Techie, Programming,Hacking, Infosec,ITGuru,Hacks, Technology, Geek-You're in the right place
Tuesday, 23 July 2013
Old Hackers, New Hackers: What's the Difference? #Hackers #Hacking
Apparently, to people enamored of the 'old school' of hackers, like Steven Levy or Clifford Stoll, there is a big difference. Indeed, to the 'old style' MIT/Stanford hackers, they resent the bestowal of their honored title on 'those people' by the media... to many people, 'hacker' is reserved for a class of people in the 60s, a certain 'breed' of programmer who launched the 'computer revolution,' but just can't seem to be found around any more... according to these 'old school' hackers, hacking meant a willingness to make technology accessible and open, a certain 'love affair' with the computer which meant "they would rather code than sleep." It meant a desire to create beauty with computers, to liberate information, to decentralize access to communication...
But what about the 'new' hackers? Many of the 'old' hackers think they don't deserve the name, preferring to call them 'computer criminals,' 'vandals,' 'crackers,' 'miscreants,' or in a purely generational swipe, 'juvenile delinquents.' The media uses the word 'hacker' to refer to young, clever computer users who use their modems to break into systems without authorization, much as depicted in the movie War Games. And the old school hackers resent this. Many of the new hackers aren't good programmers; they are just people without ethics who have no reservations about swiping passwords, codes, software, and other information and trading them with their friends. They may be good at exploiting security holes in systems, but all they succeed in doing (say people like Stoll) is destroying the trust on which open networks are built.
I am interested, needless to say, in the generational aspect to this battle over the name 'hacker'. Most of the old hackers of the 60s are of course now living in the 90s - Baby Boomers who, like their ex-hippie friends, went from 'freak' to 'straight,' finding jobs in computer security firms and corporate software conglomerates. And like other counterculturalists from the 60s, they just can't seem to figure out this Generation X forming the counterculture of the 90s... where's the openness? The idealism? These "juvenile delinquents" just don't live up to the high moral standards of the 60s nostalgiacs like Levy and Stoll. But then, Levy rants about those great hackers who founded Apple Computer and launched the PC revolution - those same ex-phreaks, Jobs and Wozniak, who actually allowed their company to patent their system hardware and software!
The "cyberpunks" of the 90s, it seems, just don't live up to what people like Stoll and Levy expect of them. And all the old 'hackers' go to great pains to define themselves apart from the new breed of 'hackers,' always groaning in angst when the label continues to be applied to them. I would argue that the hackers of the 90s are not so different from the hackers of the 60s, that indeed, the same exploratory, antiauthoritarian, liberatory impulses are at work; it is simply that the hackers of the 60s do not understand the situation in which we live, and this is probably because they read 60s hippie lit rather than 90s cyberpunk SF... the 'old hackers' are simply too comfortable to be afflicted... they don't understand why the new 'hacker' does what he does.
According to Levy, the differences between the old and new hackers are stark and clear. The first group strove to create, the second strives to destroy and tamper, he says. The first group loved control over their computers, but the second group loves the power computers gives them over people. The first group was always seeking to improve and simplify; the second group only exploits and manipulates. The first group did what they did because of a feeling of truth and beauty in their activities; the second group hacks for profit and status. The first group was communal and closely knit, always sharing openly their new hacks and discoveries; the second, he says, is paranoid, isolated, and secretive. For Levy, the old hackers were computer wizards, but the new hackers are computer terrorists, always searching for new forms of electronic vandalism or maliciousness without thought of the consequences.
But where Levy sees differences, I see some curious similarities. Old-style MIT 'hackers' were rather well-known for getting around locks of both the physical and electronic variety. Is there such a difference between the righteous anger of the MIT hacker toward the IBM 'priesthood' who kept him away from the massive mainframe, and the 90s hacker who feels righteous anger over being prevented access from huge commercial databases without an expensive account? The old MIT hackers were also known for their exploration of the phone system, and exploring 'hacks' to make calls to unsuspecting places for free. Indeed, many of the early hackers were phone phreaks, plain and simple, ripping off service from the phone company (THE company, AT & T, alias Ma Bell, back then), which they resented for its refusal to share the technical information about telephony.
The 60s hackers were known for their desire for liberating information. They openly shared source code; members of the Homebrew Computer Club also openly shared with each other the flaws of various machines, and 'hacks' to get around their lack of performance. Since Levy seems to think that software piracy should not be a crime (since he thinks source code should not be copyrighted), his problem with the 'new hackers' does not appear to be piracy. Neither does it appear to be the open sharing of some admittedly dangerous 'real-world' information taken straight from books like the Anarchist Cookbook on how to make bombs and drugs. Rather, it seems to focus around the malicious misdeeds of a small minority, dedicated to spreading Trojan horses, logic bombs, viruses, worms, and other destructive programs...
