Most hackers are excellent social engineers, humans will remain the weakest link in security.

right mr hammerhead, getting into the philosophical world are we...define social engineer for us please.
ANd how are the humans weakest link in terms of security as well? Also wouldn't that apply to hackers as well cos they are humans as well arent they?

Raj

because, for example, its really easy to fasttalk a dumb receptionist, and get them them open the server room for you as you are a "it guy"

i recently recieved my shipment of cisco routers and switches so that I can get hand-on training in preparation for my CCNA exam. Well, my co-workers are your average computer users and the look on their faces was like they had just sceen a ghost. The reaction was mixed between "wow" and "what are you doing with that?". At one point one of them thought that I would try and do some hacking. Anyway, my point is just that most average users are familiar with the equipmnt that is used that allows them to read their email, surf the internet or simply just use skype.

Yep and anything out of ordinary would raise a few eyebrows and questions as you just experienced yourself. By the way how much did the shipment cost you as what i have heard is Cisco stuff is darn expensive.

ANyways on to the ongoing topic, ANyone got any input towards the question i asked about relation between the Kevin Mitnick's scandal and the stuff they shown in the movie about making long distance calls by tuning the phone with some high pitched sound.

Raj

Yep and anything out of ordinary would raise a few eyebrows and questions as you just experienced yourself. By the way how much did the shipment cost you as what i have heard is Cisco stuff is darn expensive.


Raj

You can get a good deal by talking to tech schools or small companies that are expanding and are looking to get rid of their old stuff.

No, no, no.

John Draper was Captain Crunch, the original phone phreaker.

Kevin Mitnick is more your social engineering hacker, and media opportunist :)

FWIW I used to have a friend who could initiate a ZModem download by whistling the correct modem tones down a telephone line, it was always fun to watch...

I think you are referring to Kevin Mitnick, there is a myth that this guy could trigger a nuclear war by whistling into a payphone however that has never been proved. And yes he was convicted.

Thankis for the update man, so can you friend also get you free long distance calls by whistling to the phone????

Raj

Nope, my friend was restricted to being able to imitate a ZModem download command string tone - that was it. What you might call interesting but totally pointless :)

Right and what would he start to download as obviously it would initiate downloads on the modem or basically it was just opening up the download ports on the modem or something.

Raj

It was literally just the command string and the receiving end would initiate a ZModem download and then just hang as it had nothing to send - depended on the the system of course, he used it most on BBS's. This was probably about 15 years or so ago if my memory serves me well.

Im not sure but I thought that hacking was when you get something to more than you paid for and expanding ones knowledge.

Isn't this supposed to be called cracking?

right mr hammerhead, getting into the philosophical world are we...define social engineer for us please.
ANd how are the humans weakest link in terms of security as well? Also wouldn't that apply to hackers as well cos they are humans as well arent they?

Raj

Google for the term social engineers or search wikipedia, I did not post a link because I thought it might violate forum rules.

It is the art of fooling someone to believe something you are not. You can pretend to be a bank manager and ask for a huge amount of money from a bank. Consider the case of Stanley Rifkin. Or you could be forgetful and write down the password for your bank account and someone might see it (consider phishing). Of course a little trick with the computers help.

My point is that, no matter how much the technology progresses, firewalls are installed, files are encrypted, passwords are made stronger; there will be one careless user who will write down the encryption key/password on a piece of paper for a hacker to see.
There are countless example of how people/corporations lots tons of money and data because of fault of a careless self/employee.

Being on this topic, I might as well say that humans will remain to play a major role in disasters too. I wrote a report on technological disasters a few weeks back and many of them happened because of careless attitute of humans rather than failure of technology.

commented: Nice info +4

Google for the term social engineers or search wikipedia, I did not post a link because I thought it might violate forum rules.

its fine.

Member Avatar for thunderstorm98

Nice Explanation 'Hammerhead'...Thanks.

But then again isnt it with every species, never mind just humans. Every one let their guard down once in a while, even animal species as well. Also arent we the only species to have progressed from animals to this standard within a matter of few thousand years.

That is completely off topic though, but still.

Raj

cracking???? what is the difference between cracking and debugging?

Are you trying to be stupid, or does it just come naturally to you?

Right just to answer the question at hand, cracking would be breaking into the security setup of a program to use it illegaly. You can find a lot of cracked softwares on the net to download and anything with cracked linked to its name would be classed as illegal more often.

