Hacking-101.com

Have you ever heard of Security Through Obscurity?  It’s the concept of “what the enemy doesn’t know won’t hurt  you.”  Sort of like having your firewall drop all incoming ICMP packets.  They won’t know you are there…

If you believe that I have a bridge to sell you in Mexico.

Security through obscurity is like having full windows inside of your shower and pretending that since the glass is a little dirty no one can see your naughty bits and even if they could they wouldn’t want to.  You’re probably wrong on both accounts.  You can’t hide behind dirty glass and they would look at your naughty parts just because they could.

Do not pretend that security through obscurity is a part of defense in depth.  Defense in depth is a great approach to holistic security that entails operational, procedural and technical controls to protect your information.  Attempting to hide your systems will only work to a point.  Every system on the Internet is potentially vulnerable and possible to find.

What’s the good news?   The good news is that you can mitigate your risk even if someone knows that you have a juicy Oracle server hiding behind your firewall.  A properly tuned Intrusion Detection/Prevention System coupled with well documented Access Control Lists go a long way in defending your network.  Unfortunately we can no longer rely on the network perimeter as the only attack vector.  You’ll also need to ensure patches are updated, passwords are complex and that you have proper auditing enabled.

Oh the work never ends.

People who live in glass houses shouldn’t walk around naked.

I know this may seem a bit off-topic, but I was reading through CNN yesterday and I guess there’s a new fad in the UK with young women getting totally hammered and then putting pictures of themselves on Facebook. Now, we know that peacocking is something that happens across the world and no one is immune. From my opinion, women can do it too, who cares.

Here’s my concern: Does no one think that prospective employers may go search for you on the Internet?  I guarantee you that you will be Googled and Facebooked and possibly checked out on LinkedIn.

The odds of you NOT getting a job because of idiotic pictures on the Internet is probably very good.  Who wants to hire an ass-hat who doesn’t have the decency to keep their private life private.  It’s like Paris Hilton going to work in a nunnery.

If you’re going to act like an idiot just do yourself a favor and don’t document it.  You’ll only have yourself to blame in the long run.

Many people misunderstand hacking, cracking, white hat, black hat or other terms that security professionals use. So that we’re on the same foot I’m going to list several phrases and terms that get used.

• White Hat Hacker - A computer professional that is ethical and law-abiding.
• Black Hat Hacker - Someone who compromises the security of a system without permission from an authorized party with the intent of defeating security systems and gaining access to restricted areas
• Hacking - Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network
• Cracking - The act of breaking into a computer system (see Hacking) to do harm
• Vulnerability - Hardware or software that leaves a network system open for possible exploitation. This weakness may be caused by weak security procedures, administrative controls, physical access or other controls
• FOSS - Free Open Source Software also known as OSS
• Fuzzing (Fuzz Testing) - A software technique used to discovery vulnerabilities in applications by sending random or unexpected data as input
• Script-Kiddie - Someone not skilled in hacking who uses freely available tools in an automated fashion without any technical know-how
• pwnd! - Hopefully something that doesn’t happen to this blog! Pwnd is analogous to ‘owned’ meaning to being beaten or dominated by an opponent.

Hacking-101.com is the product of the overactive imagination of several security professionals that have too much time on their hands. We come from all walks of life and we’re spread out across the United States. Our tools and techniques are tried and tested across all of the major operating systems.

Are we all 1337 hackers? The answer is an emphatic “NO!” Sure, some of us are incredibly skilled white-hat security professionals. Our skill sets come from years of experience in Information Technology and Information Security. We’re passionate about what we do.

What do we plan on talking about? Anything and everything that revolves around information security. That’s almost an unlimited amount of topics! With the sheer volume of attacks, cracks and hacks we’re bound to find something to discuss.

Subscribe to our feed to get the latest updates.