SlideShare a Scribd company logo
1 of 30
Computer Security
Hackers
• Crisis
• Computer Crimes
• Hacker Attacks
• Modes of Computer Security
– Password Security
– Network Security
– Web Security
– Distributed Systems Security
– Database Security
Topics
• Internet has grown very fast and security has
lagged behind.
• Legions of hackers have emerged as impedance to
entering the hackers club is low.
• It is hard to trace the perpetrator of cyber attacks
since the real identities are camouflaged
• It is very hard to track down people because of the
ubiquity of the network.
• Large scale failures of internet can have a
catastrophic impact on the economy which relies
heavily on electronic transactions
Crisis
• In 1988 a "worm program" written by a
college student shut down about 10 percent
of computers connected to the Internet.
This was the beginning of the era of cyber
attacks.
• Today we have about 10,000 incidents of
cyber attacks which are reported and the
number grows.
Computer Crime – The Beginning
• A 16-year-old music student called Richard Pryce,
better known by the hacker alias Datastream
Cowboy, is arrested and charged with breaking into
hundreds of computers including those at the
Griffiths Air Force base, Nasa and the Korean Atomic
Research Institute. His online mentor, "Kuji", is
never found.
• Also this year, a group directed by Russian hackers
broke into the computers of Citibank and transferred
more than $10 million from customers' accounts.
Eventually, Citibank recovered all but $400,000 of
the pilfered money.
Computer Crime - 1994
• In February, Kevin Mitnick is arrested for a second
time. He is charged with stealing 20,000 credit card
numbers. He eventually spends four years in jail and
on his release his parole conditions demand that he
avoid contact with computers and mobile phones.
• On November 15, Christopher Pile becomes the first
person to be jailed for writing and distributing a
computer virus. Mr Pile, who called himself the Black
Baron, was sentenced to 18 months in jail.
• The US General Accounting Office reveals that US
Defense Department computers sustained 250,000
attacks in 1995.
Computer Crime - 1995
• In March, the Melissa virus goes on the rampage
and wreaks havoc with computers worldwide. After
a short investigation, the FBI tracks down and
arrests the writer of the virus, a 29-year-old New
Jersey computer programmer, David L Smith.
• More than 90 percent of large corporations and
government agencies were the victims of computer
security breaches in 1999
Computer Crime - 1999
• In February, some of the most popular websites in
the world such as Amazon and Yahoo are almost
overwhelmed by being flooded with bogus requests
for data.
• In May, the ILOVEYOU virus is unleashed and clogs
computers worldwide. Over the coming months,
variants of the virus are released that manage to
catch out companies that didn't do enough to
protect themselves.
• In October, Microsoft admits that its corporate
network has been hacked and source code for future
Windows products has been seen.
Computer Crime - 2000
• Some of the sites which have been compromised
– U.S. Department of Commerce
– NASA
– CIA
– Greenpeace
– Motorola
– UNICEF
– Church of Christ …
• Some sites which have been rendered ineffective
– Yahoo
– Microsoft
– Amazon …
Why Security?
• Because they can
– A large fraction of hacker attacks have been pranks
• Financial Gain
• Espionage
• Venting anger at a company or organization
• Terrorism
Why do Hackers Attack?
• Active Attacks
– Denial of Service
– Breaking into a site
• Intelligence Gathering
• Resource Usage
• Deception
• Passive Attacks
– Sniffing
• Passwords
• Network Traffic
• Sensitive Information
– Information Gathering
Types of Hacker Attack
• Over the Internet
• Over LAN
• Locally
• Offline
• Theft
• Deception
Modes of Hacker Attack
Definition:
An attacker alters his identity so that some one thinks he
is some one else
– Email, User ID, IP Address, …
– Attacker exploits trust relation between user and
networked machines to gain access to machines
Types of Spoofing:
1. IP Spoofing:
2. Email Spoofing
3. Web Spoofing
Spoofing
Definition:
Attacker uses IP address of another computer to acquire
information or gain access
IP Spoofing – Flying-Blind
Attack
Replies sent back to 10.10.20.30
Spoofed Address
10.10.20.30
Attacker
10.10.50.50
John
10.10.5.5
From Address: 10.10.20.30
To Address: 10.10.5.5
• Attacker changes his own IP address
to spoofed address
• Attacker can send messages to a
machine masquerading as spoofed
machine
• Attacker can not receive messages
from that machine
Definition:
Attacker spoofs the address of another machine and
inserts itself between the attacked machine and the
spoofed machine to intercept replies
IP Spoofing – Source Routing
Replies sent back
to 10.10.20.30
Spoofed Address
10.10.20.30
Attacker
10.10.50.50
John
10.10.5.5
From Address: 10.10.20.30
To Address: 10.10.5.5
• The path a packet may change can vary over time
• To ensure that he stays in the loop the attacker uses source routing
to ensure that the packet passes through certain nodes on the
network
Attacker intercepts packets
as they go to 10.10.20.30
Definition:
Attacker sends messages masquerading as some one else
What can be the repercussions?
Types of Email Spoofing:
1. Create an account with similar email address
– Sanjaygoel@yahoo.com: A message from this account can
perplex the students
1. Modify a mail client
– Attacker can put in any return address he wants to in the mail
he sends
1. Telnet to port 25
– Most mail servers use port 25 for SMTP. Attacker logs on to this
port and composes a message for the user.
Email Spoofing
• Basic
– Attacker registers a web address matching an entity e.g.
votebush.com, geproducts.com, gesucks.com
• Man-in-the-Middle Attack
– Attacker acts as a proxy between the web server and the client
– Attacker has to compromise the router or a node through which
the relevant traffic flows
• URL Rewriting
– Attacker redirects web traffic to another site that is controlled
by the attacker
– Attacker writes his own web site address before the legitimate
