Hacking

Transcript

1. Hacking Fouad  Matin

2. “Hacking” -­‐Original:  “a  person  who  enjoys   exploring  the  limits

    of  what  is   possible,  in  a  spirit  of  playful   cleverness” -­‐Today:  “someone  who  seeks  and   exploits  weaknesses  in  a   computer  system  or  computer   network”

3. Terminology   -­‐Bot  ==  automated  software  tool -­‐White  Hat  ==

    fixes  vulnerabilities -­‐Black  Hat  ==  exploits  vulnerabilities -­‐Worm  ==  self-­‐replicating  program -­‐Trojan  ==  program  in  disguise

4. Don’t  do  any  of  these, most  are  felonies.

5. Cracking -­‐Difficulty:  Script  kiddie -­‐Common  use  case  =>  passwords -­‐Example:

    John  the  Ripper

6. Cracking -­‐Use  stronger  &  more  complex   password  like: -­‐$p33k

    instead  of  Speek -­‐Cl455D*j*  instead  of  ClassDojo

7. Botnet -­‐Difficulty:  Elite  Hacker  (gov/mil) -­‐Interconnected  computers  to   perform

    similar  tasks  controlled   by  a  master  program -­‐Supercomputers  are  legal  botnets   of  servers -­‐Hackers  connect  random  consumers   to  make  their  own  supercomputer*

8. Botnet

9. Botnet -­‐Signs  your  computer  is  a  bot:  it   runs

    really  slow,  randomly   restarts  w/o  your  action -­‐Install  Anti-­‐Virus  Software   (duh),  Keep  system  updating,   Don’t  install  browser  toolbars   or  random  applications

10. Keyloggers -­‐Difficulty:  Script  kiddie*/Medium -­‐Records  every  keystroke  into  a  

    computer,  typically  with  context -­‐Sends  these  logs  to  a  central   computer  that  processes  them -­‐Hackers  can  extract  Bank  info,   login  credentials,  etc...

11. Keyloggers -­‐Install  Anti-­‐Keylogger  (packaged   in  Anti-­‐Virus)  Software -­‐More  advanced:

     monitor  network   connections,  look  for  suspicious   ip  addresses -­‐Use  on-­‐screen  keyboard  for   sensitive  information

12. DDOS -­‐Difficulty:  Elite  Hacker  (gov) -­‐Distributed  Denial  of  Service  

    (DDOS)  Attack  is  performed  to   take  down  access  to  a  set  of   servers  or  website(s) -­‐Key  piece  of  cyber  terrorism/ warfare,  ex:  China  taking  down   United  States’  power  grid

13. DDOS

14. DDOS -­‐Response  throttling -­‐Dynamic  -­‐>  static -­‐Firewall  to  deny  entire

     pockets   of  IP  Addresses

15. Social  Engineering -­‐Phishing -­‐Fraudulent  web  page,  vv  !=  w -­‐Fake

     emails  asking  for  info -­‐Pretexting -­‐Research  to  mimic  victim -­‐Way  more  dangerous

16. Social  Engineering -­‐Always  read  the  base  url -­‐Choose  difficult  security

      questions  where  answers  can   never  possibly  be  found  (or   forgotten  for  that  matter) -­‐2-­‐factor  authentication

17. Social  Engineering

18. Thanks! Questions?