Ethical Overflow - A new focus on Cyber Security

Ethical Hacking - Terminologies.

    Following is a list of important terms used in the field of hacking.

    • Adware − Adware is software that automatically generates advertisements in a program that is otherwise free, such as an online video game. But in this context it more commonly means a kind of spyware that tracks your browsing habits covertly to generate those ads.

      Anonymous: A non-hierarchical hacktivist collective, Anonymous uses hacking (and arguably cracking) techniques to register political protest in campaigns known as “#ops.” Best known for their distributed denial of services (DDoS) attacks, past activities have included attacks against the Church of Scientology ; Visa, Paypal, and others who withdrew their services from WikiLeaks ’ Julian Assange after that group began releasing war documents; #OpTunisia and others purporting to support the Arab Spring; and a campaign that brought down the website of the westboro Boptist church. #Ops are usually marked with the release of a video of a reader in a Guy Fawkes mask using a computer generated voice. Offshoot groups include AntiSec and LulzSec.

      AntiSec: An Anonymous splinter group,Antisec was best known for the hack of security firm Stratfor, publishing credit card numbers and email addresses taken from the company’s site. jeremy Hammond was arrested for alleged Anti-Sec activities under the alias sup_g.


    • Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections.Some have alleged that manufacturers have worked with government intelligence to build backdoors into their products. Malware is often designed to exploit back doors.

    • Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate.most things in the world of hacking, bots are, in themselves, benign and used for a host of legitimate purposes, like online content delivery. However, they are often used in conjunction with cracking, and that’s where its public notoriety comes from. Bots can be used, for instance, to make the content calls that make up denial of service attacks. Bot is also a term used to refer to the individual hijacked computers that make up a botnet.

    • Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks.Malware is used to hijack the individual computers, also known as “zombies,” and send directions through them. They are best known in terms of large spam networks, frequently based in the former Soviet Union.

    • Brute force attack − It is an inefficient method of hacking compared to others like phishing. It’s used usually when there is no alternative. The process can be made shorter by focusing the attack on password elements likely to be used by a specific system.

    • Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold.

    • Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.

    • Cracker − A cracker is one who modifies the software to access the features which are considered undesirable by the person cracking the software, To break into a secure computer system, frequently to do damage or gain financially, though sometimes in political protest.

    • Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. This is often achieved by sending so many content requests to the site that the server overloads. Content requests are the instructions sent, for instance, from your browser to a website that enables you to see the website in question. Some have described such attacks as the Internet equivalent of street protests and some groups, such as Anonymous frequently use it as a protest tool.

    • DDoS − Distributed denial of service attack.A DoS using a number of separate machines. This can be accomplished by seeding machines with a Trojan and creating a botnet or, as is the case with a number of Anonymous attacks, by using the machines of volunteers.

    • Exploit Kit − An exploit kit is software system designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client.

    • Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.

    • Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and users on the inside of the firewall.A system using hardware, software, or both to prevent unauthorized access to a system or machine.

      IP: Internet protocol address. It’s the distinctive numeral fingerprint that each device carries that’s connected to a network using Internet Protocol. If you have a device’s IP you can often identify the person using it, track its activity, and discover its location. These addresses are apportioned by the regional Internet registries of the IANA (the Internet Assigned Numbers Authority). Crackers can use knowledge of your IP address to your computer via one of its ports, the points that regulate information traffic flow.

      `IRC: Internet relay chat is a protocol used by both groups and for one-on-one conversations. Often utilized by hackers to communicate or share files. Because they are usually unencrypted, hackers sometimes use packet sniffers to steal personal information from them.

    • Keystroke logging − Keystroke logging is the process of tracking the keys which are pressed on a computer (and which touchscreen points are used). It is simply the map of a computer/human interface. It is used by gray and black hat hackers to record login IDs and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.

    • Logic bomb − A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.

    • Malware − Malware is a software program term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.The software can be delivered in a number of ways, from decoy websites and spam to USB drives.

    • Master Program − A master program is the program a black hat hacker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks. It’s also the computer to which all other devices report, sending information, such as credit card numbers, to be processed. Control by the master of the bots is usually via IRC.

    • Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking emails, in an attempt to gather personal and financial information from recipients..Tricking someone into giving you their personal information, including login information and passwords, credit card numbers, and so on by imitating legitimate companies, organizations, or people online.

    • Phreaker − Phreakers are considered the original computer hackers and they are those who break into the telephone network illegally, typically to make free longdistance phone calls or to tap phone lines.

      Remote access: Remote control is the process of getting a target computer to recognize your keystrokes as its own, like changing a TV with a remote control. Gaining remote access allows you to run the target machine completely by using your own, allowing for the transfer of files between the target and the host.

    • Rootkit − Rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

    • Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched or poorly configured software.

    • Social engineering − Social engineering is conning people into giving you confidential information, such as passwords to their accounts. Given the difficulty of breaking, 128-bit encryption with brute force, for example, social engineering is an integral element of cracking. Examples include phishing and spear-phishing.

    • Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a large number of recipients without their consent.The largest and most profitable spamming organizations often use botnets to increase the amount of spam they send (and therefore the amount of money they make).

    • Spoofing − Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

    • Spyware − Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

    • Threat − A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the security of a computer or network system.

    • Trojan − A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there designed with an intention to destroy files, alter information, steal passwords or other information.

    • Virus − A virus is a malicious program or a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

    • Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the security of a computer or network system.

    • Worms − A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.

    • Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.

    • Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that is being used anonymously as a soldier or 'drone' for malicious activity, for example, distributing unwanted spam e-mails.