Mar 11 2023
Looking to enhance your Linux skills? Practical examples to build a strong foundation in Linux – credit: Ramesh Nararajan
*******************************************
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks
InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services
Oct 26 2021
Spyware : It’s Not What You Think
7 Steps to Removing Spyware
May 28 2014
Everyone knows that a hacker by extension is always a programmer. What many don’t know though is that there is a lot more to it. It’s not just about knowing the language. A hacking is mainly defined by his curiosity to know what is otherwise not to be known.
While the following books are on a subject of hacking, they cover a lot of in-depth knowledge on the subject which includes but not limited to examples and exercises. As an ethical hacker, it’s something you can never pass up and may need to know.
1. Hacking: The Art of Exploitation, 2nd Edition
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.
The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits.
2. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.
3. Metasploit: The Penetration Tester’s Guide
The author of this book David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. Some see this book as a right of passage for anyone to be a hacker.
4. BackTrack 5 Wireless Penetration Testing Beginner’s Guide
Written in Packt’s Beginner’s Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.
5. CEH Certified Ethical Hacker All-in-One Exam Guide
Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside this comprehensive resource. Written by an IT security expert, this authoritative guide covers the vendor-neutral CEH exam in full detail. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.
Â
Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside . Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information
A former top-level National Security Agency insider goes behind the headlines to explore America’s next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals.
8. CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is an update to the top-selling SY0-201 guide, which helped thousands of readers pass the exam the first time they took it. The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version.
Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. The author uses many of the same analogies and explanations he’s honed in the classroom that have helped hundreds of students master the Security+ content. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 450 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
Feb 28 2011
by Davey Winder
It’s a scenario that every small online business fears: site security is compromised, hackers steal customer data including credit-card details, and your brand and your reputation are left in ruins. No wonder then, that many small online businesses are looking to insure against hackers and the resulting financial impact of a security breach. But is insurance really the answer and could it even be part of the problem?
The insurance brokers are, naturally, presenting such insurance as pure common sense. A chap who works in the insurance business used car insurance as a counter argument to my suggestion that surely the best IT security insurance policy was to remain secure in the first place.
“We all appreciate the need for car insurance” he told me. “No matter how careful a driver you may think you are. The simple fact is that you never know when a drunken idiot is going to crash into you”.
The argument being, as with all insurance policies, you are paying a premium to cover you for that worst-case scenario should it ever happen. “When it comes to online security,” Mr Insurance assured me, “the chances of the worst-case scenario becoming a reality are increasing day by day, as criminals develop ever more sophisticated methods of hacking your site. To not insure against the risk of being hacked is bad business, and that’s the bottom line”.
“Unlike driving a car, running a secure web business is pretty much about how safe you are, rather than how unsafe other people are”
To read the reamining article …..
Jan 11 2010
By Jerrie Abella, GMANews.TV
Another government Web site was found defaced Sunday night – the fifth attack since last month.
Hackers of the Technical Education and Skills Development Authority (Tesda) Web site, however, took on a bolder approach by leaving a message that seemed to mock the upcoming automated elections.
“Ano ba gagamitin sa Election? Blade server? Juniper Firewall (what is going to be used in the elections? Blade server? Juniper firewall)?” the message read.
HACK YOU. A screen capture of the defaced Tesda Web site as of 11:12 p.m. Sunday.Before Tesda’s, hackers had also victimized the Web sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE).
Malacañang has expressed alarm over the series of hacking attacks on government Web sites, saying it raises new concerns about the security of the automated elections in May.
“Of course we are concerned. This is not just a problem in our country, this is not just something that has happened just recently, it’s happening all over the country so this is certainly something that we are sensitive to as a matter of information policy within government,” said deputy presidential spokesman Gary Olivar at a press conference last week.
Dirty finger
The hacked Tesda Web site also showed a black and white illustration of a man giving the “dirty finger” supposedly directed against several “abusive” military and police units.
A pair of bulging eyeballs also followed the pointer anywhere on the page, and background music was also set up on the site’s second web page to which it automatically transfers.
Aside from the derisive reference to the May elections, message of sympathy to a slain communist rebel and a potshot against an alleged abusive police officer also replaced the original contents of the site.
“Nakikiramay kami sa Iskolar ng Bayan, Freedom Fighter na si Kimay” (We sympathize with the death of scholar of the people, freedom fighter Kimay)” the hackers’ message read, referring to Kemberly Jul Luna, a young New People’s Army (NPA) cadre who was killed last December 15 in an encounter with the military in Bukidnon province.
The message also identified a certain PO1 Ramos as an “abusive” police officer.
The hackers also made the site automatically jump into a second page, which featured a background music; a job announcement supposedly from VenturesLink, one of the partners of Smartmatic-TIM in the automation of the elections, inviting technicians across the country to be part of its team; a quote from the Hacker Manifesto, a short essay written by well-known hacker Lloyd Blankenship after he was arrested in 1986.
The hacking of government Web sites has alarmed Malacañang, considering the attacks’ proximity to the May automated polls.Precautions
Following the attacks on government Web sites by hackers, Olivar urged the Commission on Elections (Comelec) and other agencies to take the necessary precautions to secure their Web sites.
“Other agencies which are not yet hit by this are likewise taking the necessary precautions, especially Comelec because of the automated nature of the next elections,” he said at last week’s briefing.
The Comelec had earlier said that adequate safeguards are in place to protect the election results from hackers. Spokesman James Jimenez said the system to be used in the coming automated polls would operate on a “virtual private network,” making it difficult for hackers to bypass the system’s security mechanisms.
Jan 06 2010
By Andreo Calonzo
The system that will be used in the May 2010 automated elections is not hack-proof, but adequate safeguards are in place to protect the results from hackers, the Commission on Elections (Comelec) assured Wednesday.
“I am not saying that the system cannot be hacked. No system is 100-percent hack-proof. I am just saying that we have made sure that the system will not be hacked,” Comelec spokesperson James Jimenez said.
Jimenez gave the assurance after three government Web sites were hacked in less than two weeks, the latest of which was that of the National Disaster Coordinating Council (NDCC).
Last week, the Web sites of the Department of Health (DOH) and the Department of Social Welfare and Development (DSWD) were also victimized by hackers.
Jimenez said the system to be used in the coming automated elections would operate on a “virtual private network,” making it difficult for hackers to bypass the system’s security mechanisms.
“It’s like trying to rob a house, but you don’t even know where its exact location is,” he said in Filipino.
Jimenez also explained that the “real time” transmission of the results would make hacking more difficult.
“Our machines transmit for only two minutes. That’s too fast. In order to actually decode the data, it will take you something like three years. If you only have two minutes to do it, you do not have enough time,” he said.
But Jimenez conceded that hacking could happen at the municipal level. “The possibility of hacking is greatest at the municipal level, because it is the one most visible to the public.”
He said to prevent this, the poll body would use two other independent servers, one to a central server and another to a server assigned to media groups, accredited citizens’ arm and political parties.
“If you hack the municipal server, and if you hack the municipal server results, you are not hacking the reports of the other servers,” he said.
“If one report is hacked, this doesn’t mean that you have hacked everything. In fact, if one report is hacked, the tampering becomes more evident because there are other reports to contradict it,” he added.
An American company, Systest Laboratories in Colorado, is currently verifying the security and accuracy of the source code to be used in the automated counting machines, according to Comelec commissioner Gregorio Larrazabal. – KBK/RSJ, GMANews.TV
