WebExpert

Alternatives to a Boot Disk

2009-03-27T11:19:00.000-07:00

There are alternatives to using a boot disk to locally gain access to a computer.

Introduction

This is my paper on gaining access to a computer connected to a secure network locally. Firstly I would like to state that simply getting a boot disk would be simple to do and would be good to use however there is a problem with doing this which I will come to later.

What is the point?

Maybe you want to access the computers personal hard disk for various reasons. However if a computer is connected to a network and requires a username and password to login then this is stopping you gaining access to the computers personal hard drive.

So how can this problem be turned around?

Well firstly we need to access how the computer is connected to the network there are really only two ways. A wireless connection and a wired connection. It is important to understand that whilst the computer is connected to the network any activities can be logged.

Here is my example. I was in college talking to What_a_legend on msn, i started looking through the c drive (local drive) for rats. Then i stuck my memory stick in and it detected a port scanner. Two hours later i had been banned from the network. So i went to the head admin and asked why? He told me the reason was because he had monitored everything i did remotely.

Therefore its important to disconnect from the internet. Simply turn off the computer an unplug the Ethernet cable because if you think logically this is the only cable connected to the computer with the exception of i/o devices and also the power source. If the computer is wireless which is very rare unless it’s a laptop so really we don’t need to go into how wireless can be disconnected before login.

So now we are disconnected

When the computer was connected to the network it could drag information such as login etc from a server. So logically before it was disconnected you would expect to log in with a username and password which is authenticated against what is on the server.

Example

User types in username “122406” user types in password “27162729292” the username and password is sent over the network and is compared to the username “122406” to see if the password matches.

What do we expect?

At this point three things could happen, firstly the computer will just log in without any password screen. Secondly nothing will log you in. Thirdly anything can log you in.

So if the operating system just loads without username and password log in everything is good and you can’t be monitored as you have disconnected. If nothing logs you in, you try something else. If anything logs you in then this is practically the same as not having to log in.

So we have the problem of still not being able to log in.

There are three ways around this, all being simple.

1. Boot from disk (if you don’t know how to do this then you shouldn’t be reading this in the first place.)

2. Boot with safe mode (if you cant do this either then you fail.)

3. Download a DSL stick onto a flash memory drive and boot from that, you will have access to local drive etc.

Damn Small Linux

Basically Linux on a stick. Everything you need for it can be found here…

http://www.pendrivelinux.com/all-in-one-usb-dsl/

Learn Ethical Hacking via IRC Channel

2009-02-16T11:20:00.000-08:00

Web Security

2009-02-16T11:08:00.000-08:00

You are offering your IP address to the entire world at this very moment.

Make sure you are not offering access to your private data at the same time.

YOUR IP ADDRESS IS PUBLIC

Accessing the Internet is a security risk.

When you are connected to the Internet, an IP address is used to identify your PC. If you don't protect yourself, this IP address can be used to access your computer from the outside world.

A fixed IP address is a larger security risk.

If you're using a modem with a dial-up connection, you will get a new IP address every time you connect to Internet.

With an ADSL or cable connection users sometimes keep the same IP address for several months, this represents an increased security risk.

If you have a fixed IP address, you give potential Internet crackers all the time they need to search for entrances to your computer, and to store and share (with other crackers) information they might find about your unprotected private data.

Your Network Shares

Personal computers are often connected to a shared network. Personal computers in large companies are connected to large corporate networks. Personal computers in small companies are connected to a small local network, and computers in private homes often share a network between family members.

Most often networks are used to share resources like printers, files and disk storage.

When you are connected to the Internet, your shared resources can be accessed by the rest of the world.

A Common Windows Security Problem

Unfortunately, many Microsoft Windows users are unaware of a common security leak in their network settings.

This is a common setup for network computers in Microsoft Windows:

Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
NetBEUI Protocol
Internet Protocol TCP/IP

If your setup allows NetBIOS over TCP/IP, you have a security problem:

Your files can be shared all over the Internet
Your logon-name, computer-name, and workgroup-name are visible to others.

If your setup allows File and Printer Sharing over TCP/IP, you also have a problem:

Your files can be shared all over the Internet

Computers that are not connected to any network can also have dangerous network settings because the network settings were changed when Internet was installed.

