Hacking

Saturday, September 13, 2008

Hacking technology

Hack has several meanings in the technology and computer science fields. It may refer to a clever or quick fix to a computer program problem, or to a clumsy or inelegant solution to a problem. The term is also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as DIY circuit bending. The general media also uses this term to describe the act of illegally breaking into a computer, better described as cracking.

Origin of term

All of the modern meanings seem to be rooted in its widespread use as slang throughout the Massachusetts Institute of Technology (MIT), starting in the 1960s. There, the original meaning of "hack" was a quick, elaborate and/or bodged solution students devised for technical obstacle; it was used with hacker, meaning one who discovers and implements a hack. The word itself comes from the German word meaning "someone who makes furniture with an axe",[1] implying a lack of finesse in a "hack"; it is believed by many in the hacking community that the reason for this is because programs too large to run on the limited computer resources of the time had portions "chopped" or "hacked" out in order to be reduced to a more reasonable size.

MIT hacks

Over time, the meaning of the word there was expanded, perhaps through contact with the amateur radio community. It came to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. In the term "hack value" it also acquired a meaning of anything that was simultaneously fun and clever.

The initial hacker community at MIT, particularly those associated with the Tech Model Railroad Club, applied this pre-existing local slang to computer programming, producing the variant which first came into common use outside MIT.

History

In the 2000s, a "hack" refers to a clever, quick fix to a computer program problem, and a hacker is a person who does this. The term was first used by US university computing center staff in the mid-1960s. The context determined whether the complimentary or derogatory meanings were implied. Phrases such as "ugly hack" or "quick hack" generally referred to the latter meaning; phrases such as "cool hack" or "neat hack", to the former. In modern computer programming, a "hack" can refer to a solution or method which functions correctly but which is "ugly" in its concept, which works outside the accepted structures and norms of the environment, or which is not easily extendable or maintainable (see kludge). The jargon used by hackers is called Hackish (see the Jargon file). This should not be confused with "1337" or "leetspeak."

In a similar vein, a "hack" may refer to works outside of computer programming. For example, a math hack means a clever solution to a mathematical problem. The GNU General Public License has been described as[who?] a copyright hack because it cleverly uses the copyright laws for a purpose the lawmakers did not foresee. All of these uses now also seem to be spreading beyond MIT as well.

The term has since acquired an additional and now more common meaning, since approximately the 1980s; this more modern definition was initially associated with crackers. This growing use of the term "hack" is to refer to a program that (sometimes illegally) modifies another program, often a computer game, giving the user access to features otherwise inaccessible to them. As an example of this use, for Palm OS users (until the 4th iteration of this operating system), a "hack" refers to an extension of the operating system which provides additional functionality. The general media also uses this term to describe the act of illegally breaking into a computer, but this meaning is disputed.

The term is additionally used by electronics hobbyists to refer to simple modifications to electronic hardware such as a graphing calculators, video game consoles, electronic musical keyboards or other device (see CueCat for a notorious example) to expose or add functionality to a device that was unintended for use by end users by the company who created it. A number of techno musicians have modified 1980s-era Casio SK-1 sampling keyboards to create unusual sounds by doing circuit bending: connecting wires to different leads of the integrated circuit chips. The results of these DIY experiments range from opening up previously inaccessible features that were part of the chip design to producing the strange, disharmonic digital tones that became part of the techno music style.

Companies take different attitudes towards such practices, ranging from open acceptance (such as Texas Instruments for its graphing calculators and Lego for its Lego Mindstorms robotics gear) to outright hostility (such as Microsoft's attempts to lock out Xbox hackers or the DRM routines on Blu-ray Disc players designed to sabotage compromised players).

Cell phones - Hackers Next Target!

It was bound to happen - they have hacked just about everything else. Now it's the cell phones. Cellphone hacking has just recently surfaced and been made public ever since some one did some cellular phone hacking on Paris Hilton's cell phone.
This article will give you some information about what is going on out there and what you can do to better protect your cell phone information.
What Does It Involve
The fact of someone hacking cell phone became public knowledge when Paris Hilton's cell phone, along with her information was recently hacked. Unfortunately for her, all her celebrity friends and their phone numbers were also placed on the Internet - resulting in a barrage of calls to each of them.