link
• Tracking State
– When a user logs on to a site a persistent authentication is
maintained
– This authentication can be stolen for masquerading as the user
Web Spoofing
• Web Site maintains authentication so that the
user does not have to authenticate repeatedly
• Three types of tracking methods are used:
1. Cookies: Line of text with ID on the users cookie file
– Attacker can read the ID from users cookie file
1. URL Session Tracking: An id is appended to all the links
in the website web pages.
– Attacker can guess or read this id and masquerade as user
1. Hidden Form Elements
– ID is hidden in form elements which are not visible to user
– Hacker can modify these to masquerade as another user
Web Spoofing – Tracking
State
Definition:
Process of taking over an existing active session
Modus Operandi:
1. User makes a connection to the server by
authenticating using his user ID and password.
2. After the users authenticate, they have access to the
server as long as the session lasts.
3. Hacker takes the user offline by denial of service
4. Hacker gains access to the user by impersonating the
user
Session Hijacking
• Attacker can
– monitor the session
– periodically inject commands into session
– launch passive and active attacks from the session
Session Hijacking
Bob telnets to Server
Bob authenticates to Server
Bob
Attacker
Server
Die! Hi! I am Bob
• Attackers exploit sequence numbers to hijack sessions
• Sequence numbers are 32-bit counters used to:
– tell receiving machines the correct order of packets
– Tell sender which packets are received and which are lost
• Receiver and Sender have their own sequence numbers
• When two parties communicate the following are needed:
– IP addresses
– Port Numbers
– Sequence Number
• IP addresses and port numbers are easily available so once
the attacker gets the server to accept his guesses
sequence number he can hijack the session.
Session Hijacking – How Does it
Work?
Definition:
Attack through which a person can render a system unusable or
significantly slow down the system for legitimate users by
overloading the system so that no one else can use it.
Types:
1. Crashing the system or network
– Send the victim data or packets which will cause system to crash or
reboot.
1. Exhausting the resources by flooding the system or network with
information
– Since all resources are exhausted others are denied access to the
resources
1. Distributed DOS attacks are coordinated denial of service attacks
involving several people and/or machines to launch attacks
Denial of Service (DOS)
Attack
Types:
1. Ping of Death
2. SSPing
3. Land
4. Smurf
5. SYN Flood
6. CPU Hog
7. Win Nuke
8. RPC Locator
9. Jolt2
10. Bubonic
11. Microsoft Incomplete TCP/IP Packet Vulnerability
12. HP Openview Node Manager SNMP DOS Vulneability
13. Netscreen Firewall DOS Vulnerability
14. Checkpoint Firewall DOS Vulnerability
Denial of Service (DOS)
Attack
• This attack takes advantage of the way in which
information is stored by computer programs
• An attacker tries to store more information on the stack
than the size of the buffer
How does it work?
Buffer Overflow Attacks
•
Buffer 2
Local Variable 2
Buffer 1
Local Variable 1
Return Pointer
Function Call
Arguments
•
Fill
Direction
Bottom of
Memory
Top of
Memory
Normal Stack
•
Buffer 2
Local Variable 2
Machine Code:
execve(/bin/sh)
New Pointer to
Exec Code
Function Call
Arguments
•
Fill
Direction
Bottom of
Memory
Top of
Memory
Smashed Stack
Return Pointer Overwritten
Buffer 1 Space Overwritten
• Programs which do not do not have a rigorous memory
check in the code are vulnerable to this attack
• Simple weaknesses can be exploited
– If memory allocated for name is 50 characters, someone can
break the system by sending a fictitious name of more than 50
characters
• Can be used for espionage, denial of service or
compromising the integrity of the data
Examples
– NetMeeting Buffer Overflow
– Outlook Buffer Overflow
– AOL Instant Messenger Buffer Overflow
– SQL Server 2000 Extended Stored Procedure Buffer Overflow
Buffer Overflow Attacks
• A hacker can exploit a weak passwords & uncontrolled
network modems easily
• Steps
– Hacker gets the phone number of a company
– Hacker runs war dialer program
• If original number is 555-5532 he runs all numbers in the 555-55xx
range
• When modem answers he records the phone number of modem
– Hacker now needs a user id and password to enter company
network
• Companies often have default accounts e.g. temp, anonymous with no
password
• Often the root account uses company name as the password
• For strong passwords password cracking techniques exist
Password Attacks
• Password hashed and stored
– Salt added to randomize password & stored on system
• Password attacks launched to crack encrypted password
Password Security
Hash
Function
Hashed
Password
Salt
Compare
Password
Client
Password
Server
Stored Password
Hashed
Password
Allow/Deny Access
• Find a valid user ID
• Create a list of possible passwords
• Rank the passwords from high probability to low
• Type in each password
• If the system allows you in – success !
• If not, try again, being careful not to exceed password
lockout (the number of times you can guess a wrong
password before the system shuts down and won’t let
you try any more)
Password Attacks - Process
• Dictionary Attack
– Hacker tries all words in dictionary to crack password
– 70% of the people use dictionary words as passwords
• Brute Force Attack
– Try all permutations of the letters & symbols in the alphabet
• Hybrid Attack
– Words from dictionary and their variations used in attack
• Social Engineering
– People write passwords in different places
– People disclose passwords naively to others
• Shoulder Surfing
– Hackers slyly watch over peoples shoulders to steal passwords
• Dumpster Diving
– People dump their trash papers in garbage which may contain
information to crack passwords
Password Attacks - Types
• Computer Security is a continuous battle
– As computer security gets tighter hackers are getting smarter
• Very high stakes
Conclusions

