Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
Hackers use several attack techniques. These attacks can be grouped into three different families:
Direct attack.
Collateral attack by bounce.
Attacks by indirect answers.
We will see in detail these three families.
Direct attacks
This is the simplest of attacks. The hacker attack directly from the victim's computer. Most of the "script kiddies" using this technique. Indeed, they are using hack programs are only loosely definable, and many of these programs send packets directly to the victim.
If you get attacked in this way, there are great chances for you to trace the origin of the attack, identifying the same time the identity of the attacker.
Cryptography is the science of converting information "in the clear" in coded information that is not understandable, then, from the coded information, to restore the original information.
Symmetric cryptography and asymmetric cryptography
Symmetric cryptography
We speak of symmetric cryptography where multiple people use the same key to encrypt and decrypt messages. The main disadvantage of this system is the sharing of this unique key between different people: How to send to everyone and securely this unique key that allows you to encrypt and decrypt?
Asymmetric cryptography
In this type of cryptography, each user has two keys:
A private key that must be kept secret.
A public key that is available to all other users.
These two keys are mathematically related. In practice, the public key used to encrypt messages, and the private key used to decrypt them.Once the encrypted message, only the recipient is able to decrypt it. The utility PGP (Prety Good Privacy) works this way. The integrity of information
Good cryptography is to offer a guarantee of the integrity of information.Indeed, it should not be possible to modify encrypted information seamlessly.A process of checking the integrity of the message (encrypted and unencrypted) must be established.This process is performed by a hash function.The result of a hash (hash in English) is a kind of digest of the original message. ... Read more »
Principles of computer security and market developments
Introduction
There are currently too often security architectures based solely on the prevention and perimeter defense. There are many other elements to compose a security architecture. Any security architecture (and more generally the same approach to security) must be based on a triptych as:
Prevention
Detection
Reaction
These three aspects are currently covered very differently by the market despite an undeniable necessity.
Prevention
Prevention is fundamental and is generally well understood by many. The principle: do everything you need to protect themselves. It is most often to adopt the following approach:
Risk Analysis
Defining a security policy
Implementation of a solution focused on one or more firewalls.
Audit of the solution
Updates
The market today cover very well this approach: the consulting firms are very active in the risk analysis. Integrators propose and implement solutions with a vengeance. Companies specialize in security audits, others make the technological safe and can trigger updates (usually performed by the integrator).
In 2005, about 218 European companies, more than 50% have suffered financial losses related to computer problems. The same year, another study highlighted that only 30% of companies had taken precautions to ensure the availability and reliability their data.
What are the risks for computer data?
There are different types of risks to company data, the main ones are:
The purpose of this document is to familiarize readers with the basics of computer security, as defined in ISO 7498-2, for example.
The objectives of computer security
Computer security has several objectives, of course related to the types of threats and types of resources, etc ...However, the main points points are:
prevent the unauthorized disclosure of data
prevent the unauthorized modification of data
prevent the unauthorized use of network resources or computer in general
The scope of information security
These objectives apply in different areas or fields of applications, each using different techniques to attain the same objectives, and these fields are:
physical security programs (screens, power cables, power consumption curves ...)
the security of operating systems
communications security
Terminology of computer security
Computer security uses a well-defined vocabulary that we use in our articles.In order to understand these articles, it is necessary to define some terms:
Vulnerabilities: what are the security vulnerabilities in one or more systems. Any system as a whole has seen vulnerabilities, which can be exploited or not.
Attacks (exploits) represent the means to exploit a vulnerability. There may be several attacks for the same vulnerability but all vulnerabilities are not exploitable.
The cons-measures: these are the procedures or techniques to address a vulnerability or to counter a specific attack (in which case there may be other attacks on the same vulnerability).
Threats: These are determined opponents can mount an attack exploiting a vulnerability.
For other definitions, see ISO 7498-2 defines no fewer than 59 words, while other definitions are also available in our lexicon.
Two Government websites were forced offline for several hours overnight in co-ordinated cyber attacks.
The Department of Finance was shut from 11.20pm on Tuesday after a Twitter account, apparently linked to the Anonymous activist movement, urged associates and supporters to bombard the web page.
The Government has described the incident as a distributed denial of service, where huge volumes of internet traffic were directed to the websites.Services on the Department of Justice website were also interfered with.
In an ealier post, we’ve seen how to crack WPA-2 network keys using a dictionary.
While that technique works, it could take an awful long time, especially when brute forcing.
On this technique, named ‘Evil Twin’, we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim. Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point – which looks exactly like his.
A few days ago that the FBI has closed the Megaupload download site and arrested the founder and the Members of the administration of the web but no retaliation has been swift and both social networks and in various websites nortemaricanas, everyone has said their opinion.
The operation was directed against two companies, Megaupload Vestor Limited and Limited.
At present the web pages Megaupload Megavideo file sharing and viewing videos on the Internet, both owned by the companies themselves are inaccessible, as are Megapix, Megalive and Megabox.
The Federal Bureau of Investigation (FBI) announced the closing of the page after a two-year investigation that has resulted in the arrest of members of these companies.
Anonymous had a busy year in 2011 pushing its hacker-activist agenda on companies around the Web, to the point where just the sound of the hacker group's name can send shivers down the spine of many a CIO.
