Yahoo ids- search Machine 6.1
Link Download
Orkut Tool Pack 2.0
Computer-Security
Closing Open Holes By Sharp Soft __sharp__@hackermail.com.in Netstat,
Firewalls, open Ports, scanning,port
Closing Open Holes By Sharp Soft __sharp__@hackermail.com
_______________________________________________________________
With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked.
This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system
connected to a LAN) system.
Open Ports: A Threat to Security?
In the Netstat Tutorial we had discussed how the netstat -a command showed the list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap the important part. So here goes, straight from the netstat tutorial:
Now, the ??a? option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.
For Example,
C:\windows>netstat –a
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:104 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.in:pop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*
Now, let us take a single line from the above output and see what it stands for:
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
Now, the above can be arranged as below:
Protocol: TCP (This can be Transmission Control Protocol or TCP, User
Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)
Local System Name Sharp (This is the name of the local system that you set during the Windows setup.)
Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)
Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)
?Netstat? with the ??a? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.
The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.
Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice
For complete list, refer to the Tutorial on Trojans at:
hackingtruths.box.sk/trojans.txt
Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:
Now, the thing to understand here is that, Port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21.
Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!
The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.
If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.
The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:
1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.
***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80.
However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:
http://domain.com:8080 instead of http://domain.com:80
The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.
The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110.
However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc
Some sysadmins also like to choose Port numbers in the following manner:
1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************
Firewalls
Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?
Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.
Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)
NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.
Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.
Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?
You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.
Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.
What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.
The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.
Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.
You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.
*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************
So how do I protect myself from such Scans and unsolicited attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicited connection probes, scans, attacks.
They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.
Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:
1.BlackICE Defender : An IDS for PC's. It's available at http://www.networkice.com.
2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com
Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.
Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them? Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.
You might even get a message like: Such and Such IP is trying to initiate a Netbios Session on Port X. This again is extremely common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:
DNS in-addr.arpa PTR queries sent to the DNS server NetBIOS NodeStatus queries sent to the IP address lookups in the /etc/hosts file AppleTalk over IP name query sent to the IP address RPC query sent to the UNIX NIS server NetBIOS lookup sent to the WINS server Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.
(Side note: User's sometimes complained that accessing Windows servers is slow.
This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).
The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ ServiceProvider.
Breaking Through Firewalls
Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88 (Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88 (Notice the -g67 which specifies source port).
Well, that is all for this manual, which is by no means finished. I would be updating it at regular intervals, so kindly hang on. Bye...
Sharp Soft
sharp.soft@hotmail.com
http://hackingtruths.box.sk
To receive tutorials written by Ankit Fadia on everything you ever dreamt of in
your Inbox, join his mailing list by sending a blank email to:
programmingforhackers-subscribe@egroups.com
Wanna ask a question? Got a comment to make? Criticize, Comment and more?..by sending me an Instant Message on MSN Messenger. The ID that I use is: sharp.soft@hotmail.com
Wanna learn Hacking? Wanna attend monthly lectures and discussions on various Networking/Hacking topics? Lectures, Debates and Discussions, get it all by simply joining The Hacking Truths club by clicking Here Take the HTCH examination to give recognition to your Hacking Skills. Click Here
__________
Source: www.sharp-soft.net
Sharp Hackers Book
(Tutorials)
Sharp Soft
Www.Sharp-Hack.Com
Sharp.Hack @ Yahoo.Com
Get more Tutorials like this at www.Hackers-Black-Book.com
Use these tutorials just to open your mind and broaden your horizons ?
Do not use these tutorials to hurt nobody ?
Be careful with them. Thank you ?