In actuality, the majority of viruses (such as the Christmas virus) are harmless. They eat up small fractions of CPU space and are designed, rather than to wipe clean someone's hard drive, to just display a message at a given time. They are, in short, pranks - something that Levy also points out the old MIT hackers were overfond of. They were known for playing complex tricks on people, and were masters of "social engineering" - the art of manipulating technocrats by being a good bullshit artist - just as the 90s hackers are... their elaborate games and pranks often being ways to demonstrate their superiority to the faculty, administrators, or other "know-it-alls" who they felt got in their way of their access to computers...
In "invading" corporate voicemail systems, the modern 90s hackers are no different than the 60s MIT hackers mapping out the labyrinths of the MIT underground tunnel system. They do it for the same reasons: because they are told not to, because the conduits often lead to surprising places, because the activity is basically harmless even though it is declared unauthorized or even illegal, and because it gives them a feeling of mastery and control over a complex problem. The simple fact is, most of the 90s hackers are not wantonly malicious or destructive. Indeed, many subscribe to an updated 90s Hacker Ethic, declaring that they will not "hack" personal privacy or the personal computer user, instead declaring that their "targets" will be large, unresponsive corporations or bureaucratic government organizations...
But the main reason for the difference between the 60s and 90s hackers is that the GenXers are a "post-punk" generation, hence the term, "cyberpunk." Their music has a little more edge and anger and a little less idealism. They've seen the death of rock n'roll, and watched Michael Bolton and Whitney Houston try and revive its corpse. Their world is a little more multicultural and complicated, and less black-and-white. And it is one in which, while computers can be used to create beauty, they are also being used to destroy freedom and autonomy... hence control over computers is an act of self-defense, not just power-hunger. Hacking, for some of the new 'hackers,' is more than just a game, or a means to get goodies without paying for them. As with the older generation, it has become a way of life, a means of defining themselves as a subculture...
Many of them are quite deliberately 'nonviolent' in their ambitions. They will not lock others out from their accounts, damage or change data without permission, or do anything to jeopardize system viability. Instead, they enter computer systems to 1) look around and see what's there (if someone breaks into your house, looks at the posters on your wall, then locks the door on the way out, have they committed a crime?) 2) see where else they can go from where they are (what connections can be pursued?) and 3) take advantage of any unique abilities of the machine that they've accessed. MIT's hackers did all of these things and more with the various mainframes they were 'forbidden' to access and explore... they questioned the right of technocrats to limit access, and openly transgressed their arbitrary limitations based on invoked mantras of the preciousness of computer time.
Indeed, the 90s hackers pay a lot of homage to the first generation. They have borrowed much of their jargon and certainly many of their ideas. Their modus operandi , the PC, would not be available to them were it not for the way the 60s hackers challenged the IBM/corporate computer model and made personal computing a reality... their style, their use of handles, their love for late-night junk food, are all testaments to the durability and transmission of 60s Hacker culture. So why are the biographers of the 60s hackers so antagonistic and hostile to the new 90s hackers? Do they sense some sort of betrayal of the original Hacker Ethic and its imperatives? Is it just the classic refusal to pass a torch onto a new generation?
Breaking into the root node of a UNIX network or the system manager account of a VAX network takes nimble thinking and clever programming. It often takes a knowledge of various loopholes in the system, and clever tricks that can be done with its coding. It often requires unorthodox uses of standard applications. In short, it requires hacking in the oldest and best senses of the term. In doing it, many 90s hackers seek to expand their knowledge of the system and its capabilities, not to sabotage the efforts of others or wreck the system. Phreaks, in 'hacking' the phone system, are simply acting in the centuries-old tradition of American radicals who have always challenged the ways in which corporate and governmental structures prevent people from free association with their peers... challenging the notion that "to reach out and touch someone" should be a costly privilege rather than a right.
Someday, the old and new 'hackers' may sit down, and discuss their commonalities rather than their differences. They may realize that they share an alienation from the existing system. They might find out that they have motivations and principles in common. Most importantly, they might stop competing with each other for a mantle or title. The old hackers might see the ways in which their countercultural visions failed to take account of new realities, and they might provide a sense of communal vision and purpose for the often backstabbing and self-aggrandizing new hackers. If they were to actually team up, it might be mean what Bruce Sterling calls "the End of the Amateurs." And the beginning of "Computer Lib?" by Steve Mizrach (aka Seeker1)
#Cryptography : Glossary Of Important Terms
Hello Everyone , Today this part of the cryptography contain the most of the terms that will be used frequently in the upcoming tutorials so, for your ease I have made this Glossary or dictionary whatever you might say . Do refer this as a guide.
A5:The encryption algorithm used for GSM telephones. These telephones are mainly sold in Europe.
AES :Advanced Encryption Standard. A block cipher that was chosen through a competition of the world’s greatest cryptographers. It is approved for government use by NIST and is assumed to be good for the next 20 years before a replacement needs to be found. Also known as Rijndael (rine-doll) for the two people who created the algorithm.