Cell phone hackers have apparently found a glitch in the way the chips are manufactured. The good news, though, is that it only applies to the first generation models of cell phones that use the Global System for Mobile communications (GSM). Another requirement is that the hacker must have physical access to the cell phone for at least three minutes - which is a real good reason not to let it out of your sight. Currently, although the problem has been remedied (at least for now) in the second and third generation phones, it seems that about 70% of existing cell phones fall within the first generation category.

Another way that mobile phone hacking can take place is for a hacker to walk around an area with people that have cell phones and a laptop that has cellphone hacker programs on it. Through an antenna, and a little patience, his computer can literally pick up your cell phone data - if it is turned on. This is more applicable to cell phones that use Bluetooth technology.
What Can A Hacker Do?
Surprisingly, there are quite a number of things that can be accomplished by the hacker. Depending on their intent here are a few of them.

*
Steal Your Number
Your phone number can be accessed and obtained by cellphone hacking. This allows them to make calls and have it charged to your account.
*
Take Your Information
Mobile hacking allows a hacker to contact your cell phone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to only get your information. Some will even change all your phone numbers! Be sure to keep a backup of your information somewhere. This particular technique is called Bluesnarfing.

Hacking tool

A hacking tool is a program designed to assist with hacking, or a legitimate utility that can also be used for hacking.

Examples

Examples include Nmap, Nessus, John the Ripper, SuperScan, p0f, and Winzapper.[1] Chocolate has also been designated as among the most potent hacking tools, due to its potential exploitation in social engineering attacks.[2] Occasionally, common software such as ActiveX is exploited as a hacking tool as well.[3]

Hacking tools such as Cain and Abel, however, are well known as Script Kiddie Tools. Script kiddies are people who follow instructions from a manual, without realising how it happens. These Script Kiddies have been an enormous threat to computer security as there are many hacking tools and keyloggers up for download and are free.

Worms

Another example of a hacking tool is a computer worm. These malicious programs detect vulnerabilities in operating systems. Not all worms, however, are malicious. The Nachi Worms have actually fixed operating system vulnerabilities by downloading and installing security patches from the Microsoft website.

Port Scanners

Port scanners detect vulnerabilities in firewalls, and are able to find a great deal about the computer system, such as the operating system, ISP, wireless routers and how long the system has been online. However, port scanners are the best security auditing tools.

Wireless hacking

In security breaches, wireless hacking is the unauthorized use or penetration of a wireless network. A wireless network can be penetrated in a number of ways. There are methods ranging from those that demand a high level of technological skill and commitment to methods that are less sophisticated and require minimal technologically skill. Once within a network a skilled hacker can modify software, network settings, other security items and much more. To counter the security threat of an intrusion into a wireless network, there are many precautions available.

Wireless Intrusion

The various methods used by hackers that enable them to exploit wireless connections typically begin with eavesdropping on a network, “sniffing”. A packet sniffer is a program that monitors that information contained on a network. The information that sniffer programs make available include emails, user names and passwords, among other sensitive information. There are different means of sniffing out wireless networks including passively scanning and collecting Media Access Control (MAC) addresses.

A hacker can passively scan each radio channel that wireless networks are broadcast on to check for activity. By passively scanning the presence of that scanner is not revealed since they are not actually transmitting any traceable material to the network at this point.

Detecting a wireless “sniffer” is extremely difficult. It is only after the hacker starts to probe and insert packets into the network that the location of the attacker or the device can be isolated. For some hackers the main goal of an intrusion is to obtain the WEP key. There are several methods that are used to achieve this. The main obstacle to intruders gaining the WEP key is a lack of computing power. The average home computer could take anywhere from hours to days to gain access through weak system frames.

The information that a hacker can collect from sniffing alone is limited, in order to gain all the information that they want hackers must then engage in actively probing a network. In actively probing a network a hacker increases the probability of detection. This risk comes as a result of the packets that are sent to the target in an effort to get back the desired information in return.

Wardriving is another increasingly common method of gaining access to unprotected networks. The main equipment for wardriving includes a WiFi enabled laptop or PDA, a GPS device.

Security Measures

In an effort to protect a wireless network there are several security measures that can be employed.

