Showing posts with label hacker. Show all posts
Showing posts with label hacker. Show all posts

Wednesday, 23 October 2013

Hacker Halted Europe Interviews Part 2 – Jennifer Lesser


By 


In October, EC-Council’s Hacker Halted came to Europe for the first time. Firebrand attended the conference in Reykjavik, Iceland and interviewed industry experts about the hottest topics in cyber security.

In this video Jennifer Lesser, Facebook’s Director of Security Operations talks about her keynote presentation on “Winning the Security Awareness Game”.

Ms Lesser spoke about how Facebook turned its internal security awareness campaign into a game that engaged every employee in the organisation. She explained that Facebook wanted to create a program that fit into its organisational culture. So they decided to launch “Hacktober”, a full month of hacking, when employees are encouraged to hack and protect themselves from being hacked.

During “Hacktober” Facebook simulates a series of attacks on its system, which include malicious emails, breaching the company’s physical perimeter, phishing and more. To find out more about how Facebook turned security awareness into a company-wide game, watch the full interview. 



Click here to watch the first Hacker Halted Europe interview with Jay Bavisi.

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Thursday, 17 October 2013

Hacker Halted Europe Interviews - Jay Bavisi


By 


In October, EC-Council’s Hacker Halted came to Europe for the first time. Firebrand attended the conference in Reykjavik, Iceland and interviewed industry experts about the hottest topics in cyber security.

The first speaker is EC-Council’s co-founder and president Jay Bavisi, who summarises the main points of his presentation, entitled “The Cyber Security Quagmire: Finding the Panacea”.


His keynote speech compared the challenges faced by IT security companies to those faced by pharmaceutical companies. Mr Bavisi pointed out that while the pharmaceutical industry already managed to overcome diseases such as small pox through vaccinations, the IT security industry is still struggling to achieve similar success against the threats of cyberspace.


He also added that EC-Council would be launching new secure coding courses, as well as a different E|CSA & L|PT exam in 2014. The new exam will be 100% practical, requiring students to perform a penetration test on EC-Council’s virtual bank.




Make sure you check the blog regularly, as we'll post more interviews from Hacker Halted Europe 2013.

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Wednesday, 21 November 2012

WE ARE LEGION – an inside look into Anonymous

For a few years now, filmmaker Brian Knappenberger had been working on ‘We Are Legion’ – a documentary based around the infamous hacktavist group Anonymous.

Anonymous originated in 2003 on the imageboard 4chan. Since then they have gained a massive wave of support and have taken part in several large scale attacks on what they deem ‘wrong’.

“The hacker ethics has a passion for truth, it wants what’s real to be out there” - WE ARE LEGION

The movie has been released and is finally available to all through the film’s official Web site as a DRM-free download. It is not fully understood why the movie was given out for free, but it does fit in with what Anonymous believe.



“Anonymous was kind of like the big strong buff kid who had low self-esteem, and then all of a sudden punched someone in the face and was like ‘wholly s**t I’m really strong’” - WE ARE LEGION

You can download the full movie here: http://wearelegionthedocumentary.com/see-the-film/

One of the more recent stories Anonymous was involved in was with Amanda Todd. The 15-year-old committed suicide after struggling with depression and being bullied.

When Amanda was in the 7th grade, she flashed a camera while one of her friends was taping. A man somehow got the photo of her topless and leaked it on the web, and even to her school facebook page. Before she committed suicide she posted a video on Youtube of her talking about how she cried every night out of desperation.

Anonymous tracked down a man they feel is responsible for her death (the person who anonymously leaked the photo online). The bullying was most likely the main reason for Todd’s death, but the real villain in the eyes of Anonymous was the man who took and leaked the photo.