Algorithm :A set of mathematical step-by-step rules, or a recipe, for the encryption and decryption of data.
ANSI :American National Standards Institute. An organization that evaluates and publishes standards for various industries, including the computer technology industry.
ANSI X9.17 :The standard for the exchanging (or sharing) of the key for the DES algorithm.
Application Encryption :A program that uses an algorithm to encrypt data. PGP is an example of an application that has encryption built-in.
Asymmetric Algorithm :An algorithm that produces two keys; a public key and a private key. The public key is shared with others and the private key is kept safe by the owner. The term “asymmetric” has to do with the fact that there are two different keys — it does not mean that the algorithm is lopsided.
Authentication :The process of making sure that a person is really who he says he is, or that a computer is really the computer it’s supposed to be. It’s like being asked for your driver’s license before you can cash a check. Computers use encrypted keys or encrypted communications to exchange proof of identity.
Back Door :Usually a design flaw in software that allows unauthorized access into a system by those who know the secret.
Block Cipher :An algorithm that encrypts data and cuts the data into small chunks and encrypts the
chunks one after another. The “chunk” is a block of data and the algorithm decides how large those chunks are. This term was not invented by Lucy in the “Peanuts” comic. (You blockhead, Charlie Brown!)
Blowfish :A symmetric block cipher invented by Bruce Schneier. Publicly available on the Internet.
Browser :Your Web browser such as Internet Explorer, Mozilla, Netscape, or Opera. All browsers now have the capability to exchange data with another computer via an encrypted link. Although this term is also applied to shoppers who are not actively purchasing goods in a particular shop, that has nothing to do with cryptography.
Brute Force Attack :It’s like trying to break into a building by all possible hard attack methods: picking the locks, breaking the windows, breaking down the doors with a sledge hammer, or using bombs. In cryptography, a brute force attack is used when the attacker knows nothing about the encryption. He will start with easy guesses first and then build up to sophisticated methods. Brute force attacks in cryptography usually entail using lots of computers that try to guess each portion of the key or the encrypted message.
CAST :A block cipher developed by Carlisle Adams and Stafford Tavares (CAST) and patented by Entrust. It is available for public use.
CERT :Computer Emergency Response Team. A special team that has been formed to deal with computer emergencies of all sorts. Some companies form their own teams and other companies rely upon commercial CERTs. There is also a central CERT at Carnegie Mellon University in Pennsylvania. That CERT sends out alerts and information about new computer attacks and fixes.
Certificate :(See Digital Certificate.)
Certificate Authority (CA) :A company or a specially built computer within a company that generates and controls Digital Certificates and the accompanying keys. This is also referred to sometimes as a “trusted third party” because it is supposed to be an unbiased yet powerful authority.
CHAP :Challenge Handshake Authentication Protocol. Largely used in Microsoft products, CHAP is a two-way password authentication scheme.
Checksum :A numeric value assigned to data to be used as an indicator of change made to the data. An algorithm changes the data into numbers, goes through a number of computations, and then assigns a single, long number as the checksum. If the checksum of the data you receive is not the same checksum as the person who sent it, then something got changed in transit. Also known as a “fingerprint,” checksums are used to check the integrity of data. Checksum is also what many people do with their checking accounts at the end of the month.
CIAC :Computer Incident Advisory Capability (pronounced “sigh-ack”). This is an organization formed by the Department of Energy to track and report on computer security problems.
Cipher :The word cipher is very often confused with the word “code.” A cipher is closer to an algorithm. It does not know the “semantics” of the text or data it is converting; as far as a cipher is concerned, it’s just a blender of sorts. It’s the part of the algorithm that replaces one letter with another character. (Also see Code.)
Cipher Block Chaining :Also known by cryptographers as CBC, this is like “shuffling” the encrypted blocks of data with one another to come up with different ciphertext. Using cipher block chaining makes it much harder for someone to try to break an algorithm.
Ciphertext :The encrypted form of data. Ciphertext does not have to be text, it can be any form of data including pictures and music.
Client :Usually a desktop computer or a laptop. This is opposed to “servers.” Servers provide data, services, and resources to the client computers. Just think of clients as customers in a restaurant and the servers as waiters, and you’ll get the meaning. Client can also refer to a software program that runs on a desktop computer or a laptop. This type of program is normally used when the server is sending a special type of information that can’t be understood by other programs.
Code :A code is just a set of rules to represent meaningful information in another way — this doesn’t necessarily imply secrecy. A code does deal with symantics and can tell the difference between a letter and a number. Morse code and programming code are two good examples.
Cracking :An action to try to break the security of a computer system, software program, algorithm, encrypted data, and so on. For instance, attackers will try to crack the key to encrypted data so they can decrypt it and see what it says. This has nothing to do with the eating of Maryland crabs, contrary to popular belief.