* Encryption of all wireless traffic is the most secure way of reducing both hacking attempts, and successful breaches. There are several wireless encryption types available, including WEP, WPA and WPAv2. WEP is considered insecure, as given enough processing power, it can be broken. That said, WEP will still stop any passive scans, as well as casual hackers.
* Altering the network from the manufacturer’s defaults can also discourage hackers. The information about network defaults is easily accessible and will render any security enhancements useless. Settings such as default SSID, default admin password, and disabled encryption are the main items that need addressing.
* Data, especially passwords, should be encrypted when travelling over the network. A cracked system without encrypted passwords and other information is totally accessible to hackers.
* As with most technology updating security protocols and other information is crucial to maintaining the security of the system.

It is a common misconception that disabling broadcasting of the SSID and enabling MAC filtering is a sufficient security configuration. This is not the case. Disabling the SSID broadcast merely prevents casual nearby wireless users from detecting the presence of your network - war drivers and those who are already aware of your wireless network will not be disadvantaged at all by a disabled SSID. Similarly, MAC address filtering will only prevent accidental connection from casual users - MAC addresses can be spoofed to appear to be that of an authorised workstation or laptop.

Hacker!

A hacker is a person who creates and modifies computer software and computer hardware, including computer programming, administration, and security-related items. The term usually bears strong connotations, but may be either favorable or denigrating depending on cultural context (see the Hacker definition controversy). Common definitions include:

1. In computer programming, a hacker is a programmer who hacks or reaches a goal by employing a series of modifications to exploit or extend existing code or resources. For some, "hacker" has a negative connotation and refers to a person who "hacks" or uses kludges to accomplish programming tasks that are ugly, inelegant, and inefficient. This negative form of the noun "hack" is even used among users of the positive sense of "hacker".

2. In computer security, a hacker is a person who specializes in work with the security mechanisms for computer and network systems. While including those who endeavor to strengthen such mechanisms, it more often is used, especially in the mass media, to refer to those who seek access despite them.

3. In other technical fields, hacker is extended to mean a person who makes things work beyond perceived limits through their own technical skill, such as a hardware hacker, or reality hacker.

4. In hacker culture, a hacker is a person who has attained a certain social status and is recognized among members of the culture for commitment to the culture's values and a certain amount of technical knowledge.

Categories of hacker:

The hacker community, the set of people who would describe themselves as hackers or described by others as hackers, falls into at least four partially overlapping categories. Sometimes alternate terms such as "cracker" are used in an attempt to more exactly distinguish which category of hacker is intended, or when attempting to put a contextual distance between the categories due to the Hacker definition controversy.

Hacker: Highly skilled programmer

The positive usage of hacker is one who knows a (sometimes specified) set of programming interfaces well enough to program rapidly and expertly. This type of hacker is well-respected (although the term still carries some of the meaning of hack), and is capable of developing programs without adequate planning or where pre-planning is difficult or impossible to achieve. This zugzwang gives freedom and the ability to be creative against methodical careful progress. At their best, hackers can be very productive. The technical downside of hacker productivity is often in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the "details". This attitude can cause friction in environments where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job.

Additionally, there is sometimes a social downside associated with hacking. The stereotype of a hacker as having gained technical ability at a cost in social ability has historical basis in an uncomfortable amount of factual foundation in many individuals. While not universal, nor even restricted to hackers, the difficulty in relating to others and the often abrasive personalities of some hackers makes some of them difficult to work with or to organize into teams. On the other hand, it is not uncommon for hackers to thrive on social interaction.

Hacker: Computer and network security expert

In the networking sense, a hacker is one who specializes in work with the access control mechanisms for computer and network systems. This includes individuals who work toward maintaining and improving the integrity of such mechanisms. However, the most common usage of hacker in this respect refers to someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators. This use of hacker as intruder (frequent in the media) generally has a strong negative connotation, and is disparaged and discouraged within the computer community, resulting in the modern Hacker definition controversy.

For such hackers specializing in intrusion, the highly derogatory term script kiddies is often used to indicate those who either claim to have far more skill than they actually have, or who exclusively use programs developed by others to achieve a successful security exploit.

Hacker: Hardware modifier

Another type of hacker is one who creates novel hardware modifications. At the most basic end of this spectrum are those who make frequent changes to the hardware in their computers using standard components, or make semi-cosmetic themed modifications to the appearance of the machine. This type of Hacker modifes his/her computer for performance needs and/or aesthetics. These changes often include adding memory, storage or LEDs and cold cathode tubes for light effects. These people often show off their talents in contests, and many enjoy LAN parties. At the more advanced end of the hardware hackers are those who modify hardware (not limited to computers) to expand capabilities; this group blurs into the culture of hobbyist inventors and professional electronics engineering. An example of such modification includes the addition of TCP/IP Internet capabilities to a number of vending machines and coffee makers during the late 1980s and early 1990s.