“We generally don’t like to deal with police first hand but were compelled to put our skills to good use protecting kids. Ironically we have some good people in Vancouver who brought this to our admin’s attention. It’s a very sad story that affects all of us.” - Anonymous

Learn all the techniques used by Anonymous and get paid for performing these attacks - legally. The average salary of a Certified Ethical Hacker in the UK is £42,750 according to ITjobswatch.co.uk. 

Learn more about becoming an ethical hacker here: http://www.firebrandtraining.co.uk/courses/ec_council/ceh/hacking.asp

Monday, 29 October 2012

Stuxnet – 2 years on and what we’ve learned

In June two years ago, the most sophisticated computer virus was discovered in power-plants,  factories and traffic control systems all around the world. It was said to be 20 times more complex than any other virus code created before.

Of course, we are talking about Stuxnet…

As a virus, it had a number of capabilities. It was able to turn up the pressure in nuclear reactors, switch off oil pipelines and while doing all this; it would tell all the system operators that everything was ok.

Unlike viruses before it, Stuxnet didn't forge fake security clearance. It actually had a real clearance stolen from one of the most reputable security systems in the world: Realtek. It also exploited security gaps that system creators where unaware of. These are called ‘Zero Days’ and they can go for up to $100,000 in the black market. How many ‘Zero Days’ did Stuxnet use? 20!

In the coding, it was designed to keep dormant until it reached its specific target, without that target it did not activate.

What was it planning to shut down?
It was designed to shut down the centrifuges that spin nuclear material at Iran’s enrichment facilities.

Stuxnet was a weapon, and it was the first to be made entirely out of code

The ISIS has stated that Stuxnet may have shut down over 1000 centrifuges at Natanz (Iran’s main enrichment facility). Last year, the Iranian government stated that the virus’s infection of the Bushehr’s nuclear facility meant that turning on the plant could lead to a national electricity blackout.

So what does that kind of scare do to a country?
Well Iran gathered an army of online security experts and is now said to have the second largest online army in the world.

Who created the Stuxnet virus?
There is no direct evidence as to who created it. But some believe that Israel was responsible as the code contains references to the Hebrew bible. Others believe it was the US. But it seems as though we will never know for sure.

How to be a hacker and get paid for it - legally
Yep that’s right, you can now be a hacker and get paid for it. In fact, the average salary of an ethical Hacker is over £40,000! (itjobswatch.co.uk) But what is this ethical hacker? Aka a white hat hacker is someone who hacks and exploits zero days from companies who are looking to increase their security. As simple as that; they will pay you to find and exploit zero days in order and get rid all possible risks.

EC-Council logoBecome a Certified Ethical Hacker (CEH) and be a respected hacker defending companies and even countries from viruses such as Stuxnet itself.

EC-Council is a very well know vendor for professional certifications in the IT security field. Here are some of their powerful certifications:


Tuesday, 4 September 2012

AntiSec Hackers state ‘FBI tracked 12 million iPones and iPads'

The hacker group Anitsec has claimed that it has gotten hold of FBI data containing over 12 million Apple ID numbers linked with tons of personal information.

AntiSec Logo
To prove the statement, they have released 1 million of the ID’s stating that “a million would be enough”.

They added that the information associated to the Apple ID numbers include full names, mobile numbers, addresses and zipcodes.

They have not included this part of the information in the release of the 1 million ID’s, only giving the Device Name, Device Type and of course ID.

Identity theft is among the many worries now in the mind of millions of iPhone and iPad users who can now check if their device is on the list.

An identifier has been released which checks if your ID is in AntiSec’s list (put together by The Next Web). All you have to do is find your ID number in the summary section on iTunes once your device is plugged in, then copy the 20+ characters into the identifier found here:

Wednesday, 15 August 2012

Last chance: CHFIv4 will retire on Aug 30

In February 2012, ECCouncil announced that it will be releasing the brand new Version 8 of the Computer Hacking Forensic Investigator (CHFIv8). The course is designed to apply necessary skills to security professionals so that they can “identify an intruder’s footprints and to properly gather the required evidence to prosecute in the court of law”.


