Good technical one…
"Change is the law of life. Those who look only to the past or present are certain to miss the future."
--- John F. Kennedy (JFK)
From: Sent: Friday, April 11, 2008 10:10 AM
Subject: What is hacking?
The term "hacker" used to mean computer programmer. Today it is used for persons who use computers to commit crime. Hacking raises several legal issues and jeopardizes privacy and security. It also raises questions on just how secure government, business, and private computers really are. It is argued that governments and businesses are already too dependent on computers. They could be setting themselves up for a fall at the hands of malicious hackers.
Institutions like research centers, defense organizations, financial networks, and educational networks are ideal targets for hackers. Individuals can suffer the consequences of malicious hackers when they trespass and damage computer systems that regulate our lives or access personal and confidential information.
Hacking started with telephone technology. In the
Hackers altered these off-the-shelf tone dialers by replacing the internal crystals with Radio Shack part #43-146. The alteration process took approximately 5 minutes. Having made these modifications, they programmed in the sounds of coins being inserted into a public telephone. From there, the remaining steps were simple. Hackers went to a public telephone and dialed a number. The telephone would request payment for the call. In response, the hacker would use the red box to emulate money being inserted into the machine. This resulted in obtaining free telephone service at most pay telephones.
Hacking Tools and Denial of Service Basics
Hackers use the following tools and techniques, some of which will be discussed in detail in this session:
1. Denial of service attacks: Denial of Service (DoS) is simply rendering a service offered by a workstation or server unavailable to others.
2. Distributed denial of service attacks: Distributed DoS attacks are interesting new phenomena. In this type of an attack the hacker (or a group of hackers) will use multiple computers (often belonging to unsuspecting persons who have been infected by a trojan) to launch a denial of service attack.
3.
4. Email bombing: This involves crashing of servers or overloading of networks by sending huge amounts of junk email.
5. Trojans
6. Viruses
Hacking - whether amounts to theft and/or criminal trespass
There is one view that the act of hacking is nothing but the combination of criminal trespass and mischief. To better understand this, let us see the relevant definitions as per the Indian Penal Code.
Section 441 of the Code says that: "whoever enters into or upon property in the possession of another with intent to commit an offence or to intimidate, insult or annoy any person in possession of such property, or having lawfully entered into or upon such property, unlawfully remains there with intent thereby to intimidate, insult or annoy any such person, or with intent to commit an offence, is said to commit criminal trespass.
Section 425 of the Code says that: "whoever with intent to cause, or knowing that he is likely to cause, wrongful loss or damage to the public or to any person, causes the destruction of any property, or any such change in any property or in the situation thereof as destroys or diminishes its value or utility or affects it injuriously, commits mischief". Applying the above sections to hacking would be correct if the following issue could be resolved unambiguously: whether information residing in a computer resource is "property" as envisaged by the Indian Penal Code.
Given below is a brief description of laws relating to hacking worldwide:
1. The
According to the Computer Misuse Act of 1990, a person is guilty of an offence if he causes a computer to perform any function with intent to secure access to any program or data held within a computer or if the access he intends to secure is unauthorized. The 1990 act failed to include eavesdropping and voyeurism, although criminal liability starts at an early stage.
The Computer Misuse Act covered employees accessing more information than they should be, using terminals at work. Most nations do not have this statute even though employee hacking is one of the most common acts. One important restriction in the
2.
German law dictates three years or less in prison for any person who obtains information (data) not meant for him/her which was protected by security measures. The German parliament defined data as stored or transmitted electronic/magnetic information. This definition of data allows messages sent by e-mail or the Internet to be protected as private.
3.
Citizens of
4.
The unique thing about Dutch law is that it can be broadly applied to indict a larger number of hackers. Dutch law makes it illegal to "breach computer peace", which is one of the world's loosest defined hacking laws. Hacking will get Dutch citizens up to four years in prison and fines not to exceed 25,000 guilders.
5.
Polish law takes a strong stand against eavesdropping. The 1993 Computer Criminal Code covers eavesdropping, viewing unauthorized data, disclosure of confidential data to a third party, and also takes measures to protect privacy. The only drawback is that the victim must initiate prosecution on an application, which slows down prosecution.
Glossary of hacking related terms
Back door
In the security of a system, a hole deliberately left in place by designers or maintainers. May be intended for use by service technicians.
Bit bucket
The universal data sink. Discarded, lost or destroyed data is said to have gone to the bit bucket. Sometimes amplified as The Great Bit Bucket in the Sky.
Cracker
One who breaks security on a system. Coined by hackers in defense against journalistic misuse of the term "hacker." The term "cracker" reflects a strong revulsion at the theft and vandalism perpetrated by cracking rings. There is far less overlap between hackerdom and crackerdom than most would suspect.
Deep magic
An awesomely arcane technique central to a program or system, especially one that could only have been composed by a true wizard. Many techniques in cryptography, signal processing, graphics and artificial intelligence are deep magic.
KISS
"Keep It Simple, Stupid." Often invoked when discussing design to fend off creeping featurism and control development complexity. Possibly related to the marketroid maxim, "Keep It Short and Simple."
Kluge
1. A Rube Goldberg (or Heath Robinson) device, whether in hardware or software.
2. A clever programming trick intended to solve a particularly nasty case in an expedient, if not clear, manner.
3. Something that works for the wrong reason.
Lots of MIPS but no I/O
A person who is technically brilliant but who can't seem to communicate with human beings effectively. Technically it describes a machine that has lots of processing power but is bottlenecked on input-output.
Phreaking
1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls).
2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks).
Raster burn
Eyestrain brought on by too many hours of looking at low-resolution, poorly tuned or glare-ridden monitors, especially graphics monitors.
Security through obscurity
A hacker term for vendors' favorite way of coping with security holes -- namely, ignoring them; documenting neither any known holes nor the underlying security algorithms; or trusting that nobody will find out about them, and that people who did find about them won't exploit them. This "strategy" never works for long.
Sneaker
An individual hired to break into places in order to test their security; analogous to "tiger team."
Time bomb
A subspecies of logic bomb that is triggered by reaching some preset time; set to go off if the programmer is fired or laid off and is not present to perform the appropriate suppressing action periodically.
Trojan horse
A malicious, security-breaking program that is disguised as something benign
Vaporware
Products announced far in advance of any release.
Vulcan nerve pinch
The keyboard combination that forces a soft-boot. On many computers this is Ctrl-Alt-Del.
Wedged
To be stuck, incapable of proceeding without help. This is different from having crashed. If the system has crashed, it has become totally nonfunctioning. If the system is wedged, it is trying to do something but cannot make progress.
Wetware
The human nervous system, as opposed to computer hardware or software. Also refers to human beings (programmers, operators, administrators) attached to a computer system, as opposed to that system's hardware or software.
Wizard
A person who knows how a complex piece of software or hardware works; esp. someone who can find and fix bugs quickly in an emergency. Someone is a hacker if he or she has general hacking ability, but is a wizard only if he or she has detailed knowledge.
Zipperhead
A person with a closed mind.
Posts
No comments:
Post a Comment