HACKING!!!!! How Hackers Hack!?and How To Stop Them!?


You hear about this all the time: A big bank was hacked. Tumblr was hacked. The infidelity website Ashley Madison was hacked and now everybody knows who was cheating on each other. But there’s a lot more to it, and it’s a lot less flashy than what you see in the movies. Hacking isn’t about typing in a few magic words with one hand on one keyboard and the other hand on another keyboard. Or like, two people using the same key board at once. 



Hacking is difficult, and it usually takes careful planning and a fair amount of time. Stopping malicious hackers can be even more challenging. But some people dedicate a lot of time and energy to doing just that. Hacking is when an unauthorized person gets into a computer system. A hacker breaks in, and then suddenly they have access to information they aren’t supposed to have. You hear people say their Facebook or Twitter was hacked, but that’s not exactly the same thing we’re talking about here. 



When someone’s personal Facebook account is hacked, that’s usually because the hacker found out their password. It can be devastating, but it’s not on the same level as breaking into a company’s whole infrastructure and stealing a billion passwords. Thankfully, these large-scale attacks are much harder to do. But they do still happen — in December,for example, Yahoo announced that they had been hacked back in 2013 and just realized that more than a billion accounts had been compromised with personal data like answers to security questions and passwords. That’s why companies have to be really vigilant to protect against hackers. Once a hacker gets in, they have a few choices: 



They can gather information, they can causesome damage to the computer system, or they can do nothing at all, and just tell the companyabout the security risk. And that’s the difference between the threemajor types of computer hackers: There are black hats, hackers who are basicallythe bad guys: they hack into systems to get information or otherwise cause damage. Which is very illegal, by the way. There are also white hats, hackers who areeither breaking into their own systems or are hired to break into other people’s systems— not to cause damage, but to test out vulnerabilities that can then be fixed. And then there are grey hats, hackers who,as the name would suggest, sort of walk the line between black and white hat hacking. They don’t actively seek to cause damage,but they still do things that are illegal or considered unethical — like, they mightbreak into a system without being hired to do that. They wouldn’t steal any information, andthey’d tell the company afterward, but they might publish the vulnerability online inthe meantime. But whether you’re a black hat, a whitehat, or a grey hat, the techniques used in hacking are largely the same. If you’re a white hat testing a system forvulnerabilities, you have to know how to do all the same things a black hat hacker woulddo. It’s like Defense Against the Dark Artsin Harry Potter — you have to know what the dark side is doing if you’re going tobe able to defend yourself against it. One of the main things white hats do is calleda penetration test, or pen test for short. 



You test a system for vulnerabilities, thenfix any that you find, instead of causing damage like a black hat would. This is a pretty standard procedure, so lookingat the steps is a great way to explore some of the basic principles of hacking. Usually, the first step in a pen test is reconnaissance,or recon, while you gather data about the target to figure out the best way to hackinto their system. For example, if you were a black hat, it wouldhelp to know what kinds of operating systems the target’s computers are running so thatyou could launch an attack that’s tailored to those operating systems. So if you’re a white hat, you’ll wantto know what data you can access so you can figure out what vulnerabilities need to befixed. There are two different types of recon: passiveand active. Passive recon is where a hacker gathers informationwithout actually interacting with any of the target’s computer systems. 



There are lots of different ways to do passiverecon: you can look for information that’s already out there, like files that are publiclyavailable on a website. Or a black hat might even try to steal oldhard drives the target threw away. Passive recon strategies can take a while,but when a black hat uses them, they’re also difficult for companies to detect andfight — because there is nothing fishy to detect. The hacker isn’t touching the company’ssystems, so there’s no warning that an attack is being planned. The best a company can do is try to make surethat they don’t leave any clues lying around by destroying as much unneeded data as possible,even if it seems harmless. It also helps if you don’t just toss oldhard drives into the dumpster out back. Active recon, on the other hand, is when ahacker tries to learn valuable information about a company by interacting directly withthe company’s systems. Hackers can get information more quickly thisway, but it’s also easier to detect. That’s because companies can track thingslike which computers are communicating with their servers — the more central computersthat provide data to other computers.