Hackers who have the ability to write circuit-level code, device drivers, firmware, low-level networking, (and even more impressively, using these techniques to make devices do things outside of their spec sheets), are typically in very high regard among hacker communities. This is primarily due to the enormous difficulty, complexity and specialized domain knowledge required for this type of work, as well as the electrical engineering expertise that plays a large role. Such hackers are rare, and almost always considered to be wizards or gurus of a very high degree.

Hacker stereotypes

There are theoretical types of hackers who are considered to possess an atypical level of skill beyond that of other meanings of the positive form of "hacker", which include the Guru and the Wizard.

In some portions of the computer community, a Wizard is one who can do anything a hacker can, but elegantly; while a Guru not only can do so elegantly, but instruct those who do not know how. In other sub-communities, a Guru is one with a very broad degree of expertise, while a Wizard is expert in a very narrow field. In practice, such exact distinction are usually more at home in a RPG world, and not often heard in actual conversation.

Within the mainstream media, hackers are often characterised as strange, mysterious, reclusive, and especially tricky. This may be seen as an extension of the human tendency to stigmatise what is ill-understood, which used often to be applied to natural philosophers who were often thought by superstitious neighbours to be wizards or mystics. One such example was Leonardo da Vinci, who was thought to be a necromancer due to his extensive (and extraordinary at that time) knowledge of human anatomy and his study of dead bodies.

Company Data Secure Blackberry Hacks

There's a new route into your company's secure data. It's the Blackberry PDA. A hacking program has been developed which exploits the relationship between the Blackberry itself, a company's internal server and the network connection to which both are attached. The hacking program works because the data tunnel between the Blackberry and the server is encrypted. Intrusions can't be detected because the protective systems, such as firewalls, exist at the perimeter of the network. This begs the question of all business owners whose employees use a Blackberry: Is your company data secure?

The hacking technique is successful because there are very few companies equipped to detect and intrusion from the inside of the network. Another reason for hacking success is the fact that companies don't see the Blackberry as a potential attack vector. The Blackberry is not your normal handheld device. It's a continuously running code machine that's always on and always connected to your internal network. It has constant direct access to whatever you give it access to and most company structures allow complete access to the internal network for their employees who use Blackberries.

BBProxy is the name of the Blackberry hacking program. It can be loaded on the Blackberry either physically or via e-mail as a Trojan horse. Once loaded, the Blackberry will call back to the hacker's system and open communication channels between the hacker and the internal network of the company. This process runs in the background behind the safety of the company's firewall scanning for hosts with vulnerabilities in security and is generally undetected.

Recently, an ad on eBay sold a Blackberry "AS IS" for approximately $15.00. While the device didn't come with a cable, synching station, software or manual, it did come with something far more valuable. This Blackberry came with a stockpile of corporate data all there for anyone to read as soon as the device was turned on. Many employees are insufficiently trained concerning security issues for the electronic devices they use on a daily basis.

Company data is stored as attachements on a server, rather than the Blackberry itself, so if a device is ever lost or misplaced someone could easily read sensitive documents. The Blackberry lacks encryption capabilities and relies instead on users locking the device with a password. Unfortunately, anyone with hacking abilities could discover the password and let themselves into the network.

The beauty of the Blackberry is that it's a do it yourself type of device. It basically allows you to take your office with you wherever you go and not be caught unprepared or without the correct documents of a given meeting. However, for individuals and companies who handle and funnel much of their business dealings through these wonderfully useful devices,both internal and external server security must be taken into account.

CSS Hacks and Tips For Multiple Browsers & Detection

More and more web developers are ditching tables and coming round to the idea of usingCSS to control the layout of their site. With the many benefits of usingCSS, such as quicker download time, improved accessibility and easier site management, why not?

The problem with CSS

Historically the main problem with using CSS has been lack of browser support. This is no longer the case as version 5 browsers, which all have good support for CSS, now account for over 99% of browsers in use.

Instead, the problem is that browsers can sometimes interpret CSS commands in different ways, causing developers to throw their arms up in the air and switch back to pixel-perfect table layouts. Fear not though, as you learn more about CSS you'll gradually start to understand the different browser interpretations and realise that there aren't really that many.