More Related Content

What's hot

Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Umang Patel
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.JasminJaman1
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in TeluguSravani Reddy
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 

What's hot (20)

Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Hacking for Dummies 2
Hacking for Dummies 2Hacking for Dummies 2
Hacking for Dummies 2
 
Hackers
HackersHackers
Hackers
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
 
Hacking
HackingHacking
Hacking
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in Telugu
 
185
185185
185
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 

Viewers also liked

COB4 Computer Crime
COB4 Computer CrimeCOB4 Computer Crime
COB4 Computer Crimeangbeelee
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer CrimesMar Soriano
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 

Viewers also liked (10)

COB4 Computer Crime
COB4 Computer CrimeCOB4 Computer Crime
COB4 Computer Crime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
Chapter 3 Computer Crimes
Chapter 3 Computer  CrimesChapter 3 Computer  Crimes
Chapter 3 Computer Crimes
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 

Similar to Computer Security Hacking

Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?HBServices7
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.pptpeter722626
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirupRay2
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 

Similar to Computer Security Hacking (20)

Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
 
2hacking.ppt
2hacking.ppt2hacking.ppt
2hacking.ppt
 
Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.ppt
 
PPIT Lecture 20
PPIT Lecture 20PPIT Lecture 20
PPIT Lecture 20
 
Attacks Types
Attacks TypesAttacks Types
Attacks Types
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Avirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptxAvirup_Ray_18700219054_Cyber_Security_1.pptx
Avirup_Ray_18700219054_Cyber_Security_1.pptx
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 

More from Erdo Deshiant Garnaby

More from Erdo Deshiant Garnaby (16)

Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Org Design
Org DesignOrg Design
Org Design
 
HOS Talent management presentation
HOS Talent management presentationHOS Talent management presentation
HOS Talent management presentation
 
Talent management
Talent managementTalent management
Talent management
 
Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resources
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoring
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+security
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machines
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurity
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 

Recently uploaded

The concept of motion graphics and its applications.
The concept of motion graphics and its applications.The concept of motion graphics and its applications.
The concept of motion graphics and its applications.WeatherOfficialProdu
 