Cryptanalysis :The examination of encrypted data to try to discover how the data was encrypted. Cryptanalysts will try to find the key or some plaintext in the encrypted data so they can unlock it. In a way, this is similar to “cracking,” but it is usually done by well-meaning folks employed by the NSA. (And, yes, because they are in Maryland, many do eat crabs.)
Cryptography/Crypto :The art or science of finding ways to hide or change data. The main goal of cryptography is to maintain secrecy – it’s a way to transform plain data (pictures, music, text, software, and so on) from a recognizable form to an unrecognizable form and back again. Cryptography is also the technical field of creating methods of changing data into an unrecognizable form and then reversing the process to make it recognizable again.
DES :Data Encryption Standard. A popular symmetric key algorithm that was created in 1975. It is usually replaced now with 3DES, which is much stronger than the original algorithm.
Diffie-Hellman :An algorithm created by Whitfield Diffie, Martin Hellman, and Ralph Merkle to solve the problem of how to share a secret over an unsecured line without compromising the secret. This became the basis for public/private key exchange.
Digital Certificate :A computer file that contains information about a person or a computer, along with a public encryption key. Digital Certificates have a standard format for the information contained so it can be used in many different encryption programs. A Digital Certificate is issued by a Certificate Authority. The Digital Authority usually has strict regulations about who or what may receive a Digital Certificate. Identities are usually verified by the Certificate Authority, which implies a greater degree of trust.
Digital Signature :A checksum created by an algorithm, combined with a person’s public key, that is based on a block of data and the person’s private key. The result is a character-based string that is included with the data when it is sent. If the data has been changed en route, it will be reflected in a changed digital signature. A digital signature is used to guarantee that the data was sent by the person who claims to have sent it. In one sense it can be considered a type of notary stamp to prove authenticity.
Digital Signature Standard :This is also referred to as DSS and is the algorithm used to create digital signatures. DSS was developed by the NSA and approved by NIST.
ECC :Elliptical Curve Cryptosystem. A relatively new and unique form of encryption that uses mathematical curves over defined fields to create a public/private key pair.
Encipher/Encrypt :Changing plain data (plaintext) into an unreadable or unrecognizable form (ciphertext).
Exclusive Or :(See XOR.)
Export Control :Laws and regulations to prevent products or technologies from being exported from the United States when exportation of that information is not in the best interest of the country. The United States considers cryptography to be munition and therefore controls the export of some encryption methods and products.
FIPS :Federal Information Processing Standard. Rules and regulations adopted by the federal government for computer systems, computer security, and the implementation of cryptography.
FORTEZZA :A PCMCIA card that contains the SKIPJACK encryption algorithm. This is mainly used by government agencies and some law enforcement agencies to encrypt e-mail. This term is often confused with foccacia, which is actually a type of Italian bread and has nothing to do with cryptography.
GOST :A symmetric block algorithm developed in the former Soviet Union.
HASH :A type of checksum that produced a fixed string of characters from a section of data that is used as a “fingerprint” of the data. If the data has not been changed, you will always get the same hash; if it has changed by only one character, the hash will not be the same as the original.
IDEA :The International Data Encryption Algorithm was developed in Switzerland and is one of the algorithms that is used in PGP.
IETF :The Internet Engineering Task Force is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.
IKE :This stands for Internet Key Exchange and is used by the protocol IPsec (secure IP) for key management.
IP :Internet Protocol carries individual data packets on a network. It allows the packets to be routed through multiple networks until it reaches its destination.
Ipsec :A network security protocol that uses encryption to protect data as it is moving through the network.
ISAKMP :Internet Security Association Key Management Protocol was the basis for IKE and is still used in many networking environments. ISAKMP defines payloads for exchanging key generation and authentication data.
KDC :Stands for Key Distribution Center and is the basis of the Kerberos authentication system. It is a device or computer that allows two computers to encrypt the traffic flowing on the network between them. Not to be confused with KFC, which is fine to eat on a 4th of July picnic.
KEK :A Key Encryption Key is used to encrypt other keys such as session keys or data keys. A KEK does not encrypt any of the data itself, it just sets up the environment so that encryption can begin.
Kerberos :An authentication protocol, developed at MIT, that uses session keys. Available commercially and in the public domain.
Key :The data created by an algorithm that causes a cipher to begin the encryption and decryption process. Keys are associated with the algorithm that was used to create it.
Key Escrow :The storing of copies of encryption keys so they can be used if the original key is lost or corrupted. This is very difficult to do securely.
Key Fingerprint :A unique string of characters that is used to authenticate a key. This is done by creating a hash of the key. Usually used by PGP users to verify that the parties are using the correct keys for encrypting and decrypting communications.
Key Length :The size of a key represented in bits. The larger the number of bits, the stronger the key is.
Key Management :The process and procedures uses to safely store and distribute keys. It also makes sure that keys are sent out in a secure manner so they won’t be compromised.