How browser detection using CSS hacks works

The way browser detection using CSS hacks works is to send one CSS rule to the browser(s) you're trying to trick, and then send a second CSS rule to the other browsers, overriding this first command. If you have two CSS rules with identical selectors then the second CSS rule will always take precedence.

Say for example you wanted the space between your header area and the content to have a gap of 25px in Internet Explorer, or IE as it's affectionately known. This gap looks good in IE but in Firefox, Opera and Safari the gap is huge and a 10px gap looks far better. To achieve this perfect look in all these browsers you would need the following two CSS rules:

#header {margin-bottom: 25px;}

#header {margin-bottom: 10px;}

The first command is intended for IE, the second for all other browsers. How does this work? Well, it won't at the moment because all browsers can understand bothCSS rules so will use the second CSS rule because it comes after the first one.

By inserting a CSS hack we can perform our browser detection by hiding the second CSS rule from IE. This means that IE won't even know it exists and will therefore use the first CSS rule. How do we do this? Read on and find out!

Browser detection for Internet Explorer

To send different CSS rules to IE, we can use the child selector command which IE can't understand. The child selector command involves two elements, one of which is the child of the other. So, html>body refers to the child, body, contained within the parent, html.

Using the example of the header margin, our CSS command would be:

#header {margin-bottom: 3em;}

html>body #header {margin-bottom: 1em;}

IE can't understand the second CSS rule due to the html>bodyCSS command so will ignore it and use the first rule. All other browsers will use the second rule.

Browser detection for Internet Explorer 5

It may seem strange at first to send different CSS rules to different versions of a browser, but in the case of IE5 it's very necessary. This is due to IE5's misinterpretation of the box model. When specifying the width of an element in CSS, padding and borders aren't included in this value. IE5 however, incoporates these values into the width value causing element widths to become smaller in this browser.

The following CSS rule would result in a width of 10em for all browsers, except IE5 which would give it a width of just 5em ( IE5 would incorporate two sets of padding and border, on both the left and right, when calculating the width):

#header {padding: 2em; border: 0.5em; width: 10em;}

The solution to this problem? Perform browser detection and send a different CSS rule to IE5:

#header {padding: 2em; border: 0.5em; width: 15em; width/**/:/**/ 10em;}

IE5 will use the first width value of 15em, 5em of which will be taken up by the two sets of padding and border (one each for the left and for the right). This would ultimately give the element a width of 10em in IE5.

The 15em value will then be overridden by the second width value of 10em by all browsers except IE5, which for some reason can't understand CSS commands with empty comment tags either side of the colons. It doesn't look pretty but it does work!

Browser detection for Internet Explorer on the Mac

Quite simply, IE on the Mac does strange things with CSS. The browser's become somewhat obsolete as Microsoft aren't going to be bringing out an updated version. As such, many web developers code their CSS-driven sites so that the site works in IE/Mac, although it may not offer the same level of advanced functionality or design. Provided IE/Mac users can access all areas of the site this is seen as a suitable way of doing things.

To hide a command using the IE/Mac CSS hack7 is simple, and involves wrapping a set of dashes and stars around as many CSS rules as you like:

/* Hide from IE-Mac \*/

#header {margin-bottom: 3em;}

#footer {margin-top: 1.5em;}

/* End hide */

IE/Mac will simply ignore all these commands. This CSS hack can actually be quite useful if there's a certain area of the site not working properly in IE/Mac. If that section isn't fundamental to being able to use the site, you can simply hide it from IE/Mac like so:

#noiemac {display: none}

/* Hide from IE-Mac \*/

#noiemac {display: block;}

/* End hide */

The first CSS rule hides the entire section assigned the noiemac id (i.e.

Browser detection for IE 4 and Netscape 4

Version 4 browsers have limited and somewhat erratic support for CSS. Making a CSS layout in these browsers, whose market share has now slipped well below 1%, can be extremely challenging. It's become common practice nowadays to completely hide the CSS file from version 4 and earlier browsers. This can be achieved using the @import directive to call up the CSS document:

Version 4 (and earlier) browsers will display a non-styled version of the site as they can't understand this @import directive.

Conclusion

On the whole, modern browsers have very good support for CSS - certainly good enough for you to be using CSS to control layout and presentation. Sometimes however, certain page elements will appear differently in different browsers. Don't worry too much if you don't know the reason why - if you can fix it up with these CSS hacks then your web pages should look great across all browsers!