Thursday, August 26, 2010

On Hacking: How To Prevent

Hacking is the biggest threat in the web environment nowadays with millions of attacks daily to major sites such as Google, Yahoo!, and mostly Microsoft. Being a website developer, I need to learn how to hack and how to have the hacker way of thinking. What for? Simple. I need to know the vulnerabilities of the web I'm developing. This is mostly known as ethical hacking.

There are various hacking methods that people use nowadays. Here are some examples:

XSS/CSS (Cross-Site Scripting)
This attack exploits people's ignorance towards the links they're clicking. The link can redirect to another site aimed at getting important information. So, you might want to be careful and check before you click. This is also known as exploit and this problem is still faced by big players like Facebook, MySpace, etc.

Brute Force Attack
This is the most traditional hacking attempt known by mankind. The attack is simple, the hacker will input a large number of possible password combination and wait untuil the ID unlocks. Nowadays, this attack is automized so the hacker can wait and relax. To prevent this you can limit the number of bad login attempts before the account is locked. Another way to do this is by setting specific time interval between bad login attempts. This way, brute force attacker can not put a lot of combinations at one time and preventing them from accessing the site.

SQL Injection
This is also an old form of hacking attacks. Doing it is simply by inserting parts of SQL string that would resulted in valid conditions. The below string can be used for example:
' OR 1=1;--
The string works well for MySQL database and will set whatever condition you state for SQL query to always be true. To prevent it simply filter the input and treat it not as part of the query string but as text input to get results.

Social Engineering
Putting your information on the internet? Be careful because hackers attack with social engineering. Using the information found on the net, hackers can create your profile and gain advantage from it. For example, knowing your birthday can indicate a password possibility of getting your password because if you're not aware of how to make a good password, usually your birthday is the easiest password to use. Well, that and your mom's name hehe. They can also act and try being your frined to gather the info. So, the only way to prevent it from happening is by limiting you information exposed publicly in the net and also be careful when befriending someone online.

Of course there are many things you can do to hack. If you can do it, do ethical hacking instead of destructive acking. Why? You'll get more money and you dont have to be afraid of the cops. So, happy learning guys and be careful on the net. It's a warzone out there.

Regards

-E-

Follow @femmerling on twitter


The information in this blog post are just basic information and concepts. For complete undrestanding, try googling ethical hacking and learn or get a training. I support ethical hacking!!

No comments:

Post a Comment