some Hack facts

Ethical Hacking

ftp://ftp.secnet.com
This ftp site was posted on the BUGTRAQ list, which is dedicated to discussion of Unix security holes.
Moderator is Aleph One, who is a genuine Uberhacker. If you want to subscribe to the BUGTRAQ, email
LISTSERV@netspace.org with message “subscribe BUGTRAQ.”


Top Ten Beginner Defenses in Hacker Wars
10) Backup, backup, backup.
9) Assume anything is being sniffed, unless protected by strong encryption.
8) Assume your phone is tapped.
7) Never, never, ever telnet into your shell account. Use Secure Shell instead.
6) Pick a good password. It should be long, not a name or a word from a dictionary, and should include
numbers and/or characters such as !@#$%^&*. If you use a computer where others have physical access to
it, don’t write your password on anything.
5) This applies to shell accounts: assume your attacker will get root control anyhow, so your password
won’t do you any good. That means you should encrypt any files you don’t want to have passed around,
and send your shell history files to /dev/null each time you log out.
4) Do you use the Pine or Elm email programs? Don’t keep email addresses in your shell account. Your
saved mail files are a good place for cybernazis to find email addresses and send out threatening and
obscene messages to them. GALF specializes in this tactic.
3) Regularly patrol your Web site. You never know when it may sprout rude body parts or naughty words.
Preferably use a Web server hosted on a computer system dedicated to nothing but Web sites. Best of all,
use a MacOS web server.
2)Disable Java on your Web browser. Don’t even *think* of using ActiveX or Internet Explorer.
And, the number one defense:
1) Join us Internet freedom fighters. It will take many of us to win the battle against those who want to pick
and choose whose voices will be heard on the Internet.




Master of devils tip: The Turing Machine Halting Problem theorem says that it is
impossible to thoroughly debug -- or even explore -- an arbitrary computer
program. In practical terms, this means that it super hard to make a
computer network totally secure, and that it will never be possible to write
an antivirus program that can protect against all conceivable viruses.
For a more rigorous treatment of the Turing Machine Halting Problem theorem
-- yet written in language a non-mathematician can understand -- read the
"Giant Black Book of Computer Viruses" by Dr. Mark Ludwig, American Eagle
Publications. This book will also teach you how to write the most deadly
viruses on the planet -- or programs to fight them! You can order it from
http://www.amazon.com. Warning-- in order to fully appreciate this book, you
have to know assembly language for 80x86 CPUs. But it is the most
electrifying computer manual I have ever read!!!!


master of devils tip: In case you saw that supposed bash history file of mine
some haxors were making phun of on some email lists, here's two ways you can
tell it was faked and they were seriously deficient in Unix knowledge.
a) See that funny notation above, "bash_history -> dev/null? My
.bash_history has been linked to dev/null (dev/null means "device null"
which is a fancy way of saying everything goes to bit heaven never to be
seen again) since Oct. 9, 1997 -- long before some sooper genius emailed
around that fake file!
Here's how you can make your bash history disappear. Simply give the
command "ln -s /dev/null ~/.bash_history."
b) If you have the bash shell, and haven't linked it yet to dev/null, get
into it and use the "talk" command to chat with someone for awhile. Then
give the command "more .bash_history." You will see that unlike that
supposed bash history file of mine, the stuff you type in during a "talk"
session does not appear in the .bash_history file. The guy who faked it
didn't know this! Either that, or he did know, and put that in to trick the
people who would read it and flame me into revealing their ignorance.
The guys who got caught by this trick tried to get out of their embarrassing
spot by claiming that a buffer overflow could make the contents of a talk
session turn up in a bash history file. Yeah, and yesterday they saw Elvis
Presley at a grocery story, too

Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 comments: on "some Hack facts"

Post a Comment