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdfECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdfSarbjit Bahga
 
Spring Summer 2026 Inspirations trend book Peclers Paris
Spring Summer 2026 Inspirations trend book Peclers ParisSpring Summer 2026 Inspirations trend book Peclers Paris
Spring Summer 2026 Inspirations trend book Peclers ParisPeclers Paris
 
BIT Khushi gandhi project.pdf graphic design
BIT Khushi gandhi project.pdf graphic designBIT Khushi gandhi project.pdf graphic design
BIT Khushi gandhi project.pdf graphic designKhushiGandhi15
 
Morgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity DesignMorgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity Design1508 A/S
 
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...Amil baba
 
Latest Trends in Home and Building Design
Latest Trends in Home and Building DesignLatest Trends in Home and Building Design
Latest Trends in Home and Building DesignResDraft
 
Naer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing ProjectNaer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing Projectbuvanatest
 
Top 10 Website Designing Hacks for Beginners.pptx.pptx
Top 10 Website Designing Hacks for Beginners.pptx.pptxTop 10 Website Designing Hacks for Beginners.pptx.pptx
Top 10 Website Designing Hacks for Beginners.pptx.pptxe-Definers Technology
 
Spring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers ParisSpring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers ParisPeclers Paris
 
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证ugzga
 
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证ugzga
 
Branding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdfBranding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdfAlexandra Plesner
 
挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质yzeoq
 
Webhost NVME Cloud VPS Hosting1234455678
Webhost NVME Cloud VPS Hosting1234455678Webhost NVME Cloud VPS Hosting1234455678
Webhost NVME Cloud VPS Hosting1234455678Cloud99 Cloud
 
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证ugzga
 
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证ugzga
 
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理thubko
 
Resume all my skills and educations and achievement
Resume all my skills and educations and  achievement Resume all my skills and educations and  achievement
Resume all my skills and educations and achievement 210303105569
 
Bit Dhrumi shah Graphic Designer portfolio
Bit Dhrumi shah Graphic Designer portfolioBit Dhrumi shah Graphic Designer portfolio
Bit Dhrumi shah Graphic Designer portfoliodhrumibshah13
 

Recently uploaded (20)

The concept of motion graphics and its applications.
The concept of motion graphics and its applications.The concept of motion graphics and its applications.
The concept of motion graphics and its applications.
 
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdfECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
 
Spring Summer 2026 Inspirations trend book Peclers Paris
Spring Summer 2026 Inspirations trend book Peclers ParisSpring Summer 2026 Inspirations trend book Peclers Paris
Spring Summer 2026 Inspirations trend book Peclers Paris
 
BIT Khushi gandhi project.pdf graphic design
BIT Khushi gandhi project.pdf graphic designBIT Khushi gandhi project.pdf graphic design
BIT Khushi gandhi project.pdf graphic design
 
Morgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity DesignMorgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity Design
 
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...
NO1 Best Vashikaran Specialist in Uk Black Magic Specialist in Uk Black Magic...
 
Latest Trends in Home and Building Design
Latest Trends in Home and Building DesignLatest Trends in Home and Building Design
Latest Trends in Home and Building Design
 
Naer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing ProjectNaer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing Project
 
Top 10 Website Designing Hacks for Beginners.pptx.pptx
Top 10 Website Designing Hacks for Beginners.pptx.pptxTop 10 Website Designing Hacks for Beginners.pptx.pptx
Top 10 Website Designing Hacks for Beginners.pptx.pptx
 
Spring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers ParisSpring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers Paris
 
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCI毕业证书)加利福尼亚大学尔湾分校毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
 
Branding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdfBranding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdf
 
挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质
 
Webhost NVME Cloud VPS Hosting1234455678
Webhost NVME Cloud VPS Hosting1234455678Webhost NVME Cloud VPS Hosting1234455678
Webhost NVME Cloud VPS Hosting1234455678
 
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UW毕业证书)华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
 
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
 
Resume all my skills and educations and achievement
Resume all my skills and educations and  achievement Resume all my skills and educations and  achievement
Resume all my skills and educations and achievement
 
Bit Dhrumi shah Graphic Designer portfolio
Bit Dhrumi shah Graphic Designer portfolioBit Dhrumi shah Graphic Designer portfolio
Bit Dhrumi shah Graphic Designer portfolio
 

