Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


The new generation of hackers & crackers

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:22 PM

Posted 22 June 2004 - 02:54 PM

This is an excellent article discussing the need to constantly be vigilant of the latest techniques and security vulnerabilities.


COMMENTARY--When it comes to beating back hackers, too many companies are still asleep at the wheel. Set up to guard against old-style black hats, their defenses have ignored a newer class of sophisticated attackers who take advantage of Internet back alleys and technology loopholes to penetrate corporate networks.

Old-style hacking attacks were direct brute-force affairs: I found some information about your network. Then I went poking around and effectively jiggled the doorknobs of various systems to find an entry point and something worth stealing. All the while, I would make a lot of noise and leave a bunch of fingerprints. So if you were entirely oblivious, I'd be home free.

Modern hacks aren't quite so obvious. Remember the old "Three Stooges" skits when the boys would knock out some guards, dress up in their uniforms and then skip freely past a watchman? That's kind of how it works. Hackers look for a place with a lot of traffic; a university or an Internet service provider network with many unaffiliated users is perfect. The hacker compromises every system in this high-traffic network by attacking well-known vulnerabilities. This brings in the booty: PCs with virtual private network (VPN) connections to corporate networks. Don't look now, but Larry, Curly and Moe have taken out your security staff and are about to come through the door!

The danger here is the false sense of security. Unfortunately, there is no 80-20 rule when it comes to security. In other words, if you don't have the skills, processes and technology to defend your network against all types of attacks, you are far more vulnerable than you believe. A rogue employee, determined hacker or misconfigured device could end up costing the company millions of dollars in intellectual-property theft, public relations damage, litigation and regulatory fines.

What can be done? The executives have to comprehend and buy into information security. Understanding is key. The CEO can approve the budget for some new security widget, but if she doesn't get what she's paying for, she'll eventually cut off the money supply. Security managers should also conduct a risk assessment and security audit to understand what to protect and how to protect it. There must be a contingency plan for every possible situation.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users