Hacking

The book I read to research this post was Hacking For Dummies 4th edition which is a very good book which I read at http://safaribooksonline.com. This book is primarily about ethical hacking which is checking computers and computer networks for vulnerabilities. Any computer won't be totally invulnerable to hacking but the trick is to make it so difficult and time consuming it's not worth it. With most computer networks hackers don't bother hacking the password with a password cracker program instead they resort to dumpster diving or social engineering. Dumpster is diving in the potential victim's trash to see what you can find. It's amazing what people don't shred. Social engineering normally takes the form of someone phoning the company helpdesk and pretending they are an employee who has lost his password or pretend they are the computer repair men, there to repair one of the servers. In many companies the helpdesk is situated a distance from the entrance enabling anyone to walk in at busy times unnoticed. A hacker will often use a packet sniffer like wireshark to look at the traffic going to and from your server prior to the attack. Wireshark is free but not as easy to use as some commercial programs. For the actual cracking the password a program like Cain And Able or John The Ripper are the 2 best known. An important point is employees should have the screensaver enabled to come on when the system is not being used and should require the password for the user to log back in. Interestingly 80% of security breaches come from employees and former employees. One nightmare for many companies is the number of digital cameras and smartphones brought onto company premises each capable of photographing anything on a computer screen. Most companies don't take this problem as seriously as they should. In the back of this book it lists loads of resources in connection with hacking even a phishing toolkit which I assume has dark motives. I really enjoyed this book and I think it's obvious it is an interesting subject. One final point is you might moan about the cost of securing your computer or network but if it gets breached the cost is likely to be much higher. That's especially true if you are a company or organization.