Media has contributed to increase the gap between laymen and hackers. The image of hackers is always related to some sort of criminals sitting in front of computers and and hacking something. Media imposes on people hackers are just hungry criminals on internet which just hack anything they want. Please note that "Not all hackers are criminals". There are three types of hackers. I would like to discuss about them before going ahead:
1. Black-hat hackers: These are underground hackers. This type of hackers actually try to hack into computers, networks and systems. Their intention is of course bad. Many of them steal private information or alter/change the information or data which can sometimes cause penalty to them or can land them in jail. These hackers actually perform what media calls "crime". Most people know hackers as only this type of hackers. but these are not the only group of people who are called as hackers. There is also something called "white-hat" hackers.
2. White-hat hackers: These hackers know how to attack, hack or crack something. They have extensive knowledge of computer hacking and security. They are aware of the hacking tools and they know actually how to hack something. But they don't utilize this for bad purposes. They don't illegally hack into anything and devastate the data or information. They are good people and they are appointed to protect the information. THEY TEST THE SECURITY OF NETWORKS, COMPUTERS AND TRY TO INCREASE THE SECURITY AND PROTECT SENSETIVE DATA AS THEY ARE AWARE OF HOW HACKING IS DONE. "If you know what the threat is and know how it is created, then you can do better in protection against it". Same is the thing what white-hat hackers do. They help in tracing, detecting, blocking and eliminating the threat of black-hat hackers.
3. Gray-hat hackers: The name is self-explanatory. These type of hackers perform the task of both black-hat and white-hat depending on the situation. They maybe originally black-hat hackers who are helping law force or maybe white-hat hackers who are going on the wrong way. They also maybe some people learning from underground hacker communities to help law force and police. These type of hackers play important role in attempts to hack something or protect something.
One more thing, I would like to clarify. Hacking is a cyber crime (if it is illegal). But all cyber crimes are not hacking. Means, hacking is a subset of cyber crimes. There are also other types of cyber crimes such as fraud, piracy, copyright, pornography etc.
Okay, now coming to the point. Please note that hacking is not that much easy. It is not the game of few clicks. It is not the case that open a tool, give the email ID, wait for some time and you will get the password of that person. Also, it is not the thing that you download one hacking tool and now you are ready to hack anything you want. Hacking is a vast subject and itself has many core topics. It has different types of hacking, different types of attacks, different types of tricks and thousands of different tools. Yes, Hacking is difficult. But not this much that you need to be a geek to learn that. You can learn hacking. At last, "a perfect combination of desire and perspire has nothing impossible". Unless you have deep interest and strong desire for hacking, try not to learn it. There is no specific age bar to learn hacking. It can be leant at any stage of life - depends on your willpower.
Now, let us come down to the point - How do I become a hacker? Well, the actual underground hackers have acquired their knowledge from the google. Google is the friend from which they learn hacking. Actually, just learning from google is not a satisfying thing because you are not learning, you are searching for a particular thing. You need to join a course to learn hacking. There maybe many local courses available for 'ethical hacking' (ethical hacking is just same as hacking, but the white-hat way). The only internationally accepted course covering most of the hacking is Certified Ethical Hacker (CEH) which is offered from EC-Council. When you complete this course, you are actually treated as hacker. There is a condition. You cannot go in black-hat and start illegal hacking if you finish this course. You must remain as white-hat or gray-hat hacker after this course. If you don't obey, please keep using google rather than attending this course. There are other courses about Information Security (not hacking!) which are also good, but for pure hacking, it is the only recommended one. You can do this course and once finished, you are actually treated as a hacker. Means, you have crossed the gap between laymen and hackers and are now sitting within other hackers. Please note that this exam is not easy. People say that you need to struggle to pass this exam. All other details can be found at their site. About the things which you need to know before starting this course, or about the foundation things before this course, I will discuss them in next post about CEH.
Tuesday, June 30, 2009
Tuesday, June 16, 2009
Hacking Orkut
Orkut is becoming a popular Social Networking site Now-a-days. More and more people are joining Orkut regularly especially from India and Brazil. Due to this vast number of users, hacking orkut accounts is also increasing day by day. Orkut has really taken great efforts to prevent hacking and it has successed in it upto some extent. Most of the vulnerabilities in Orkut are vanished and they are pursuing towards it continuously. This extending security is also causing problem to ease of use. Still there are some methods to hack orkut because, as we say, weakest link in security is of course Human. I am going to explain three methods to hack orkut as these stand valid currently. I am not going to teach you step-by-step process, but just going to tell you how it is done.
Here we go:
1. Trojans, Keyloggers: These are one of the difficult to implement methods. What you have to do is, by anyhow, give the victim a file containing trojan keylogger. Once they execute it, trojan should execute and complete its primary steps properly. After that, when the victim logs on to orkut, this trojan will automatically log down their username and password and will then convey to you by one of the various methods. This one seems to be far easier but antivirus is one of the most difficult hurdle in that. Most of the computers today have good antiviruses but still some of them lack it. Also there are some non-truseted antiviruses which may not be able to detect the trojan. This trick requies knowledge and careful handling of trojans as they may also target your computer if programmed so. Ok, So lets move on to another trick.