All of these tutorials are untouched originals from back in the days
Classic Tutorials
Novice_Guide_2_Hackin by The_Mentor
Tutorials
Ultimate-Beginners
Guide-to-Hacking
Beginners-Guide-to
Hacking-and-Phreaking
Hacking Tutorials
Bypass - Black Ice Defender and ZoneAlarm
Complete guide for newbies to spoof one's identity on IRC
Beginners "Step By Step" SecurityGuide v0.1.32
Hacking CGI - security and exploitation
How To Easily Restart Windows XP
Windows 9x/ME Security And System Restrictions
Unrevealed Windows Tips and Secrets
Web Hacking
Your objective today is to crack this application. However, please try to avoid causing real damage to the site, as many people need to use it
There are several users set up for this application with user names from aa to zz (with passwords the same as user names). There is a further user whose identity you may discover in the course of your investigations. You should use a user name that relates to your workstation ID, so if your workstation is CS206a, your user name will be aa
Try the application. See what it is supposed to do. Are there any exploits which immediately spring to mind? See what happens if you enter
instead of an email address into the optional email input box
In itself the result of doing this is mildly irritating but not especially harmful. What might a malicious user be able to do to make it more dangerous? e.g. hints
You may spot one or two other flaws- a good trick is to try to enter unlikely data into form fields. My personal favourite characters are the following
? ' > < % \ | #
Note that in this application only a couple of these will cause surprising effects
Most of the application's flaws will only become obvious with a bit more probing
Now save the form to a local directory (save it with a .html extension, then it will be easier to use
Look at the source code. Try to work out how to give yourself a very good mark in the test
Your first task will probably be to modify the action of the form to point to the absolute URL of the receiving pageTry to work out how the application allocates marks. If you think that the method used seems silly, I have seen real applications which allocated real test scores for real students which do this
Are there any hidden fields that you might modify
It would be a bit easier to hack if you could see the information sent from the form to the receiving page. Modify the form to use GET instead of POST. This will then allow you to play with the data sent to the page directly, rather than via the form.
It would be a lot easier to hack if you had access to the database file. It may be possible to find out what this is called if you send some data that will cause an error. Try to work out how to do this. If you find the name of the database, download it
Phishing
What is Phishing?
Phishing, also known as "brand spoofing" or "carding", is a form of fraudulent attack using email messages and replica websites to trick users into submitting personal information. Hijackers pose as well-known financial institutions, online retailers or other trusted companies in an attempt to acquire credit card numbers, social security numbers, and other sensitive account information
According to the Anti-Phishing Working Group, up to 5% of users respond to phishing attempts.
What can businesses do to protect their users from a phishing attack? SurfControl solutions can detect the phishing emails and block the bogus websites:
Web Filter
SurfControl Web Filter®
Raising the level of protection from web-based threats
SurfControl Web Filter enables companies to cost-effectively monitor network use and abuse anywhere in the organization, no matter how or where users connect to the Internet, across the full spectrum of Web-based content: IM, P2P, streaming media, file downloads, and Web-based e-mail. Best-of-breed protection against Web-based threats including viruses, spyware, malicious URLs, and blended threats is combined with a high level of visibility and control to reduce risk, enable business compliance, and ensure business continuity.
Unrivalled protection - wherever you are
SurfControl Threat Expertise
Web Security
SurfControl Mobile Filter
Define, enforce and manage
Flexible Policy Management
Flexible Content
Visibility through Reporting
A partnership you can trust
Enterprise Protection Suite
Options for Every Environment
Return on Investment
---------------------------------------------------------------------------------
E-mail Filter
Powerful Protection Against Inbound and Outbound E-mail Threats
As the most comprehensive e-mail content filtering solution available, SurfControl E-mail Filter provides 360° protection against spam, viruses, worms, phishing, blended threats, and other Internet threats. Easy to install, use and administer, the solution draws on the industry's best e-mail filtering technologies to deliver comprehensive Internet protection, including:
SurfControl E-mail Filter is powered by SurfControl's Adaptive Threat Intelligence Service-drawing on real-time threat detection technologies and the industry's most accurate dynamic threat databases to provide continuous protection.
SurfControl E-mail Filter is available to fit any network environment:
Install the SurfControl E-mail Filter solution that's right for your organization, and put the industry's best e-mail protection technology to work for your organization.