Key Pair :A set of keys created by an asymmetric algorithm: the public key and the private key.
Key Recovery :A method of hiding parts of keys in different places so a key can be reassembled if the original key is lost or corrupted. Key recovery usually involves the use of multiple storage locations and multiple passphrases to complete the recovery process.
Key Splitting :A security measure that splits a key up amongst a number of people so no one person on his own can use the key. All members of the group must participate in order for the key to be used.
Keyring :A program or file that holds a set of keys.
LDAP :Lightweight Directory Access Protocol. A protocol used in databases to allow simple search and access operations for data that is usually hard to index — phone numbers, addresses, and now used for encryption keys.
MAC :Message Authentication Code. A one-way hash that uses a single key. The key is used to verify the hash.
MD2 :Message Digest #2. Developed by Ron Rivest, it’s a 128-bit one-way hash.
MD4 :Message Digest #4. Another one-way hash developed by Ron Rivest, but later found to be very weak. It was replaced with MD5.
MD5 :Message Digest #5 is an algorithm used to create a hash.
NIST :National Institute of Standards and Technologies is a government agency that establishes national standards.
Non-Repudiation :A process that, once completed, makes it extremely difficult for someone to deny that they were involved in the process. It’s a method of ensuring that someone sent a file or encrypted a file without “reasonable doubt” that they did so.
NSA :The National Security Agency is an intelligence agency responsible for intercepting communications and developing crypto systems for the security of national secrets. This agency employs the largest number of cryptographers in the world.
Oakley :A protocol for a session key exchange that is a hybrid of the Diffie-Hellman scheme.
One Time Pad :Also known as OTP, this is one of the older but most secure forms of encryption. A person creates a pad of completely random characters and then uses that pad to replace the characters in a message, one by one. If the pad is never used again, it is nearly impossible to break.
One Time Password :A security mechanism in which a password is only used one time and never again. These passwords are usually generated by a small card-like device that is synchronized with an authentication server.
One Way Hash :Also known as a one way function, this is the same as a message digest or a fingerprint. It’s called “one way” because the algorithm creates an encrypted string that cannot be decrypted. The encrypted string is used for comparison only.
PAP :Password Authentication Protocol. This protocol allows users to authenticate with one another but does not prevent unauthorized access.
PCMCIA :Stands for Personal Computer Memory Card International Association. It’s a plug-in slot for peripheral devices such as modems and wireless network access cards. There are also PCMCIA cards that store crypto functions and keys.
PGP :Short for Pretty Good Privacy, this is cryptographic protocol for encrypting e-mail. PGP uses RSA and IDEA algorithms and comes as a complete software package.
PKCS :Public Key Cryptography Standards. This is a standard for keys that was created by RSA and describes how public/private keys can interoperate with various algorithms.
PKI :Public Key Infrastructure. A system that uses public and private keys for encryption and decryption, but also checks to make sure that the correct keys are being used for any transaction.
Plaintext :Data that is in its original form and has not been decrypted. Also, it’s the data after decryption has taken place.
Private Key :One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key belongs to one person (or computer) and is kept safely secret. (Also see Public Key.)
PRNG :Pseudo Random Number Generator. A process or algorithm that generates a random sequence of numbers. A good PRNG will make it nearly impossible to guess what the next number or numbers in a sequence might be. Used in key generation in algorithms.
Protocol :In computer technology, a protocol is an accepted set of rules for computer communications or the transference of data. A protocol goes into a detailed level of instructions for the behavior of any software, hardware, which ports to use, and so on.
Public Key:One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key can be shared with anyone and everyone without fear that it will give any clues as to what the private key might be. (Also see Private Key.)
RADIUS :Remote Authentication Dial-In User Service. A protocol developed to help secure remote access to networks by persons, computers, and other networks. Originally developed to secure modem banks, it is now used to secure remote network connections.
RC2 :Rivest’s Cipher #2 or Ron’s Cipher #2. Named after Ron Rivest, this is a block cipher that uses a 40-bit key that is considered very weak.
RC4 :Rivest’s Cipher #4. This is a stream cipher that is widely used in commercial products and especially in e-commerce transactions.
Reusable Passphrase :A passphrase that can be used over and over, with no limitations. Most passphrases are reusable.
Revocation :The retraction or cancellation of a certificate and its associated keys.
RNG :Random Number Generator. An algorithm or cryptographic device that can create true random numbers. True random numbers are often generated by physical and natural events that cannot be predicted and occur randomly.
RSA :Stands for Rivest, Shamir, Adelman, which are the last names of the three men who created the RSA algorithm and the RSA company (RSA Data Security). The RSA algorithm creates public/private keys and can be used to create a digital signature (among other activities).
Salt :Random data that is mixed in with a password to help foil dictionary attacks on passwords.
Secret Key :The key created by a symmetric algorithm. This key is used to both encrypt and decrypt data.