2. Cookie Stealing: Cookies are a small piece of information that websites store on your computer for many reasons. When you log in into orkut, a cookie is generated. This cookie authenticates you and allows you to access your account. This cookie lasts until you log off from orkut. What if someone gets that cookie? When he keeps that cookie on his computer and log into orkut, orkut will read that cookie. It will grant person who has that cookie to access the victim account. Actually, this is not a fault of orkut. So, how can someone get that cookie which is stored in victim computer? You must have heard about javascripts. Something code that we paste in address bar and hit Enter. Then some effect takes place. These javascripts are the best way to get someone's cookie. There is a specially designed javascript for that. If you give that javascript to victim and if he executes it, automatically, the attacker gets the cookie of victim. Now he can log on into his/her account without tackling username/password and can made whatever changes they want.
3. Phishing: This is one of the most efficient and wide-used trick. Also, it is one of the easiest to implement. In this, what hackers do, they send a link to victim. If the victim clicks that link, He will see the orkut login page. He then logs in with his username and password. It gets failed. When he tries again to login, he gets logged in. So, now their account is hacked! What went wrong? The link which attacker sent to the victim was a duplicate copy of orkut login page. Anyone who logs on to that duplicate page, their emails and passwords are conveyed to the hacker by one of the various ways. After their email and password is sent to the hacker, they are taken to the orkut login page saying that login was not successful. So, there remains no doubt in victim's mind that we logged into another page. Most of the effort in this trick lies in putting such a page and finding a service which conveys you their email and password after they put it in that duplicate (fake login) page. There is no increased awareness about this trick. So, generally people fall prey for this hack.
After all discussion above, I am writing below some safety measures that you must take to preserve your account:
1. Always have a good antivirus and keep scanning your computer regularly. Many people think that a computer virus can't interfere with what we do in browsers. Well, upto some extent, it is right, but it can log your typped emails and passwords while signing in into orkut or such a service.
2. Dont execute any javascript given by anybody. As we discussed before, it can prove very risky to your account.
3. Dont click on any suspecious links given by anybody. As these maybe links to fake login pages.
4. When logging in to orkut, have a look at address bar and confirm that it is something like this:
https://www.google.com/....... (note that it is https which is very important)
5. Keep in mind what security question you have kept while creating the account and do not disclose its answer to anybody especially while chatting.
6. Before closing orkut, you must click "log out". This may not affect so much but it is recommended for keeping your account safe. There can be chances of "Man in the middle attack" but they dont occur so often.
So, this was a short article related to how orkut hacking is done. I hope you understand and like it. Please remember that I have not taught you "how to hack" but "how hacking is done".
Here we go:
1. Trojans, Keyloggers: These are one of the difficult to implement methods. What you have to do is, by anyhow, give the victim a file containing trojan keylogger. Once they execute it, trojan should execute and complete its primary steps properly. After that, when the victim logs on to orkut, this trojan will automatically log down their username and password and will then convey to you by one of the various methods. This one seems to be far easier but antivirus is one of the most difficult hurdle in that. Most of the computers today have good antiviruses but still some of them lack it. Also there are some non-truseted antiviruses which may not be able to detect the trojan. This trick requies knowledge and careful handling of trojans as they may also target your computer if programmed so. Ok, So lets move on to another trick.
2. Cookie Stealing: Cookies are a small piece of information that websites store on your computer for many reasons. When you log in into orkut, a cookie is generated. This cookie authenticates you and allows you to access your account. This cookie lasts until you log off from orkut. What if someone gets that cookie? When he keeps that cookie on his computer and log into orkut, orkut will read that cookie. It will grant person who has that cookie to access the victim account. Actually, this is not a fault of orkut. So, how can someone get that cookie which is stored in victim computer? You must have heard about javascripts. Something code that we paste in address bar and hit Enter. Then some effect takes place. These javascripts are the best way to get someone's cookie. There is a specially designed javascript for that. If you give that javascript to victim and if he executes it, automatically, the attacker gets the cookie of victim. Now he can log on into his/her account without tackling username/password and can made whatever changes they want.
3. Phishing: This is one of the most efficient and wide-used trick. Also, it is one of the easiest to implement. In this, what hackers do, they send a link to victim. If the victim clicks that link, He will see the orkut login page. He then logs in with his username and password. It gets failed. When he tries again to login, he gets logged in. So, now their account is hacked! What went wrong? The link which attacker sent to the victim was a duplicate copy of orkut login page. Anyone who logs on to that duplicate page, their emails and passwords are conveyed to the hacker by one of the various ways. After their email and password is sent to the hacker, they are taken to the orkut login page saying that login was not successful. So, there remains no doubt in victim's mind that we logged into another page. Most of the effort in this trick lies in putting such a page and finding a service which conveys you their email and password after they put it in that duplicate (fake login) page. There is no increased awareness about this trick. So, generally people fall prey for this hack.
After all discussion above, I am writing below some safety measures that you must take to preserve your account:
1. Always have a good antivirus and keep scanning your computer regularly. Many people think that a computer virus can't interfere with what we do in browsers. Well, upto some extent, it is right, but it can log your typped emails and passwords while signing in into orkut or such a service.
2. Dont execute any javascript given by anybody. As we discussed before, it can prove very risky to your account.
3. Dont click on any suspecious links given by anybody. As these maybe links to fake login pages.
4. When logging in to orkut, have a look at address bar and confirm that it is something like this:
https://www.google.com/....... (note that it is https which is very important)
5. Keep in mind what security question you have kept while creating the account and do not disclose its answer to anybody especially while chatting.
6. Before closing orkut, you must click "log out". This may not affect so much but it is recommended for keeping your account safe. There can be chances of "Man in the middle attack" but they dont occur so often.
So, this was a short article related to how orkut hacking is done. I hope you understand and like it. Please remember that I have not taught you "how to hack" but "how hacking is done".
Subscribe to:
Posts (Atom)