Ethical Hacking
Attackers have constantly sought to “up” their game with new tactics and strategies to include new types of malware such as worms, spam, spyware, adware, and even rootkits. Although they already knew how to harass and irritate the public, in recent years they have caused ever bolder disruptions of today’s world by preying on our … Read more
In the early 2000s, more malicious activity started to appear in the form of more advanced attacks. In fact, in the first few years of the new millennium the aggressiveness of attacks increased, with many attacks criminally motivated. Malicious attacks that have occurred include the following, among many more: ■ Denial-of-service attacks ■ Manipulation of … Read more
As the story goes, the earliest hackers were a group of people who were passionate and curious about new technology. They were the equivalent of those modern-day individuals who not only want the latest technology, such as a smartphone or iPhone, but also want to learn all the juicy details about what the device does … Read more
In addition to running a tool such as CxSuite to check for mobile app vulnerabilities, there are several other things you’ll want to look for including: Cryptographic database keys that are hard-coded into the app Improper handling of sensitive information such as storing personally-identifiable information (a.k.a. PII) locally where the user and other apps can … Read more
Practically all messaging applications are hacking targets on your network. Given the proliferation and business dependence on e-mail, just about anything is fair game. Ditto with VoIP. It’s downright scary what people with ill intent can do with it. With messaging systems, one underlying weaknesses is that many of the supporting protocols weren’t designed with … Read more
Ongoing patching is perhaps the best thing you can do to enhance and maintain the security of your Linux systems. Regardless of the Linux distribution you use, using a tool to assist in your patching efforts makes your job a lot easier. Distribution updates The distribution process is different on every distribution of Linux. You … Read more
You can assess critical, and often overlooked, security issues on your Linux systems, such as the following: Misconfigurations or unauthorized entries in the shadow password files, which could provide covert system access Password complexity requirements Users equivalent to root Suspicious automated tasks configured in cron, the script scheduler program Signature checks on system binary files … Read more
Some Linux vulnerabilities involve the bad guy actually being at the system console — something that’s entirely possible given the insider threats that every organization faces. Physical security hacks If an attacker is at the system console, anything goes, including rebooting the system (even if no one is logged in) by pressing Ctrl+Alt+Delete. After the … Read more
RPC and other vulnerable daemons are common targets for buffer-overflow attacks. Buffer overflow attacks are often how the hacker can get in to modify system files, read database files, and more. Attacks In a buffer overflow attack, the attacker either manually sends strings of information to the victim Linux machine or writes a script to … Read more
Linux — and all the flavors of UNIX — are file-based operating systems. Practically everything that’s done on the system involves the manipulation of files. This is why so many attacks against Linux are at the file level. Hacks using the hosts.equiv and .rhosts files If hackers can capture a user ID and password by … Read more