Seed :A random value that is added to an algorithm to help begin the generation of a pseudo random number. (See PRNG.) This is not to be confused with the seed generation used in tennis tournaments.
Server :Usually a large and powerful computer used to store and disseminate large amounts of data and/or services to desktop computers and laptops on a network (clients). Servers are also used for storage and important applications.
Session Key :A key that is only used for a short period of time: a session. The key is normally used to encrypt data between two machines only and is thrown away when the session is complete.
SHA-1 :Secure Hash Algorithm #1. An algorithm used to create a one-way hash. It’s similar to MD4.
SHTTP :Secure HyperText Transfer Protocol. This is a change to the regular HTTP, which is used to display Web pages. HTTP adds cryptological services to HTTP for the encrypted transmission of sensitive data over the Web.
SKIP :Secure Key Interchange Protocol. This protocol is used in the IPsec headers. The headers contain information about keys that are being exchanged over the network. The header contains information such as what type of key is included, its destination and source, and the application associated with it.
SKIPJACK:A block cipher developed by NSA and often used in hardware crypto devices.
S/MIME :Secure Multipart Internet Message Extensions. This protocol is added to e-mail programs so e-mail can be encrypted and the contents kept secret.
SMTP :Simple Mail Transfer Protocol. The protocol used to transmit e-mail between servers. SMTP traffic is not encrypted.
Snake Oil:A derogatory term used to describe marketing language that is deceptive and misleading, often stating that the encryption or crypto device does more than it is able to do.
Sniffing :A method of listening in on network traffic and capturing it. A special sniffer program is run on a computer on the network and captures and stores the information it was told to save. Very similar to eavesdropping. Hackers use these programs to capture UserIDs, passwords, encryption keys, and other important data.
SSL :Secure Sockets Layer. A cryptologic protocol that is added to data at the socket layer so a secure, encrypted link can be established and maintained. This protocol is often added to applications and is primarily used to protect Web communications.
Stream Cipher :A symmetric key cipher that encrypts data bit by bit rather than cutting the date into chunks like a block cipher does.
Symmetric Algorithm :An algorithm that creates a single key to both encrypt and decrypt data. This is sometimes called a “secret key” algorithm because the key is never supposed to be made available to the public and must be kept secret.
TACACS+ :Terminal Access Controller Access Control System. Does the title somehow give you an idea that this protocol is used to control access to something? It is. It was developed by Cisco and is used to authenticate and authorize remote access by persons or machines.
TCP/IP :Transmission Control Protocol/Internet Protocol. A suite of protocols used for networking that has become the de facto standard. Even networks that use other networking protocols will include TCP/IP so other networks can communicate with them.
TLS :Transport Layer Security. This is a draft version of a new security protocol to replace SSL.
Token :A hardware device that is used to authenticate its owner to computers and applications on a network. A token can be a one-time password generator, a physical device that plugs into a socket, a smart card that is run through a reader, or another similar device.
Triple DES :Also known as 3DES, this algorithm is basically the same as DES except that it encrypts each block of data three times instead of once.
Twofish :A new symmetric algorithm that was one of the runners up to become the new AES algorithm for government use. It is freely available on the Internet.
Validity :The level of confidence a person has that a key actually belongs to the person who presented it.
Verification:Comparing a digital signature created with a private key to its public key. This proves that the information was sent by the person who actually digitally signed the data.
VPN :Virtual Private Network. A VPN provides an encrypted link on an otherwise unprotected network such as the Internet. It allows remote computers or networks at a distance to connect to another and protect their communications with encryption.
Web of Trust :The scheme used by PGP where individuals “sign” other people’s public keys to give an indication of the key’s validity.
X.509 :A public key certification specification as part of a directory system that stores and distributes public keys.
XOR :Stands for eXclusive Or; it is a mathematical function of comparing bits from the data to random bits created by the algorithm. It’s used to indicate whether the bits of the two strings match
List Of 105 Useful Websites
1. screenr.com – Record movies of your desktop and send them straight to YouTube.
2. bounceapp.com – For capturing full length screenshots of web pages.
3. Goo. gl – Shorten long URLs and convert URLs into QR codes.
4. untiny.me – Find the original URLs that’s hiding behind a short URLs.
5. localti.me – Know more than just the local time of a city
6.copypastecharacter.com– Copy-paste special characters that aren’t on your keyboard.
7. topsy.com –A better search engine for twitter.
8. fb.me/AppStore –Search iOS apps without launching iTunes.
9. iconfinder.com –The best place to find icons of all sizes.
10. office.com –Download templates, clipart and images for your Office documents.
11. woorank.com –everything you wanted to know about a website.
12. virustotal.com –Scan any suspicious file or email attachment for viruses.
13. wolframalpha.com– Gets answers directly without searching .
14.printwhatyoulike.com– Print web pages without the clutter.
15. joliprint.com –Reformats news articles and blog content as a newspaper.
