Posts

Hacker

•  A hacker may refer to any of the following: Computer hacker1. A hacker is a term that first started being used in the 1960s and described a programmer or someone who hacked computer code. Later the term evolved into an individual who had an advanced understanding of computers, networking, programming, or hardware, but did not have any malicious intents. In 1981, Ian Murphy, also known as "Captain Zap", became the first hacker to be convicted of hacking. He hacked into the AT&T computer network and modified the billing rates system, changing the internal clocks so that cheaper late-night rates were billed to customers during mid-day hours. Today, a malicious hacker is usually referred to as a malicious user, black hat, or criminal hacker, which describes any individual who illegally breaks into computer systems to damage or steal information. Some people who consider themselves leet may refer to themselves as a leet haxors, h4x0rs, or HaXXorZ. However, often these users

How to hack someone or something

•  This question has been asked of us many times, but unfortunately, we do not condone hacking and will not provide training or help on how to hack. Hacking is illegal, therefore, Computer Hope cannot help you with learning how to hack and suggest that you reconsider. We are sorry that we cannot help you if you truly decide you want to learn how to hack. Hacking a computer to view or steal protected information is not going to resolve anything and is only going to cause further issues, such as being fined or sent to prison. If you choose to learn about hacking, an option is to take a training course on ethical hacking, for which you may be able to get a job with a company. If you are interested in hacking and in the field of computer security, instead of trying to do anything illegal, there are several alternatives to consider. We suggest learning an alternative operating system such as Linux, setting up computer networks, reading security news, and learning a programming language. If

What constitutes ethical hacking?

  For hacking to be deemed ethical, the hacker must obey the following rules: 1.        Expressed (often written) permission to probe the network and attempt to identify potential security risks. 2.        You respect the individual's or company's privacy. 3.        You close out your work, not leaving anything open for you or someone else to exploit at a later time. 4.        You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company. The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals or cyber criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite effective and successf

Top 10 Bug Bounty Programs in 2021

1) Intel Intel's bounty program mainly targets the company's hardware, firmware, and software. Limitations:  It does not include recent acquisitions, the company's web infrastructure, third-party products, or anything relating to McAfee. Minimum Payout:  Intel offers a minimum amount of $500 for finding bugs in their system. Maximum Payout:  The Company pays $30,000 maximum for detecting critical bugs. 2) Yahoo Yahoo has its dedicated team that accepts vulnerability reports from security researchers and ethical hackers. Limitations:  The Company does not offer any reward for finding bugs in yahoo.net, Yahoo 7 Yahoo Japan, Onwander and Yahoo operated Word press blogs. Minimum Payout:  There is no set limit on Yahoo for minimum payout. Maximum Payout:  Yahoo can pay $15000 for detecting important bugs in their system. 3) Snapchat Snapchat security team reviews all vulnerability reports and ac

Insecure Cryptographic Storage

●  Description Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. (*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm used to form the key should be available) Implication ·          By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. Vulnerable objects ·          Application database. Examples In one of the banking application, password database uses unsalted hashes * to store everyone's passwords. An SQL injection flaw allows the att

Insecure Direct Object References ( IDOR )

●  Description It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. Implication ·          Using this vulnerability, an attacker can gain access to unauthorized internal objects, can modify data or compromise the application. Vulnerable Objects ·          In the URL. Examples: Changing "userid" in the following URL can make an attacker to view other user's information. An attacker can view others information by changing user id value. Recommendations: 1.       Implement access control checks. 2.       Avoid exposing object references in URLs. 3.       Verify authorization to all reference objects. Cross Site Request Forgery Description Cross Site Request Forgery is a forged request came from the cross site. CSRF attack is an attack that occu

How to Hack a Website: Online Example

•  More people have access to the internet than ever before. This has prompted many organizations to develop web-based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers. In this article, we will introduce you to  web applications hacking techniques and the counter measures you can put in place to protect against such attacks . What is a web application? What are Web Threats? A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C#, and VB.Net, PHP, ColdFusion Markup Language, etc. the database engines used in web applications include MySQL, MS   Server, PostgreSQL, SQLite, etc. Most web applications are ho

How to Hack a Web Server

  Customers usually turn to the internet to get information and buy products and services. Towards that end, most organizations have websites. Most websites store valuable information such as credit card numbers, email address and passwords, etc . This has made them targets to attackers. Defaced websites can also be used to communicate religious or political ideologies etc. In this article, we will introduce you toweb servers hacking techniques and how you can protect servers from such attacks. Web server vulnerabilities A web server is a program that stores files (usually web pages) and makes them accessible via the network or the internet . A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized entry to the server. Let’s look at some of the common vulnerabilities that attackers take advantage of. Default settings – These settings such as default user id and passwords can be easily guessed by the attackers. Default se

DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS

Image
●  What is DoS Attack? DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow. DoS is the acronym for  D enial  o f  S ervice. This type of attack is usually implemented by hitting the target resource such as a web server with too many requests at the same time. This results in the server failing to respond to all the requests. The effect of this can either be crashing the servers or slowing them down. Cutting off some business from the internet can lead to significant loss of business or money. The internet and computer networks power a lot of businesses. Some organizations such as payment gateways, e-commerce sites entirely depend on the internet to do business. In this tutorial, we will introduce you to what denial of service attack is, how it is performed and how you can protect against such attacks. Types of Dos Attacks There are two types of Dos attacks namely; DoS – this type of attack is