Solving the Problem

For Windows 2000 users:

You can solve your security problem by disabling NetBIOS over TCP/IP:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Right-click on Local Area Network
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Click on Advanced
Select the WINS tab
Select Disable NetBIOS over TCP/IP
Click OK

If you get the message: "This connection has an empty......", ignore the message and click on YES to continue, and click OK to close the other setup windows.

You should restart your computer after the changes.

For Windows 95, 98, or ME users:

You can solve your security problem by disabling NetBIOS over TCP/IP:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Select the NetBIOS tab
Uncheck: Enable NetBIOS over TCP/IP
Click OK

You must also disable the TCP/IP Bindings to Client for Microsoft Networks and File and Printer Sharing:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Select the Bindings tab
Uncheck: Client for Microsoft Networks
Uncheck: File and Printer Sharing
Click OK

If you get a message with something like: "You must select a driver.........", ignore the message and click on YES to continue, and click OK to close the other setup windows.

If you still want to share your Files and Printer over the network, you must use the NetBEUI protocol instead of the TCP/IP protocol. Make sure you have enabled it for your local network:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: NetBEUI
Click on Properties
Select the Bindings tab
Check: Client for Microsoft Networks
Check: File and Printer Sharing
Click OK

You should restart your computer after the changes.

Catching Your Website Contents Thieves

2009-02-02T04:44:00.000-08:00

I know the word "Thieves" is not new to us. Their activities did not start today but from the Stone Age by taking what did not belong to them without permission or by force. You will agree with me that as the technology is improving so their techniques get sophisticated. Online theft is not only in the area of credit cards or affiliate money or hacking to download secret or paid information but also website contents.

Why Website Contents?

Have you ever wondered why people visit some websites than others? What make them to come back and even introduce their friends, colleagues, etc to visit the sites? Do you think it is the website designs or image pictures? You will agree with me it is not flash or animated pictures but the answer is contents. Website content is the "King", it drives traffic to the site, makes visitors to come back and introduce others. Because some webmasters have known this, they go to any length to get good website contents. They steal contents (contents, graphics images, codes, video files, etc) from other people sites.

How To Catch Web Contents Thieves?

It may be difficult to start searching through million of websites to know whether your contents have been stolen, off course if you do, it may take you a month or more or you get frustrated. Search engines are the answer. Go to the popular search engines like Google.com, Yahoo.com, etc and following the steps below.

(a) Type your website name to search engine box. You will be able to know how many sites that link to you. Search through these site and see whether they have taken your contents without given reference to you.

(b) Type your company name to search engine box. Search through the sites that appear and find out whether they use your content without permission or reference to your site.

(d) Type your article titles or headlines to search engine box and it will reveal the sites that are using your articles. Check whether they give reference to your website by linking to you.

How To Locate The Thieves?

(i) Using domain lookup: Who is? : Is a tool use to view the owner's or company's name, postal address, e-mail address and phone number of registered domain name. You can simply type Whois.com to a web browser address space and lookup for the owner of the offender website. Also, go to Google.com, type domain lookup in its search box. This takes you to many websites that enable sourcing the owner of domain name.

(ii) By checking the contact address, email address and phone number on the offenders website.

Contact The Offenders.

Having known their contact information? Contact them by sending mail or make call or both to let the offenders know that they have used your website contents without approval. Tell them to remove the contents or they should acknowledge you by putting your website link.

Protect your Website Contents.

(a) You can protect your contents by putting copyright on each page of your website.

(b) By using code or software that will prevent your graphic image from being saved.

6 Ways To Pick Better Passwords

2009-01-30T22:28:00.000-08:00

Everyone who uses the internet must user usernames and passwords and that’s just the way it is. Whether it’s for email, instant messaging or any web site that has authentication of any type, passwords are par for the course.

Years ago most people would have only a handful of usernames and passwords to remember, but with the explosion of social media, online video/audio/photo/file storage and so on, many people have 15 or more.

The way most people get around this is to the use same username/password for all their accounts. This is stupid because if one system you use is compromised where your authentication information is found, all your stuff is then "in the open", so to speak.

I’ll cover how to choose passwords that can be different yet remembered by you easily in the list below.

1. Avoid repeating characters

Example: cccrazylikeafox

The "ccc" is the repeating set of characters. Don’t do this.

