Welcome to the Era of Hacking, Total Exposure

We are asleep in a world of dreams and nightmares, both of which we live daily, and both of which need to be controlled by someone, for that is the joy of those people who pull the strings. If just one of us opens our eyes and sees through the cloud of deception that is placed before everyone’s eyes, then the dream is dispelled and we acknowledge the farce and fallacies around us for what they are and we see the “sheeple” just following blindly along....so many things I have seen, just in the last few days...I just have to shake my head and turn a blind eye sometimes...nothing to do but write....

In a “cyber-war”, where is the enemy? The investigating agencies, be it FBI or the CBI, would just love to know that hackers have managed to positively identify which sites belong to those responsible for the terrorist attacks. Even if they could be identified, attacking them could destroy crucial evidence. Blindly attacking sites perceived to be vaguely Arabic is just plainstupid (or at least not a sign of a true genius). Attacking sites of people who aren't even remotely involved to vent emotions is even more moronic.

Hacking is morally and ethically wrong, an offense against various governments in the world. You can see how hacking has changed from 1878 to the present day and how quickly it is becoming more of a threat to everyday life. This is due to the fact that many homes and businesses use computers placing themselves at a risk of getting hacked.

At last, I would like to say “WAKE UP INTERNET WORLD!” Security systems all over the globe are threatened and very few seem to understand what is happening. If the CEO’s, Administrators, Presidents, and other heads of businesses and governments aren’t demanding that their IT departments are re-evaluating their security systems, then they deserve everything the hackers give them.

Hacking is here to stay. It will not go away quietly. It will not be eliminated. If a software engineer can write a security program believe me when I say a hacker can breach it.

It’s hard to imagine a world without computers, mobile devices or the Web. Cyber criminals and malicious hackers know just how important these tools are to not only work, but everything we do in our personal lives as well.

And because we rely on them so heavily, they are a prime target for attack. Viruses and other malware used to attack computers, networks and websites has changed over the years. Initially, these malicious programs were written to be mischievous. While destructive in nature, they did not have the same intent and outcome that malware does today. Nowadays, cyber criminals stand to make hundreds of thousands of dollars from malware. Unfortunately, there are just too many strains of malicious software out there for each one of them to make the news like they did in the old days.

As we watch many movies in which hackers just type a code and any computer get hacked, for many people, this is like a fake thing in real it happens.

The reasons why Hackers hack can be motivated by different agendas, such as malicious intent, for the challenge, or for profit. Whatever their motivations, they are a chronic pain the butt and website owners must be constantly on guard or run the risk of their sites going down, and experience loss to their business and/or business reputation.

To some, hacking is just an amusing game or challenge just to prove how smart you are. A trait that most hackers share is a strong sense of curiosity. They pride themselves on their ability create new programs. They brag to their social circle about any high-profile system that they've hacked. You can employ more security measures to protect your computer system e.g. Firewalls, anti-spyware, anti-viral etc., but these types of hackers just find it more of a challenge to defeat these security defenses and your computer crashing is just another trophy on their hacker shelf. Yes these types of hackers are annoying but the ones you really need to worry about are the hackers who hack for profit - your criminal hackers.

By now corporations and governments worldwide have taken notice that their security systems are at risk. Well, sort of. There is still an arrogance and attitude of “it couldn’t happen to me.” In the meantime, hackers all over the globe are getting into everything from email to top secret documents.

It doesn’t surprise a specialist in the Information Technology field that the heads of corporations like Sony and government agencies like NASA have been slow on the uptake. For too long these people have been driven by greed and have acted with total impunity.

No more. Because internet security has become the number one target of organized groups like Anonymous or 13 year old boys fooling around on the computer, every government, business, corporation, and personal computer is at risk.

And, the conundrum for everyone is that if you can write a security program, someone can hack it. One doesn’t think it will be out of business soon because some government agency or billion dollar corporation thinks it can outsmart the techies of the world. No, the real issue is how are institutions going to process information, secure and public that cannot be hacked into?