The program has been available since February 27, 2012. This means that Version 4 has become redundant and will be officially retired as of August 30, 2012. If there are any CHFIv4 students who have not yet attempted the exam or are waiting to re-sit, they have until August 30th, 2012 to take the exam.

Friday, 3 August 2012

$2.5 billion taken from world banks: OPERATION HIGH ROLLER


McAfee

In a recent report by McAfee and Guardian Analytics, it was found that a highly sophisticated and reoccurring cyber-attack has taken as much as $2.5 billion from bank accounts around Colombia, Europe and the U.S.A.


The report states that the organized criminal who deal with the malware have attempted to take $78 million  from accounts at 60 or more institutions, but it is stated that the total attempted fraud could go up to $2.5 billion if all were as successful as those discovered in the Netherlands.
It was named "Operation High Roller” and is formed by combination of a large understanding of banking transaction systems (highly possible from an insider) with a malicious code. The code requires no human interaction. 60 servers were found processing thousands of attempted thefts from high-value commercial accounts which included  large global banks, very rich individuals and credit unions.
The malware finds a victim automatically by searching for the highest value accounts and then transfers money to a prepaid debit card which is quickly emptied anonymously. It does this by altering the target's bank statement to conceal the theft. 
Reuters stated that “The new software allows the criminal to siphon money out at all hours, potentially increasing the number of hacked accounts and the speed with which they are drained.” It is said to be an advanced version of two existing malicious software, known as SpyEye and Zeus.

Wednesday, 7 July 2010

Halting Hackers with Honeypots

Active surveillance of network and computer systems is expensive and time-consuming (and often fruitless). And this philosophy can mean that hackers remain undetected. A key issue with surveillance is that it can be tough to differentiate between legitimate and illegitimate activities.

A honeypot creates false targets that, when accessed, triggers an alarm. For example, if a hacker attempts to access an IP address that is not used. Likewise, a port-based honeypot could highlight requests on unused TCP ports. As Network World explains, "Entire computers, or even networks of computers, can be created to lure attackers."

Fully explore the complexities before implementing honeypots - as the law probably views this as 'entrapment,' and therefore couldn't lead to prosecution.

Tuesday, 15 July 2008

So does this make Owen (aka AKILL) ethical?

Another coup for free speech possibly? If you write software that has only one purpose, to hack into other people's computers and networks you are not guilty of anything!

Owen Thor Walker (AKA AKILL) was let off in New Zealand after admitting he had written software to create a botnet army that was then used by other people to hack into computers.

We've all heard the argument about if you manufacture hammers with a legitimate purpose you're not responsible if they are used to break down a door in a robbery. But are we really going to want to live in a world where if you create a hacking tool that has no other purpose than to steal from other people you are not guilty of something?

Perhaps Owen is the ultimate "ethical hacker".....yeah right.

Thursday, 29 May 2008

(You are) welcome to my home, Mr. Hacker.

There you go then, BT the largest provider of home broadband connections in the UK distributes devices that are delivered ready to be hacked.

Thus allowing the "war driver" to wander around randomly rifling (metaphorically you understand) through your digital life.

Oh to be a hacker with so many potential victims to choose from...or not as the case may be.

Tuesday, 27 May 2008

Is nothing safe? Poor coding leaves all of us exposed to hackers.

This article on unsecure code just goes to show that no matter how hard you try and protect yourself some weak coding practices can leave you vulnerable. Think how many million? billion? lines of code are out there which are still yet to be tested by those hackers.

A weak webserver leaves everyone at risk.

Perhaps the Open Course community would benefit from the Secure Programmer traing course we run? Just a thought...

Monday, 19 May 2008

The Hacking Famous Five?

These spanish hackers have got a series work rate. Imagine if they had been doing some "good" instead of just doing the digital version of being a graffiti artist. They probably would have earnt a fortune on the right side of the law.