2. Use mixed case

Uppercase: CRAZYLIKEAFOX

Lowercase: crazylikeafox

Mixed case: CraZylIkeAfOX

3. Use mixed case letters and numbers

Example: 27CrAzylIkeAFox93

4. Use other characters (if allowed)

Example: 27-C_rA:zy#lIkeAF#

Note: Some web sites don’t allow this (but they all should).

5. Let a password manager choose the password

Example: Use KeePass Password Safe

Example screen shot:

Yes, the above is a crazy password, but that’s the whole point. With 183-bit quality it would be extremely difficult for anyone to find out what it is.

And obviously you should use the password manager software to remember it for you - encrypted, of course.

6. Use a random physical address

This actually does make for fairly good passwords.

Go to Google Maps, pick a town and state that you don’t live in (nor have you ever), type in a type of business and use its physical address as your password.

Example: I choose Boise, Idaho. I’ve never been there and have never set foot in that state. Then I type restaurant and find a place called Elmer’s. The physical address is 1385 S Capitol Blvd.

The password would be written as 1385SCapitolBlvdBoiseID.

According to KeePass Password Safe, this is a 114-bit quality password and well into the "green", which is pretty darned good. The fact it’s also 23 characters long and contains letters of mixed case and numbers also helps out quite a bit.

To note: You will remember this easier than trying to come up with random words and phrases, because more often than not there are time you have to commit physical addresses to memory just trying to get to places - so this is nothing new to you.

I will note again that if you choose to go with this method, pick locations you’ve never been to.

Was there anything I missed concerning better passwords?

Hacker vs Cracker

2009-01-29T22:32:00.000-08:00

The New Hacker's Dictionary defines Hacker as:

"A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations."

The term Cracker was introduced later in defense against journalistic misuse of Hacker, to differentiate between ethical hackers and the malicious hackers who subvert computer security for vandalism, personal gain, or other types of crime.

As the Jargon File states, "While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around some security in order to get some work done)."

"Hacking is probably a natural part of exploring computers, no more malicious than figuring out how to put graphics in the border of the C64, disassembling executables, running programs through hex editors or trying to crack copy-restriction schemes on early software. With a world as vast and seemingly limitless as the Net, (and especially in the days before everyone was on it, when commercialism was strictly forbidden) reaching out to the far tentacles of the matrix was an exciting way to learn what was out there, and that included digging around through various computers. What's here? It's a host. What is it? Let's get in and see. Where does it come from? What does it do? Whose is it? Why is it here? What's on it? These sorts of explorations are a large part of the excitement of youth... Indeed, computer crime, as it is often called, is one of the few ways to keep entertained in the suburbs...

Too many people are quick to see a few 37337 h4x0r5 d3f4c3 4 w3bp4g3 and jump to the conclusion that everyone out there interested in network security is a little kid with a script who wants to write cryptic messages about owning so-and-so and playing games on irc. Beneath this superficial layer is a group of extremely dedicated advocates of freedom, truth, fair treatment, free information, sharing, exploration, curiosity, and knowledge, a true counter-culture which has remained steadfast as a vanguard against injustices perpetrated by the government, by corporations, by authoritarians. Yes, sometimes people think they go too far and probably suspect they're characters in a post-apolocyptic sci-fi movie. Still, the diversity among these people who get written off as "crackers" is such that it is unfair to characterize the group as a whole..." (Jason Kroll, Linux Journal editor)

"It all boils down to what kind of motivations and opportunities the hacker has. If the hacker is unethical, many times his motivations will be based upon greed, hate, bias, and a destructive mindset. If the hacker is ethical, then he may be motivated by an intellectual challenge, innovative ingenuity, and the like. The opportunities for hackers to hack depends heavily upon their own skills and abilities, as well as the targeted system's own deficiencies. The line between ethical and unethical hacking is a thin one, one which many do not dare to walk on." (Rich Christie)

Hacking Groups

2009-01-29T22:30:00.000-08:00

Legion of Doom (LOD)

H/P group, founded by Lex Luthor. The group later split into LOD (phreaking) and LOD/LOH (hacking). Involved in the Great Hacker War (1990-1991), an online conflict between MOD and the group Legion of Doom (LOD).