Computer Security Hacking

  • 2. • Crisis • Computer Crimes • Hacker Attacks • Modes of Computer Security – Password Security – Network Security – Web Security – Distributed Systems Security – Database Security Topics
  • 3. • Internet has grown very fast and security has lagged behind. • Legions of hackers have emerged as impedance to entering the hackers club is low. • It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged • It is very hard to track down people because of the ubiquity of the network. • Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions Crisis
  • 4. • In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. • Today we have about 10,000 incidents of cyber attacks which are reported and the number grows. Computer Crime – The Beginning
  • 5. • A 16-year-old music student called Richard Pryce, better known by the hacker alias Datastream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, Nasa and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. • Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money. Computer Crime - 1994
  • 6. • In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones. • On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail. • The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995. Computer Crime - 1995
  • 7. • In March, the Melissa virus goes on the rampage and wreaks havoc with computers worldwide. After a short investigation, the FBI tracks down and arrests the writer of the virus, a 29-year-old New Jersey computer programmer, David L Smith. • More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999 Computer Crime - 1999
  • 8. • In February, some of the most popular websites in the world such as Amazon and Yahoo are almost overwhelmed by being flooded with bogus requests for data. • In May, the ILOVEYOU virus is unleashed and clogs computers worldwide. Over the coming months, variants of the virus are released that manage to catch out companies that didn't do enough to protect themselves. • In October, Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen. Computer Crime - 2000
  • 9. • Some of the sites which have been compromised – U.S. Department of Commerce – NASA – CIA – Greenpeace – Motorola – UNICEF – Church of Christ … • Some sites which have been rendered ineffective – Yahoo – Microsoft – Amazon … Why Security?
  • 10. • Because they can – A large fraction of hacker attacks have been pranks • Financial Gain • Espionage • Venting anger at a company or organization • Terrorism Why do Hackers Attack?
  • 11. • Active Attacks – Denial of Service – Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks – Sniffing • Passwords • Network Traffic • Sensitive Information – Information Gathering Types of Hacker Attack
  • 12. • Over the Internet • Over LAN • Locally • Offline • Theft • Deception Modes of Hacker Attack
  • 13. Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing
  • 14. Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • Attacker changes his own IP address to spoofed address • Attacker can send messages to a machine masquerading as spoofed machine • Attacker can not receive messages from that machine
  • 15. Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 • The path a packet may change can vary over time • To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 10.10.20.30
  • 16. Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 1. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 1. Telnet to port 25 – Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Email Spoofing
  • 17. • Basic – Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com • Man-in-the-Middle Attack – Attacker acts as a proxy between the web server and the client – Attacker has to compromise the router or a node through which the relevant traffic flows • URL Rewriting – Attacker redirects web traffic to another site that is controlled by the attacker – Attacker writes his own web site address before the legitimate link • Tracking State – When a user logs on to a site a persistent authentication is maintained – This authentication can be stolen for masquerading as the user Web Spoofing
  • 18. • Web Site maintains authentication so that the user does not have to authenticate repeatedly • Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 1. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 1. Hidden Form Elements – ID is hidden in form elements which are not visible to user – Hacker can modify these to masquerade as another user Web Spoofing – Tracking State
  • 19. Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking
  • 20. • Attacker can – monitor the session – periodically inject commands into session – launch passive and active attacks from the session Session Hijacking Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die! Hi! I am Bob
  • 21. • Attackers exploit sequence numbers to hijack sessions • Sequence numbers are 32-bit counters used to: – tell receiving machines the correct order of packets – Tell sender which packets are received and which are lost • Receiver and Sender have their own sequence numbers • When two parties communicate the following are needed: – IP addresses – Port Numbers – Sequence Number • IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking – How Does it Work?
  • 22. Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – Send the victim data or packets which will cause system to crash or reboot. 1. Exhausting the resources by flooding the system or network with information – Since all resources are exhausted others are denied access to the resources 1. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) Attack
  • 23. Types: 1. Ping of Death 2. SSPing 3. Land 4. Smurf 5. SYN Flood 6. CPU Hog 7. Win Nuke 8. RPC Locator 9. Jolt2 10. Bubonic 11. Microsoft Incomplete TCP/IP Packet Vulnerability 12. HP Openview Node Manager SNMP DOS Vulneability 13. Netscreen Firewall DOS Vulnerability 14. Checkpoint Firewall DOS Vulnerability Denial of Service (DOS) Attack
  • 24. • This attack takes advantage of the way in which information is stored by computer programs • An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer Overflow Attacks • Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Normal Stack • Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments • Fill Direction Bottom of Memory Top of Memory Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten
  • 25. • Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack • Simple weaknesses can be exploited – If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters • Can be used for espionage, denial of service or compromising the integrity of the data Examples – NetMeeting Buffer Overflow – Outlook Buffer Overflow – AOL Instant Messenger Buffer Overflow – SQL Server 2000 Extended Stored Procedure Buffer Overflow Buffer Overflow Attacks
  • 26. • A hacker can exploit a weak passwords & uncontrolled network modems easily • Steps – Hacker gets the phone number of a company – Hacker runs war dialer program • If original number is 555-5532 he runs all numbers in the 555-55xx range • When modem answers he records the phone number of modem – Hacker now needs a user id and password to enter company network • Companies often have default accounts e.g. temp, anonymous with no password • Often the root account uses company name as the password • For strong passwords password cracking techniques exist Password Attacks
  • 27. • Password hashed and stored – Salt added to randomize password & stored on system • Password attacks launched to crack encrypted password Password Security Hash Function Hashed Password Salt Compare Password Client Password Server Stored Password Hashed Password Allow/Deny Access
  • 28. • Find a valid user ID • Create a list of possible passwords • Rank the passwords from high probability to low • Type in each password • If the system allows you in – success ! • If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Password Attacks - Process
  • 29. • Dictionary Attack – Hacker tries all words in dictionary to crack password – 70% of the people use dictionary words as passwords • Brute Force Attack – Try all permutations of the letters & symbols in the alphabet • Hybrid Attack – Words from dictionary and their variations used in attack • Social Engineering – People write passwords in different places – People disclose passwords naively to others • Shoulder Surfing – Hackers slyly watch over peoples shoulders to steal passwords • Dumpster Diving – People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - Types
  • 30. • Computer Security is a continuous battle – As computer security gets tighter hackers are getting smarter • Very high stakes Conclusions