Debugging is entirely different thing, when a software or a program is created it is never perfect, there are always flaws in it i.e. bugs, debugging is basically the process of removing those bugs that might make a program unstable.

Am I right guys???

Raj

Im not sure but I thought that hacking was when you get something to more than you paid for and expanding ones knowledge.

Isn't this supposed to be called cracking?

AS i have already said in the above post cracking and hacking do not have too much difference, they are mostly illegal, but there are sometimes the ethical hackers who will try to hack into a system just to test its security capabilities etc. As far as expanding knowledge is concerned, there is no limit to expand ones knowledge but there is always a line that one should avoid crossing to expand knowledge. As long as it is kept within legal boundaries no one can stop you from learning. That is the reason for the existence of this thread as it is something of a knowledge source for those who want to learn more about Hacking....and no, not how to learn Hacking...;-p

Hope that answer your question.

Raj

Eh I disagree you can't construe learning how to hack into anything else... Haven't you ever heard of ethical hacking or white hat hackers? It's merely the way you choose to use that knowledge.

what ive heard a little about is, hackers using viruses as their tool. Mostly things like a keylogger for password steals or there have been viruses that can be controlled to a certain extent wich can allow the user of them to disable the keyboard, or make the screen go blank, or make things pop up on a persons screen remotely. As well as messing around with key system files.

Danniboy.

what ive heard a little about is, hackers using viruses as their tool. Mostly things like a keylogger for password steals or there have been viruses that can be controlled to a certain extent wich can allow the user of them to disable the keyboard, or make the screen go blank, or make things pop up on a persons screen remotely. As well as messing around with key system files.

Danniboy.

yeah but thats probably the one that you rather wanna be stuck with that to have someone physically accessing your server/machine live

90% of hacking is exploiting the users own stupididy (inproper configuration , failure to keep up with security updates, inproper use)

White Hat Hacking = Good, (as opposed to Black Hat Hacking = Bad)and Penatration Testing have started to really take off as a valid "profession" within the IT Community. The pay is not the best compared to some other aspects of the IT world, but it is getting better and will all depend on your experience. Certified Ethical Hacking is a course taught by the EC Council and is worth checking into just to learn more about how your systems work.

hi can is ask what is that white hat hacking??? can u teach me how to do it just a simple one
]

tnx

White Hat Hacking means you exploit a system, program, etc. to find a weakness for the sole purpose of improving and strengthening it (rather than doing harm).

We did discuss this issue earlier on this thread that hacking has different aspects, you can't learn white hat hacking mate. You can learn hacking, then its the use of that skill what makes it White Hat or Black Hat.

Ethical Hacking is always for the purpose of testing the system against any attacks from hackers and then try to tie up the loose ends and would always be classed as good. As far as pay is concerned I have no idea as I don't directly know someone who does it as a profession but I do know of someone who was given a 4 bedroom house as a reward for finding loopholes in Online Banking System of one High Street Bank. And before anyone asks I do not have their names or anything.

Raj

I agree, that hacking is a skill (the actual technicality of which you would have to acquire on your own...if you want)...and like most things in life...it's what you do with this skill that then determines the difference between a White Hat and a Black Hat hacker...

But I remember reading a thread in one of the forums here in Daniweb, and the person was saying that their website was hacked, they also said that the hacker left them a message within their code...
how did they figure out their site was hacked?!?...
they said that they went onto their site 1 day and it was totally blank...when they looked at their code, they saw a chunk of code that wasn't there before...and they found it on all of their scripts (for the entire site, which apparently was huge)...

I am not exactly sure what type of site they have...but it can certainly make someone panic in that situation...

Now that would be classed as black hat hacking as obviously that was intentional harm done to the owner of that particular site without proper authorisation.

And to answer Technogeek's request, I'm sorry friend this thread is not intended to teach anyone how to hack be it a simple or complicated hack. That is what I have been saying all along from the start of the thread that this is for educational purposes only, not study material for learning how to hack.

Raj

hi can is ask what is that white hat hacking??? can u teach me how to do it just a simple one
]

tnx

Technogeek,
This is not the forum to teach people how to hack. In this particular thread, we are only becoming more aware of the hackers and their behaviour so that we can protect ourselves in the future. It would be greatly appreciated if you can simply follow the thread.

commented: Good post +6
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.