Members of LOD were: Lex Luthor, Erik Bloodaxe, Bill From RNOC, Lord Digital, The Mentor, Mark Tabas, Agrajag The Prolonged, King Blotto, Phiber Optik (joined MOD), The Urvile, Doc Holiday, Dead Lord, Doctor Who, Paul Muad'Dib, Prime Suspect, Frank Drake, Riot, The Leftist, Thomas Covenant, The Prophet, Monster X, The Marauder, Skinny Puppy, Professor Falken, Control C/Phase Jitter, Unknown Soldier, Phantom Phreaker, Sharp Razor, Phucked Agent 04, X-man, Randy Smith, Steve Dahl, The Warlock, Terminal Man, Silver Spy, The Videosmith, Malefactor, Blue Archer, The Dragyn, Gary Seven, Carrier Culprit, Kerrang Khan, The m0nit0r, Master of Impact, Doom Prophet, Sundry.

Masters Of Deception (MOD)

H/P group, founded by Acid Phreak, Scorpion and HAC. MOD controlled all the major telephone RBOC's and X.25 networks as well as controlling large parts of the backbone of the rapidly emerging Internet. Involved in the Great Hacker War (1990-1991), an online conflict between MOD and the group Legion of Doom (LOD).

The original members of MOD were: Phiber Optik, Acid Phreak, Scorpion, HAC, Corrupt/Netw1z, Outlaw. Other members were: Wing, Supernigger, Nynex Phreak, Billy The Kid, Crazy Eddie, The Plague, ZOD, Neutrino, Seeker, Red Knight and Lord Micro.

Extracting Email Headers

2009-01-28T11:11:00.000-08:00

Email header is the information contained in every mail message which is used by mail programs to provide the user with a summary of the origin and contents of each message.

Hotmail
Log into Hotmail.
Click on "Options" tab on the top navigation bar.
Click on the "Mail Display Settings" link.
Change the "Message Headers" option to "Full".
Click the "OK" button.

Yahoo Mail
Log into your Yahoo! Mail account.
Click the "Mail Options" link on the left-hand navigation bar.
Click the "General Preferences" link on the right.
Locate the Show Headers heading and select "All."
Click the "Save" button to put your new settings into effect.

Outlook Express 4,5,6 and XP for Windows
Select the message.
Click on File menu.
Select Properties.
Click on Details tab.

Outlook 2000, XP
Right click on the message without opening it.
Select Options, then Full Headers.

Microsoft Outlook 98
Open the message and select View, then Options from the drop-down menus.
Near the bottom of the screen there is a section titled INTERNET HEADERS.
Copy the header.

IncrediMail
Select File > Properties and then the Details tab.

Rediff Mail
Click 'Folder Options'.

Microsoft Entourage(Office X for Mac)
Select the message in the Inbox.
Go to View > Source.
The new window will contain full headers and message text.
Alternately, go to Edit > Preferences > Mail and News.
Under the View tab, there is a checkbox for Show Internet Headers.

kmail (KDE Desktop)
Select Message.
View Source.
Copy the text from the "Message as Plain Text" window.

Gmail
Open the message you'd like to view headers for.
Click the down arrow next to Reply, at the top-right of the message pane.
Select Show original.

Pegasus Mail
Right click the message, and select Message headers...

Netscape Messenger
Windows users, simply press Ctrl-U (meta-U in unix, ?-U on Macintosh).
A new window will open with the full message including the complete header.

Netscape Webmail
While viewing the message, click on the yellow triangle to the right of the brief message headers. This will display the full headers along with the message body.

Operamail
Choose Options and enable
Show Message Headers in Body of Message.

Outlook Express for Macintosh
Select the email.
From the View menu, choose Source.
Email with full headers will be displayed.

Outlook Web Access
Left click on the letter you want to open and click on properties.
When that opens click on the Details tab.
Then on message source.
This will open the email with the full headers.

Pine
You must configure Pine to allow showing message headers. You may skip steps 1-3 below if you have performed this configuration.
From the main Pine menu, type S for Setup, then C for Config.
Use the space bar and down arrow to scroll until you reach the option [ ] enable-full- header-cmd, then type X in the box to toggle the option on.
Type E to exit Config, and Y to save changes.
The next time you read a message, type H and the full headers will be displayed at the top of the message. Type H again to hide the headers.