Editor's Notes

  1. Prevention: locks at doors, window bars, walls round the property Detection: stolen items are missing, burglar alarms, closed circuit TV Reaction: call the police, replace stolen items, make an insurance claim … Prevention: encrypt your orders, rely on the merchant to perform checks on the caller, don’t use the Internet (?) … Detection: an unauthorized transaction appears on your credit card statement Reaction: complain, ask for a new card number, etc.
  2. Some stories about hackings
  3. Some stories about hackings
  4. The Computer Security Institute's fifth Computer Crime and Security Survey also found that the total reported financial losses have tripled.The annual survey is conducted with the participation of the San Francisco FBI Computer Intrusion Squad and aims to increase awareness of security. This year's survey was based on responses from 643 computer-security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities.Only 42 percent of those answering the survey could put a dollar figure on their financial losses - reporting the total at $265 million. The average annual total over the last three years was $120 million.
  5. Get some stories about hackings
  6. An active attack involves a deliberate action on the part of the attacker to gain information that he is after. Like trying to telnet to port 25 on a company server to break into the mail server. This is like a burglar trying to pick a lock. This is fairly easy to detect. Passive attacks are mainly information gathering attacks and precede the active attacks.
  7. Get some stories about hackings
  8. 1. Normally users log on to one machine and have access to a number of computers.
  9. 1. Normally users log on to one machine and have access to a number of computers.
  10. 1. Normally users log on to one machine and have access to a number of computers.
  11. Repercussions:
  12. Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases
  13. Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases
  14. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  15. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  16. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  17. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  18. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have
  19. Page 245 (Chapter 7 – Hackers Beware by Eric Cole) When a program calls a subroutine, the function variables and the subroutine return address pointers are stored in a logical data structure known as a stack. A stack is a portion of memory that stores information the current program needs. A return pointer contains the address of the point in the program to return to after the subroutine has completed execution. The variable space is filled LIFO I.e. higher address to lower address. When variable space is exceeded the data goes to neighboring variable space. To cause code to be executed an attacker takes advantage of this by precisely tuning the amount and content of data necessary to cause the buffer to over flow and the operating system stack to crash. The data that the attacker sends usually consists of machine specific byte code to execute a command, plus a new address of the return pointer. This address points back into the address space of the stack, causing the program to run the attacker’s instructions when it attempts to return from the subroutine. The attackers code will run at whatever privileges the host code is running. So normally hackers try to use programs which run with root privileges.
  20. Get some stories about hackings
  21. Get some stories about hackings
  22. Get some stories about hackings
  23. Get some stories about hackings
  24. Get some stories about hackings