
This moniker covers the entire spectrum of folks, from those involved in organized criminal activities to insiders who are pushing the limits of what they are authorized to do on a system.
This can refer to gaining access to the stored contents of a computer system, gaining access to the processing capabilities of a system, or intercepting information being communicated between systems.
Each of these attacks requires a different set of skills and targets a different set of vulnerabilities.
So what do UUs take advantage of? Vulnerabilities exist in every system and there are two kinds: Known vulnerabilities often exist as the result of needed capabilities. For instance, if you require different people to use a system in order to accomplish some business process, you have a known vulnerability: Another example of a known vulnerability is the ability to communicate over the Internet; enabling this capability, you open an access path to unknown and untrusted entities.
Unknown vulnerabilities, which the owner or operator of a system is not aware of, may be the result of poor engineering, or may arise from unintended consequences of some of the needed capabilities.
By definition, vulnerabilities may be exploited. These can range from poor password protection to leaving a computer turned on and physically accessible to visitors to the office.
Poor passwords for example, a username of Joe Smith with an accompanying password of joesmith are also a rich source of access: And when a UU can utilize a valid username-password combination, getting access to a system is as easy as logging in.
If a target system is very strongly protected by an architecture that includes both technical controls such as firewalls or security software, and managerial controls such as well defined policies and procedures and difficult to access remotely, a UU might employ low-technology attacks.
These tactics may include bribing an authorized user, taking a temporary job with a janitorial services firm, or dumpster diving rifling through trash in search of information.
If the target system is not so strongly protected, then a UU can use technical exploits to gain access. To employ technical exploits a UU must first determine the specifications of the target system.
It would do no good whatsoever for a UU to use a technical exploit against a Microsoft vulnerability if the target system is a Macintosh.
The UU must know what the target system is, how it is configured, and what kind of networking capabilities it has. The availability of preprogrammed attacks for common configurations can make this task quite simple; UUs that use these scripted capabilities are somewhat derisively known as script kiddies.
One way a technically proficient UU can remotely determine the configuration of a target system is through capabilities inherent in hypertext transfer protocol http.
Users who access certain Web sites actually send configuration information, such as the type of browser being used, to the requesting site.
Once the system configuration is known, then exploits can be selected. An example of an exploit that takes advantage of system-specific vulnerabilities is described in the following statement from the U. Exploit code has been publicly released that takes advantage of a buffer overflow vulnerability in the Microsoft Private Communication Technology PCT protocol.
This type of attack eliminates the need for the first step, but is less predictable in both outcome and effectiveness against any given target. For example, if a UU is trying to gather a lot of zombie computers for use in a distributed denial of service attack, then the goal is to sneak a client program onto as many computers as possible.
One way to do this fairly effectively is through the use of a so-called Trojan horse program, which installs the malicious program without the knowledge or consent of the user.
Some of more recent mass Internet attacks have had this profile as an element of the attack pattern. Protecting yourself against attacks is a multistep process, which aims to limit and manage the vulnerabilities of your system. First, make sure you have all the latest patches for your operating system and applications--these patches generally fix exploitable vulnerabilities.
Make sure your password is complex: Also, consider getting a hardware firewall and limiting the flow of data to and from the Internet to only the few select ports you actually need, such as e-mail and Web traffic.
Make sure your antivirus software is up-to-date and check frequently to see if there are new virus definitions available. If you are using a Windows system, you should ideally update your virus definitions every day.
Finally, back up your data. That way if something bad does happen, you can at least recover the important stuff.May 14, · Hackers are taking over thousands of computers in the U.S. and demanding a "ransom" to unlock them.
Nov 12, · Community discussions and forums for Computer Security: Title Updated Last By Comments; Terrorists watch tons of gay sex videos, often.
Catalin Cimpanu Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a. This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction.
May (This essay is derived from a guest lecture at Harvard, which incorporated an earlier talk at Northeastern.) When I finished grad school in computer science I went to art school to study painting. Grayson Barnes had just started working at his father’s law firm in Tulsa, Oklahoma when a note popped-up on one of the computer screens.
It informed him that all the files on the firm’s.