16. isnsfw.com – When you wish to share a NSFW page but with a warning.
17. eggtimer.com – A simple online timer for your daily needs.
18. coralcdn.org – If a site is down due to heavy traffic, try accessing it through coral CDN.
19. random.org – Pick random numbers, flip coins, and more.
20. mywot.com –Check the trust level of any website .
21. viewer.zoho.com –Preview PDFs and Presentations directly in the browser.
22. tubemogul.com –Simultaneously upload videos to YouTube and other video sites.
23. truveo.com – The best place for searching web videos.
24. scr.im – Share your email address online without worrying about spam.
25. spypig.com – Now get read receipts for your email.
26. sizeasy.com –Visualize and compare the size of any product.
27. whatfontis.com –quickly determine the font name from an image.
28. fontsquirrel.com –A good collection of fonts – free for personal and commercial use.
29. regex.info – Find data hidden in your photographs .
30. tineye.com – This is like an online version of Google Googles.
31. iwantmyname.com– Helps you search domains across allTLDs.
32. tabbloid.com –Your favorite blogs delivered as PDFs.
33. join. me – Share your screen with anyone over the web.
34. onlineocr.net –Recognize text from scanned PDFs and images – see other OCR tools.
35. flightstats.com –Track flight status at airports worldwide.
36. wetransfer.com –For sharing really big files online.
37. pastebin.com – A temporary onlineclipboard for your text and code snippets.
38.polishmywriting.com –Check your writing for spelling or grammatical errors.
39.awesomehighlighter.com– Easily highlight the important parts of a web page.
40. typewith.me –Work on the same document with multiple people.
41.whichdateworks.com –Planning an event? Find a date that works for all.
42. everytimezone.com– A less confusing view of the world time zones.
43. warrick.cs.odu.edu– You’ll need this when your bookmarked web pages are deleted.
44. gtmetrix.com – The perfect tool for measuring your site performance online.
45. imo.im – Chat with your buddies on Skype,Facebook, GoogleTalk, etc from one place.
46.translate.google.com– Translate web pages,PDFs and Office documents.
47. youtube.com/leanback – Sit back and enjoy YouTube videos in full-screen mode.
48. similarsites.com –Discover new sites that are similar to what you like already.
49. wordle.net – Quicksummarize long pieces of text with tag clouds.
50. bubbl.us – Create mind-maps, brainstorm ideas in the browser.
51. kuler.adobe.com –Get color ideas, also extract colors from photographs.
52. followupthen.com– Setup quick reminders via email itself.
53. lmgtfy.com – When your friends are too lazy to use Google on their own.
54. tempalias.com –Generate temporary email aliases, better than disposable email.
55. pdfescape.com –Lets you can quickly edit PDFs in the browser itself.
56. faxzero.com – Send an online fax for free– see more fax services.
57. feedmyinbox.com –Get RSS feeds as an email newsletter.
58. isendr.com –Transfer files without uploading to a server.
59. tinychat.com –Setup a private chatroom in micro-seconds.
60. privnote.com –Create text notes that will self-destruct after being read.
61. flightaware.com –Live flight tracking service for airports worldwide.
62. boxoh.com – Track the status of any shipment on Google Maps – alternative.
63. chipin.com – When you need to raise funds online for an event or a cause.
64.downforeveryoneorjustme.com – Is your favorites really offline?
65. example.com – This website can be used as an example in documentation.
66.whoishostingthis.com –Find the web host of any website.
67. google.com/history– Found something on Google but can’t remember it now?
68.errorlevelanalysis.com– Find whether a photo is real or aphotoshopped one.
69. google.com/dictionary – Get word meanings, pronunciations and usage examples.
70.urbandictionary.com –Find definitions of slangs and informal words.
71. seatguru.com –Consult this site before choosing a seat for your next flight.
72. sxc.hu – Download stock images absolutely free.
73.download.com.np-Get all softwares.
74. wobzip.org – Unzip your compressed files online.
75. vocaroo.com –Record your voice with a click.
76. scribblemaps.com– Create custom Google Maps easily.
77. buzzfeed.com –Never miss another Internet meme or viral video.
78. alertful.com –Quickly setup email reminders for important events.
79.encrypted.google.com– Prevent your ISP and boss from reading your search queries.
80. formspring.me –You can ask or answer personal questions here.
81. snopes.com – Find if that email offer you received is real or just another scam.
82. typingweb.com –Master touch-typing with these practice sessions.
83. mailvu.com – Send video emails to anyone using your webcam.
84. ge.tt – Quickly send a file to someone,they can even preview it before downloading.
85. timerime.com –Create timelines with audio, video and images.
86. stupeflix.com –Make a movie out of your images, audio and video clips.
87. aviary.com/myna –An online audio editor that lets you record and remix audio clip.
88. noteflight.com –Print music sheets, write your own music online (review).
89.disposablewebpage.com– Create a temporary web page that self-destruct.
