Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Computer Hacking

Computer Hacking



|Views: 5,088|Likes:
Published by Daniel Kotricke
Description regdin computer hackin.......its kinda info nothin in deatil just a overview
Description regdin computer hackin.......its kinda info nothin in deatil just a overview

More info:

Published by: Daniel Kotricke on Feb 29, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Computer Hacking... basic information
What exactly is hacking?
"Hacking" is, basically, unauthorized access to a computer or network. It could be theunapproved use of one system to gain access to another system (if the hacker ismalicious, once access is gained to a machine or server the hacker could change/deleteinformation- such as altering web sites, planting Trojans, etc.), and it could also meansimply entering a specific computer or network without permission.Simply blocking or disrupting access to a computer/server is not "hacking".This is what's called a DoS (Denial of Service) attack. It differs from "hacking" in that the perpetrator has not actually entered or compromised the system/computer targeted. DoSattacks are like piling junk in front of a door, whereas a "hacker" wants to go *through*the door.
How do people Hack?
There are various methods "hackers" use to gain access... most involve protocols thatcomputers utilize to share information with each other. Even a home computer can beused to host a web site; enabling HTTP and FTP protocols on a home computer allows people, at various levels of access (depending on the host computer's configuration), to browse around inside the host computer whenever it is connected to the Internet. Some of your computer's default settings may allow these kinds of connections, and you wouldn'teven know it... unless you became a victim of a malicious "hack".In many sites on the Internet, there are utilities available to assist in "hacking". It's nolonger a pastime strictly for programmers and other script-savvy individuals.
What kind of protection is available?
The first line of defence is to determine your accessibility needs: do you host a web siteor IRC network on your computer? If so, you may have to accept a certain amount of risk. If not, you may want to ensure that your computer's configurations aren't set tosupport those kinds of information-sharing connections. There are also software programsavailable to build/bolster firewalls and detect/defend against intrusion.To help protect your Email account, and any web pages (or other Internet-based accounts)you maintain, use a password, which is long and obscure enough that a would-beinfiltrator can't easily "guess" it. Don't leave your password list out where anyone canview/copy it, and don't leave programs (such as Eudora) running when you aren't actuallyat your computer or workstation. Having password protection doesn't do much good if anunauthorized user wouldn't even need to clear that hurdle, because the program was justopen and "idling".
Email Spoofing
E-mail spoofing is the forgery of an e-mailheader so that the message appears to haveoriginated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to,their solicitations. Spoofing can be used legitimately. Classic examples of senders whomight prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However,spoofing anyone other than yourself is illegal in some jurisdictions.E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include anauthenticationmechanism. Althoughan SMTP service extension (specified in IETF RFC 2554) allows an SMTP client tonegotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headersthat will alter message information. It is possible to send a message that appears to befrom anyone, anywhere, saying whatever the sender wants it to say. Thus, someone couldsend spoofed e-mail that appears to be from you with a message that you didn't write.Although most spoofed e-mail falls into the "nuisance" category and requires little actionother than deletion, the more malicious varieties can cause serious problems and securityrisks. For example, spoofed e-mail may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other  personal information -- any of which can be used for a variety of criminal purposes. TheBank of America, eBay, and Wells Fargo are among the companies recently spoofed inmass spam mailings. One type of e-mail spoofing,self-sending spam, involves messagesthat appear to be both to and from the recipient.
Spoofed/Forged Email
This document provides a general overview of email spoofing and the problems that canresult from it. It includes information that will help you respond to such activity.Introduction I.DescriptionII.Technical IssuesIII.What You Can DoReaction Prevention (Deterrence) IV.Additional Security Measures That You Can Take 
I. Description
Email spoofing may occur in different forms, but all have a similar result: a user receivesemail that appears to have originated from one source when it actually was sent fromanother source. Email spoofing is often an attempt to trick the user into making adamaging statement or releasing sensitive information (such as passwords).Examples of spoofed email that could affect the security of your site include:email claiming to be from a system administrator requesting users to change their  passwords to a specified string and threatening to suspend their account if they do not dothisemail claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive informationIf, after investigating the activity, you find that there is more to the incident than spoofedemail (such as a compromise at your site or another site), please refer toSection IV  below.
II. Technical Issues
If you provide email services to your user community, your users are vulnerable tospoofed or forged email.It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacksauthentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of theindividual's choice; this can be a valid email address or a fictitious address that iscorrectly formatted.In addition to connecting to the SMTP port of a site, a user can send spoofed email viaother protocols (for instance, by modifying their web browser interface).
III. What You Can Do

Activity (29)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
pradeepsonn liked this
Nishanntt liked this
Sukhprit Singh liked this
Kaleem Jan liked this
woints liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->