Pronto Mail (GTK/unix)
Click "Message" then "View Source".
Exchange
Open the message.
Choose File then Properties then Internet.
The header will be visible and will be highlighted.
Simply right click and copy it.
In some versions of Exchange, go to the File Menu > Properties > Details > Message Source.

Bat!
From The Bat email software:
Message > SaveAs > Save as Type - I.
Select Unix Mailboxes [*.mbx].
Open the file in your preferred editor, then simply copy from there.
For The Bat! v1.53b :
Select the message.
Click on the "Messages" menu.
Select "View Source".
Alternatively, you may push F9 instead of the last two steps.

AOL Mail
If the email is sent from anywhere OTHER then AOL, and you are receiving it in AOL, then open the email you want to trace, or have your client open the email, and look for the link Details. This link is usually just below the To:email in the email message. If the email is sent from an AOL user to another AOL user then our Reverse AOL Screenname search can get you the sender's information.

XtraMail
Log into XtraMail
Click on "Options" in the Left-hand navigation bar.
Click the "Display" button.
Change the "Message Headers" option to "Full".
Click the "OK" button

Map Out Your Future Through Microsoft Certification

2009-01-25T12:05:00.000-08:00

The influence that the Microsoft Corporation has had on the development of the computer industry and on the Western World cannot be easily quantified. It would be difficult if not impossible to estimate how many people actually hold Microsoft Certification around the globe.

Microsoft themselves estimate that the figure must run into the tens of thousands. It is possible to hold certification in the most simple software program right up to the most complicated of network service managers, with all the stations in between.

Anyone who holds certification from this vast global enterprise that is Microsoft has to be taken seriously. These people do not necessarily work for Microsoft, or even for a certified service provider. They may be freelancers, who will proudly display their certification, knowing that they will instill into their client the peace of mind that only working with a person who takes their profession seriously can bring.

Even with the entire gloomy picture being painted of the economy and job prospects for 2009 and even parts of 2010, professionals in the computer software industry stand a better chance than most of keeping their heads above water. Especially those who had the sense and the ability to think forward. Those who were prepared to settle only for one of the many Microsoft software certifications.

The powers that be at Microsoft, still the World's leading software designers decided that they would group their programs under as single umbrella when it came to studying the software as well as being granted certification on a particular aspect of it.

This means that a graduate of the Microsoft study program would be given the status as a professional operator, with specialization within a certain role. Some of the roles are designated as follows:

Microsoft Certified IT Professional
Microsoft Certified Professional
Microsoft Certified Systems Engineer
Microsoft Certified Systems Administrator

Microsoft Certification provides the programs' participants with the following very worthwhile ammunition to help them get ahead in the tough World of network supervision.

Total familiarity with all Microsoft Windows network programs
The ability to design, plant and implement network systems
The ability to analyze, detect and prepare any problems that can appear in any Microsoft Windows network programs
The ability to design and implement a network security program in any of the Microsoft Windows network programs

In order to allow certification, potential candidates must attend and complete a course, covering the general aspects of Microsoft software programs for networks, as well as particular certification on the student's specialist subject. There is also the possible to study online, through the purchase of an online study guide. However the student must attend the examinations on site, in order to receive certification on the subject that they reach the necessary standards.

Students can also acquire more than one specialist certificate, with many of them adding to their list of specialist subjects gradually over the years, either in the quest of increased knowledge or particular demands of their career.

Whatever way you look at it, Microsoft Certification holds the key that will open doors to the most successful career in network management.

Using Social Networks Properly

2009-01-23T03:41:00.000-08:00

So you want to get free advertising, traffic and back links from the multitude of social networks out there but you don't know which to use and what to do. Hopefully today you'll learn a few useful tips to boost your profile and maximize the buzz of social networks.

Where To Start?

Digg is hard to use unless you've been around a while. It's top users really flex their collective muscle when it comes to dominating the front page. That doesn't mean you shouldn't add your articles - Not at all - Adding your articles to Digg, making tons off friends and testing the water is well worth it. Chances are you WON'T make the front page, but if you do......traffic jackpot.

Propeller is fast to use, which means you can get in and out with much fuss, so I highly recommend adding your link there.

Stumble Upon is nowhere near as good as it was and you have to stumble a ton of site to get and credibility. You should add your profile and your blog/site, but don't expect the promise you may hear.

Reddit is pretty good and low effort so definitely give it a try.