90. namemytune.com– When you need to find the name of a song.
91. homestyler.com –Design from scratch or re-model your home in3d.
92. snapask.com – Use email on your phone to find sports scores, read Wikipedia, etc.
93. teuxdeux.com – A beautiful to-do app that resembles a paper diary.
94. livestream.com –Broadcast events live over the web, including your desktop screen.
95. bing.com/images –Automatically find perfectly-sized wallpapers for mobiles.
96. historio.us –Preserve complete web pages with all the formatting.
97. dabbleboard.com –Your virtual whiteboard.
98. whisperbot.com –Send an email without using your own account.
99. sumopaint.com –An excellent layer-based online image editor.
100. lovelycharts.com– Create flowcharts, network diagrams, Sitemaps, etc.
101. nutshellmail.com– Get your Facebook and Twitter streams in your Inbox.
102.The Hype Machine -Web-based music discovery site based on the music posted to blogshttp://hypem.com/
103.SimpleWash -A site to help you clean up old content you may not want to show on your social media profiles anymore (currently Facebook only, Twitter is coming soon) SimpleWash™
104.ListenToYouTube.com -Converts YouTube videos to mp3sYouTube to MP3 Converter - Fast, Free - ListenToYouTube.com
105.PushBullet -Easily send notes, links, lists, files, etc. to your Android phonehttps://www.pushbullet.com/
Sunday, 14 July 2013
DoS vs DDoS
The Difference between DDoS and #DoS
#DoS
A DoS Attack is a Denial of Service attack.
This means that one computer and one internet connection is used to flood a server with packets (TCP / UDP). The point of such a denial of service attack is to overload the targeted server’s bandwidth and other resources. This will make the server inaccessible to others and blocking the website or whatever else is hosted there.
#DDoS
A DDoS Attack is a Distributed Denial of Service Attack.In most respects it is similar to a DoS attack but the results are much different. Instead of one computer and one internet connection the DDoS attack utilises many computers and many connections. The computers behind such an attack are often distributed around the whole world and will be part of what is known as a botnet. The main difference between a DDoS attack vs a DoS attack, therefore, is that the target server will be overload by hundreds or even thousands of requests in the case of the former as opposed to just one attacker in the case of the latter.
Therefore it is much, much harder for a server to withstand a DDoS attack as opposed to the simpler DoS incursion
Types of #DDoS Attacks
DDoS - Denial of Service
Volume Based Attacks - This type of attack includes UDP floods, ICMP floods, and other spoofed packet floods. The goal of this DDoS attack is to saturate the bandwidth of the attacked site. The magnitude of a volume-based attack is usually measured in Bits per second.
Protocol Attacks - This type of DDoS attack consumes the resources of either the servers themselves, or of intermediate communication equipment, such as routers, load balancers and even some firewalls. Some examples of protocol attacks include SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. Protocol attacks are usually measured in Packets per second.
Application Layer Attacks -
Perhaps the most dangerous type of DDoS attack, application layer attacks are comprised of seemingly legitimate and innocent requests. The intent of these attacks is to crash the web server. SDome examples of application layer attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. The magnitude of this type of attack is measured in Requests per second.
#DoS
A DoS Attack is a Denial of Service attack.
This means that one computer and one internet connection is used to flood a server with packets (TCP / UDP). The point of such a denial of service attack is to overload the targeted server’s bandwidth and other resources. This will make the server inaccessible to others and blocking the website or whatever else is hosted there.
#DDoS
A DDoS Attack is a Distributed Denial of Service Attack.In most respects it is similar to a DoS attack but the results are much different. Instead of one computer and one internet connection the DDoS attack utilises many computers and many connections. The computers behind such an attack are often distributed around the whole world and will be part of what is known as a botnet. The main difference between a DDoS attack vs a DoS attack, therefore, is that the target server will be overload by hundreds or even thousands of requests in the case of the former as opposed to just one attacker in the case of the latter.
Therefore it is much, much harder for a server to withstand a DDoS attack as opposed to the simpler DoS incursion
Types of #DDoS Attacks
DDoS - Denial of Service
Volume Based Attacks - This type of attack includes UDP floods, ICMP floods, and other spoofed packet floods. The goal of this DDoS attack is to saturate the bandwidth of the attacked site. The magnitude of a volume-based attack is usually measured in Bits per second.
Protocol Attacks - This type of DDoS attack consumes the resources of either the servers themselves, or of intermediate communication equipment, such as routers, load balancers and even some firewalls. Some examples of protocol attacks include SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. Protocol attacks are usually measured in Packets per second.
Application Layer Attacks -
Perhaps the most dangerous type of DDoS attack, application layer attacks are comprised of seemingly legitimate and innocent requests. The intent of these attacks is to crash the web server. SDome examples of application layer attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. The magnitude of this type of attack is measured in Requests per second.
Subscribe to:
Posts (Atom)