Technology advances in storage and computing models (e.g. cloud) have made it possible for modern companies to save massive amounts of data about their customers and partners. These increasingly large stores of information can provide insights that improve marketing efforts, help refine product offerings or even enable completely new service/product lines. However, the data also makes these organizations more attractive to attackers. Last year, the number of data breaches due to hacking exceeded lost and stolen laptops for the first time; hacking was responsible for 83 percent of the total exposed records in 2011. The impacts of a data breach can be significant – lost time, revenue and reputation. However, the stakes may be becoming even higher.

Every era has had a name and this era is going to be named the Era of Hacking. This is the era when the dishonest and corrupt are being caught with their pants down and their phony financial reports exposed. The hero’s of our world will no longer be gold star generals or presidents but faceless hackers with a weapon called the keyboard.

Source - http://krishnan1983.blogspot.in/2012/08/hacking-in-todays-world.html

Thanks to S. Krishnan Sir....

Get a PenTest Magazine Issue 2

Separating Fact from Fiction – The realities of Cyber War
By Don Eijndhoven
Cyber War. Two words that you’ll have heard in the news a few times by now. You’ll have heard it more and more over the last year or so. Maybe two or three years if you’ve been halfway interested or happened to be browsing on IT websites that cover cyber warfare. Especially if you’re living in the US, you’ll have heard some pretty fear-inducing stories. And not by just anybody; Richard Clarke himself has said that a Cyber War is the next big threat to national security. He was, of course, referring to the national security of the US, but his critique certainly holds water for other modernized nations. What may be surprising is that he was absolutely right, even though he may be understood poorly.

Multifactor Authentication – A Requirement for the 21st Century
By Robert Keeler
Logon credentials as the only method of granting access to today’s valuable data is far from an acceptable 21st century solution. There is no doubt that the lack of serious authentication for the last decade has created much of the opportunity for the theft of information which has led to identity theft becoming an epidemic. Other than granting initial access, there is no monitoring of a user’s true identity during transaction processing online. There is no forced logout when the user has completed their task. There is no security when Man-in-the-middle attacks can easily penetrate the weaknesses of simple logon credentials being the primary access control to vasts amounts of data.

Regulatory Compliance under the Indian Cyber Laws
by Sagar Rahurkar
The Information Technology Act, 2000 (IT Act) is the primary law in India governing “cyberspace”. It is in force from 17th October, 2000 and IT (amended) Act, 2008 is in force from 27th October, 2009 making significant changes in the original Act. Amendments for the first times have introduced the concept of “Regulatory compliance” under the law for the protection of “Sensitive personal information”.

Ride the Dragon: Testing the Desktop by adopting criminal tools and strategies
by Stefano MacGalia
A usual Pen Testing engagement limits its perimeter of action to exploit specific vulnerabilities identified during phases and, by collecting the results, it ends with a positive or negative occurrence that will be included in the final report by the tester.
This means that, by the Customer point of view, in case of a positive result: the presence and exploitability of a specific weakness, the corrective action will be suggested and probably enforced lately.

Social Engineering
by Falgun Rathod

What if someone ask you for a Password Will you give it? Yes / No You will say Obviously No but this is What I call Social Engineering. According to Wiki “Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.”Social Engineering is not a new thing at all it’s the art of lie and to get confidential information to access/Hacked into System.

Benefits of Attribution
by Sayngeun Phouamkha
A good friend by the name of “J” once told me in my very early stages of learning IT Security that, ” The enemy of my enemy is my scapegoat.” Of course knowing nothing of IT Security or the different arenas/specialties of which this field encompasses I had to have him explain in depth and in very non-IT Security terms exactly what that meant and why it was important to know in this line of work.

Attacking POS: history, technique and a look to the future

When we talk about credit and debit card we should remember that this kind of payment was think and launched after the second war from American Express and the card as we know with magstripe was introduced in the market from 1979. Since the beginning of the ’90 years we’ve seen an increase in card fraud, before using the ATM terminals and subsequently affecting the Point of sale terminals (POS). Before talk about fraud we will try to understand how is composed a credit or debit card.

Click Here to Download - https://www.owasp.org/images/7/7b/PENTESTMAG2.pdf