Computer Hacking
Written by David M, Sharp Soft, University Laboratory High School, Urbana, IL
--------------------------------------------------------------------------------
Introduction
Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities (e.g. software piracy), computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking, and a prestige that accompanies being part of a relatively "elite" group of individuals who possess technological savvy and are willing to take the risks required to become a true "hacker". An interesting alternative view of how hackers positively impact areas such as software development and hacker ideology is presented in Technology and Pleasure: Considering Hacking Constructive
Even attempting to define the term "hacker" is difficult. Perhaps the premiere WWW resource in introducing individuals to hacking is the The New Hacker's Dictionary (http://www.logophilia.com/jargon/jargon_toc.html), a resource which encompasses everything from hacker slang, jargon, hacker folklore, writing style and speech to general appearance, dress, education and personality characteristics. According to The New Hacker's Dictionary, a hacker can be defined as
A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming
A person capable of appreciating hack value
A person who is good at programming quickly
An expert at a particular program, or one who frequently does work using it or on it
An expert or enthusiast of any kind. One might be an astronomy hacker, for example
One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. The correct term for this sense is cracker. Even within hacker society, the definitions range from societal very positive (dare I say characteristic of gifted and talented individuals) to criminal. In his book, "Fighting Computer Crime: A New Framework for Protecting Information" (1998), Donn B. Parker lists two basic principles hacker live by
The belief that information sharing is a powerful good and that it is the ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources whenever possible
The belief that system cracking for fun and exploitation is ethically OK as long as the cracker commits no theft, vandalism or breach of confidentiality. Parker differentiates between benign and malicious hackers based on whether damage is performed, though in reality all hacking involves intrusion and a disregard for the efforts, works and property of others
--------------------------------------------------------------------------------
Issues
A number of issues arise in considering hacking from the educator perspective. First, we need to consider the fact that the public perception of hackers is mixed, and that "hacking" and "being considered a hacker" can be quite appealing to students who are going through developmental periods in which they are defining themselves, as well as challenging authority and rules. There is often a Robin Hood mentality to early actions, though it is unclear exactly who "the poor" are, and how they are "being compensated". Second, the anonymity of actions which hackers perform against others often enhances the severity of actions. For example, an adolescent who would never consider picking someone's pocket or physically damaging someone else's property or home, might be quite willing to steal people's credit card numbers or destroy poorly protected business or government files, since files and credit card numbers are not tangible entities, and the damage is done anonymously
The media often presents these individuals in a glamorous light. Adolescents may fantasize about their degree of technological skills and, lacking the social skills required to be accepted well by others, move online in search of those who profess to have technological skills the students desire. A simple search using the term "hacker" with any search engine results in hundreds of links to illegal serial numbers, ways to download and pirate commercial software, etc
Showing this information off to others may result in the students being considered a "hacker" by their less technologically savvy friends, further reinforcing antisocial behavior. In some cases, individuals move on to programming and destruction of other individuals programs through the writing of computer viruses and Trojan horses, programs which include computer instructions to execute a hacker's attack. If individuals can successfully enter computers via a network, they may be able to impersonate an individual with high level security clearance access to files, modifying or deleting them or introducing computer viruses or Trojan horses. As hackers become more sophisticated, they may begin using snuffers to steal large amounts of confidential information, become involved in burglary of technical manuals, larceny or espionage
--------------------------------------------------------------------------------
Ways to Minimize Potential for Hacking
There are a number of ways for schools to minimize potential for hacking
Schools need to clearly establish acceptable use policies and delineate appropriate and inappropriate actions to both students and staff. Students and staff need to instructed regarding hacking, the mentality associated with it, the consequences of various hacking actions and possible consequences of interacting and forming online relationships with anonymous individuals who claim to be proficient in invading others' privacy. The use of filters may be considered in reducing access to unauthorized software serial numbers and hacking-related materials, newsgroups, chartrooms and hacking organizations
Teachers need to be aware of student activities in the computer labs and pay special attention to things they hear in terms of hacking behavior. Many schools have taken initiative in having teachers work with technology-oriented students who exhibit many of the characteristics which may eventually lead to hacking-type behaviors. Recent web-based activities and competitions, including Think Quest, Web to the Edge and ExploraVision, are outstanding opportunities for these and other technologically oriented students to utilize their interests, energies and abilities in a positive way
