Java Reference
In-Depth Information
hey are script kiddies who use scripts written by serious hackers to launch their own attacks
against systems. Script kiddies actually form the majority of the so-called hacking community.
hey are not truly the super-hackers, whom we imagine to be geniuses sitting in their state-of-the-
art lab and writing exploit code; they are ordinary people who are interested in hacking and try to
pick up skills as they move along. It is not that all of them have malicious intent, but their curios-
ity could cause major problems in terms of inancial losses or downtime for organizations. Exploit
code is very easy to ind. Frameworks like
Metasploit
are freely available for download to use against
network devices, operating systems, applications, and databases. Metasploit even provides an auto-
hack feature called
autopwn
. So, you can quite easily conigure Metasploit to run its automated
attacks against a database, while you step out to get some lunch. Once you get back, you probably
would have broken into the system and gained access to it. Apart from this, the Internet is illed
with material for hackers and crackers. Although a lot of these articles are written for academic
interest and they genuinely help proactive security professionals use the information to protect their
IT infrastructure, these pieces of information are invaluable for use against vulnerable systems.
Sites like
milw0rm
give you detailed videos on how to exploit vulnerabilities in systems.
We need to also explore the other reason for the statement “Hacking is not diicult.” It
basically boils down to human error. Applications have become very easy to develop, and more
and more people are developing applications in today's world. Humans are bound to make
errors, which results in poorly written code, which allows an attacker to write up some simple
exploit code to exploit vulnerabilities. When the then-presidential hopeful Senator Barack
Obama's site was hacked in the year 2008, the hacker was asked how he did it, to which he
replied that he had exploited some poorly written HTML code. he hack that he had perpe-
trated made sure that every request meant for the Obama site was directed toward his rival's.
It was as simple as that. We will explore more myths speciically relating to Web application
security later in Part 1.
2.4.3 Geographic Location Is Hacker-Proof
his is another popular security myth, one that is, frankly, quite amusing. Many people believe
that just because they or their organization are located in a particular part of the world, they are
protected against attackers. hey believe that only the United States and some parts of Europe are
greatly afected by the security issues. he reality is quite diferent. With the rise of high-speed
Internet in the Asia Paciic region, there has been an alarming rise in the
botnet
*
activity of these
parts. Internet worms like the
SQL Slammer
and
Sobig
have wreaked havoc on all parts of the
world. Although these attacks gain more publicity because of the higher Internet penetration rate
in the United States and Europe, no part of the world that is connected to the Internet (which is
pretty much the entire world) is safe from security incidents. he degree may vary, and the aware-
ness and knowledge of the exposure may vary, but the attacks don't really disappear and security
is still a serious concern, in every part of the world.
2.4.4 One Device Protects against All
he one important lesson that we can learn from defense-in-depth is that one single device or one
product cannot unilaterally protect the organization's information assets against all threats out
*
Botnet is a group of compromised systems that have been compromised because worms, Trojans, or backdoors
have been installed on these systems by the
bot-herder
(the individual or group controlling the bots).
Search WWH ::
Custom Search