 If they notice a strange machine on theirnetwork, or suspicious commands being sent, they can take action — like by blockingthe address sending those commands. So as a white hat, part of pen testing usuallyinvolves doing some sort of active recon yourself, to see if the protections you’ve set upcan stop a black hat from learning too much. Usually, you start by looking for open connections,or ports. Each open port serves as a kind of link betweena device and the internet, where data can be exchanged. And that can be dangerous, because a hackercan use an open port to send code that attacks a machine. As a white hat, once you’ve found an openport, the next step might be to see if you can tell what kind of hardware is runningthe port, and what operating system it uses. Because that is exactly what a black hat woulddo. If you find that a black hat could collectenough information to launch an attack, you might have to rethink the ports you have open,or find ways to stop machines from disclosing information about themselves. And for the most part, you’re going to wantto keep as many ports closed as you can. One of the ways to do that is by using a firewall,which is either a program or a whole device that’s designed to block unwanted accessto a computer.


 Among other things, firewalls keep track ofa computer’s ports and make sure that the only ports that are open are ones that needto be open. They’re like a computer’s security guard,making sure that all the right doors are locked. Now, once you’ve done some recon, you maywant to move on to protecting against attacks that take advantage of your specific setup. Basically, you take a list of the hardwareand operating system versions you’re running and see if they have any known hacks. When people find ways to exploit an operatingsystem or a piece of software, the exploit will usually be published online. 



Then, the company that makes the OS or softwarewill try to patch the vulnerability. But patches and updates won’t always beinstalled on your systems right away, so it’s important to see if you’re running older,vulnerable versions. Of course, a black hat could also come upwith new exploits and use those. But that takes much more effort and skill,so protecting against known hacks can make it much less likely that you’ll be hacked. Another part of the penetration test has todo with websites. For every website on the internet, there’sthe part you’re supposed to be able to see. Like on YouTube, you can see different channelpages and video pages. And you can watch me do this with my hands. But there’s also a whole administrativeside to websites, with pages and files that you aren’t supposed to see. Those pages might store information the developerneeds to run the site, or files that the public isn’t supposed to be able to access — like,databases of user names and addresses. Ideally, you want those pages and files securedso that some random dude named Steve can’t access all of them just by just typing a certainURL. And the way to figure out if someone couldget access to them is to do what a black hat would do: try different URLs and see if youend up finding pages or files that shouldn’t be publicly accessible.



 To do this, you can use crawlers — programsthat automatically map out the site by visiting different links and directories. You can also use programs that try the typicalURLs where this kind of information might be stored. So pages like, yourwebsite.com/info, or /files,or whatever. If the crawler lands on an error page, thatcan be important too. Companies need to make sure that the errorsthat come up don’t contain information that a hacker can use against them. If an error says that a certain page is private,for example, that tells a black hat that this page would be a great target if they do getinto your system. So you’ll want to be careful about how muchinfo shows up on your error pages. Another part of the website test involvespages that use forms, like where you type in your shipping address, or fill out hundredsof questions for your OkCupid profile. If these forms aren’t set up properly, blackhats can use them as a way to send malicious code into a system. Often, they can use this kind of code to collectinformation from any databases a company might be using, like to nab all the credit cardnumbers anyone’s ever submitted.



     So it’s important to make sure that a websitechecks its form inputs for anything that looks suspicious, and to test those protectionsby trying to break through them yourself. There are often more steps to a penetrationtest, but those are the basics. Once the test is done, it’s time to go throughthe results and fix any vulnerabilities. Even then, a company’s systems might notbe totally safe from all hacking attempts. Black hats are always thinking up more creativeways to break into systems, and when they have a specific target, like a governmentor other high-profile organization, white hats have to be constantly on the lookoutfor attacks. But as long as they keep track of possiblesecurity threats and stay one step ahead of the black hats, which apparently Yahoo iscompletely incapable of doing, they can put up a pretty strong defense. 

Thank you for visit this site. And if you just want to keep getting smarter with us you can subscribe!


comment your thoughts about hacking.. and what topic you want next?? comment your ideas 

Comments

Popular posts from this blog

Security Key!!! What Is Security Key? (Yubico - YubiKey 5 NFC - USB-A - Two Factor Authentication Security Key)

Go Pro Hero!!!! 18 Things About Go Pro Hero 8 In Comparison to Go Pro Max. Good And Bad About In Go Pro Hero 18

HACKER attack!!!! How FBI track the hacker?????how?