----------------------------------------------------------------
Annotated Web Sites
The New Hacker's Dictionary http://www.logophilia.com/jargon/jargon_toc.html
A resource which introduces the reader to everything from hacker slang, jargon, hacker folklore, writing style and speech style to general appearance, dress, education and personality characteristics. If you are going to examine a single resource regarding hacking, this should be it
Technology and Pleasure: Considering Hacking Constructive http://firstmonday.org/issues/issue4_2/gisle
Fascinating VERY ALTERNATIVE discussion of history of the hacker community and hacker ideology
Concerning Hackers Who Break into Computer Systems
http://www-swiss.ai.mit.edu/6095/articles/denning_defense_hackers.txt
Interesting discussion of hackers, hacker ethics and how hacking relates to issues and practices of an information society
Active Matrix's Hideaway http://www.hideaway.net
Written by a "true hacker", one who seeks knowledge rather than robbery and destruction, this alternative site presents a view of hacking as an art and science
Hacking Documents http://www.houghton.demon.co.uk/hacking/document/index.htm
This is the source many use for initial ventures into hacking. It consists of 1) The Guide to Mostly Harmless Hacking, 2) Beginner's Documents, and 3) Other Various Documents. There is also a link called Hacking Archives. Quite user friendly, it becomes clear how kids could easily be lured into this site and its activities
Defcon 7 http://www.thecodex.com
Voted one of the top hackers sites by PC Magazine (is it any wonder our kids have little difficulty finding these sites?), this site consists of hundreds of links which walk individuals step-by-step through the myriad of different hackers activities
AstaLaVista H/C Search Engine http://astalavista.box.sk
Here's something new - a search engine designed for hackers. Includes links to all types of software, serial numbers, sniffers, etc
__________
Source: www.sharp-soft.net
Hacking
How To Become A Hacker
What Is a Hacker
The Jargon File contains a bunch of definitions of the term `hacker', most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant. There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest Arpanet experiments. The members of this culture originated the term `hacker'. Hackers built the Internet
Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker. The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music -- actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them "hackers" too -- and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term `hacker'.There is another group of people who loudly call themselves hackers, but aren't
These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people `crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word hacker' to describe crackers; this irritates real hackers no end.The basic difference is this: hackers build things, crackers break them.If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers
--------------------------------------------------
The Hacker Attitude
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you -- for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters -- not just intellectually but emotionally as well.Or, as the following modern Zen poem has it
To follow the path
Look to the master
Follow the master
Walk with the master
See through the master
Become the master
So, if you want to be a hacker, repeat the following things until you believe them
------------------------------------------------
1- The world is full of fascinating problems waiting to be solved
Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.(You also have to develop a kind of faith in your own learning capacity -- a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece -- and so on, until you're done
------------------------------------------------
2- No problem should ever have to be solved twice
Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it
------------------------------------------------
3- Boredom and drudgery are evil
Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do -- solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice -- nobody who can think should ever be forced into a situation that bores them
------------------------------------------------
4- Freedom is good
Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by -- and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing -- they only like `cooperation' that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible
adults. And you have to be willing to act on that belief
------------------------------------------------
5- Attitude is no substitute for competence
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence -- especially competence at hacking, but competence at anything is good. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.If you revere competence, you'll enjoy developing it in yourself -- the hard work and dedication will become a kind of intense play rather than drudgery. And that's vital to becoming a hacker
------------------------------------------------
Basic Hacking Skills
The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following
------------------------------------------------
1- Learn how to program
This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python
I think it makes an excellent second language.But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages -- you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be
C is very efficient, & very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff -- it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.Other languages of particular importance to hackers include and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it
Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.LISP is worth learning for a different reason - the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot.It's best, actually, to learn all five of these (Python, Java, C/C++, Perl, and LISP). Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways
I can't give complete instructions on how to learn to program here -- it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn language features -- bits of knowledge -- from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.Learning to program is like learning to write good natural language
The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic
------------------------------------------------
2- Get one of the open-source Unixes and learn to use and run it
I'm assuming you have a personal computer or can get access to one (these kids today have it so easy :-)). The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes, install it on a personal machine, and run it.Yes, there are other operating systems in the world besides Unix. But they're distributed in binary -- you can't read the code, and you can't modify it. Trying to learn to hack on a DOS or Windows machine or under MacOS is like trying to learn to dance while wearing a body cast.Besides, Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix
For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to
seriously dent it.)So, bring up a Unix -- I like Linux myself but there are other ways (and yes, you can run both Linux and DOS/Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker
For more about learning Unix, The Loginataka
To get your hands on a Linux, see the Where can I get Linux
You can find BSD Unix help and resources at http://www.bsd.org
I have written a primer on the basics of Unix and the Internet
Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help; or contact the Open Projects Network. LISC maintains IRC channels where you can get help
-------------------------------------------------
3- Learn how to use the World Wide Web and write HTML
Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit is changing the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language
If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. (There are good beginner tutorials on the Web; here's one.)But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge -- very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).To be worthwhile, your page must have
content -- it must be interesting and/or useful to other hackers. And that brings us to the next topic
-------------------------------------------------
4- If you don't have functional English, learn it
As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.This is very true. Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue
it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide
community of developers for Linux. It's an example worth following
-------------------------------------------------
Status in the Hacker Culture
Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one
This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (now gradually decaying but still potent) against admitting that ego or external validation are involved in one's motivation at all.Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity and the results of your skill.There are basically five kinds of things you can do to be respected by hackers
-------------------------------------------------
1- Write open-source software
The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.(We used to call these works ``free software'', but this confused too many people who weren't sure exactly what ``free'' was supposed to mean. Most of us, by at least a 2:1 ratio according to web content analysis, now prefer the term ``open-source'' software).Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them
-------------------------------------------------
2- Help test and debug open-source software
They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.
-------------------------------------------------
3- Publish useful information
Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.Maintainers of major technical FAQs get almost as much respect as open-source authors
-------------------------------------------------
4- Help keep the infrastructure working
The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going -- administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication
-------------------------------------------------
5- Serve the hacker culture itself
Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status
-------------------------------------------------
The Hacker/Nerd Connection
Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being a social outcast helps you stay concentrated on the really important things, like thinking and hacking.For this reason, many hackers have adopted the label `nerd' and even use the harsher term `geek' as a badge of pride -- it's a way of declaring their independence from normal social expectations. See The Geek Page for extensive discussion
If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.If you're attracted to hacking because you don't have a life, that's OK too -- at least you won't have trouble concenttrating. Maybe you'll get a life later on
-------------------------------------------------
Points For Style
Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the best ones I know of) are able writers.Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers). Study Zen, and/or take up martial arts
The mental discipline seems similar in important ways.) Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.Develop your appreciation of puns and wordplay.The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important (hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice
Finally, a few things not to do
Don't use a silly, grandiose user ID or screen name
Don't get in flame wars on Usenet or anywhere else
Don't call yourself a `cyberpunk', and don't waste your time on anybody who does
Don't post or email writing that's full of spelling errors and bad grammar
The only reputation you'll make doing any of these things is as a twit. Hackers have long memories -- it could take you years to live your early blunders down enough to be accepted. The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser
__________
Source: www.sharp-soft.net