Delicious is a little bit of a pain - The tool bar you have to download is annoying and the whole submission process could be handled better, but if your site gets buzz from delicious then it will all be worth the fuss.

The key to the major sites is to make friends, comment on articles and be positive. You will get reciprocal votes, as long as you appear genuine and give someone a value of sorts.

Twitter - Here is a little trick for twitter to get an extra "dofollow" link. You get to add your website or blog, but if you stick your site url in your bio entry, you'll get an extra "dofollow" link. A nicve little bonus.

Using Myspace and Facebook - These two can be useful as you just upload your links on your profile and add friends galore. People who follow you on Social Networks have a greater trust for you and therefore your site or blog, making preselling easier. The slot machine chat room on Facebook is a great way to find new friends to add.

Qassia is relatively new, but a lot of smart people are using it to get backlinks (pr5) to there websites. With Qassia, you add articles and get rewarded with a "dofollow" backlink and Qassia "cash".

Qassia Cash can be used to advance you link positions and there is talk that it will be able to be used to purchase advertising. I find Qassia the easiest source of "dofollow" backlinks available.

You can join Qassia Here - It's worth joining believe me.

Pligg Sites

These mini "Digg" sites are worth a mention as they when used properly , help you build up some nice little traffic. Pligg sites are Digg clones and as such are easy to submit and vote on. They a much smaller so they won't get you anywhere near as much traffic, but because they are small they are easier to dominate and make the front page.

Just like the big social bookmarking networks, Pligg sites work by you submitting a link and then others vote on it. You can add friends and get more votes, which is always a good strategy.

The best Pligg based sites are Topstumbles, DropJack and StuffDaily.

Using these can help get you the extra traffic boost you want to take your "numbers" to the next level.

You can find more info on Small Business strategies and other helpful advice at The Solution Website

Scareware Beware!

2009-01-22T12:10:00.000-08:00

There is a new internet scam going around now. It is called Scareware! So what exactly is Scareware? You have heard of spyware and shareware, and now there is Scareware. And it can be scary indeed, along with costly. Scareware shows up on a computer, saying that there is a problem and offers to fix it, for a price. The ads warn people their computer is infected, maybe with illegal porn or worse a dreaded virus that will crash their computer. Experts say these ads are a front for a nasty virus. They are a mask for a virus that tries to scare people in to buying anti-spyware. You are at risk even if you don't buy the anti-spyware. What they are doing is basically asking you to pay money to protect your computer from them!

Scammers make very realistic copies of real sites and then booby trap these sites with a virus. Once you are on of these sites the Scareware alerts you to a problem and offers to scan your computer and then finds all kinds of problems. And then tries to sell you anti-virus software at $49.95. It doesn't matter if you buy the software or not because by this time pop-up ads take over your computer multiplying too fast to close and you can't get your computer to release until you buy the software!

Microsoft's latest intelligence report says that 8 million computers have been infected with Scareware! The Federal Trade Commission says 1 million people have had their computers infected with Scareware and the scammers have scammed those million people out of $40,000!

So, how can you protect yourself from this Scareware? You can always check out the RipOff Report or the Better Business Bureau before you do ANYTHING online. But the best advice I can give you is NEVER click on a link in an email unless you know who that email is from and NEVER EVER click on an ad saying you may have a virus on your computer because if you do click, you will definitely have a problem. It will fry your computer!

An informed consumer is a smart consumer!

What is Hacking?

2009-01-22T11:13:00.000-08:00

What is your definition of hacking? Most people think of the news stories that relate to big companies having embarrassing problems as their data is compromised. But in truth, hacking goes a lot further than this.

It doesn't always have to be someone you don't know who hacks into your systems and causes problems for your business. It could equally be someone who works for you that doesn't have your best interests at heart. This is because the basic meaning of hacking is when someone accesses some or all of your computer systems without permission. And it doesn't just happen over the internet.

Quite often, many people don't see how widespread computer hacking computer hacking that they are only in danger from internet based attacks means they may not be covered for all risks. Even those companies that do all they can to prevent hacking which occurs online may have unwittingly turned a blind eye to other dangers.

This is why an understanding of what hacking is and what it involves can help you to protect your own business more fully. But what do you do if you don't know all the ins and outs of the threats posed?

The easiest solution is to rely on an expert to make sure every potential hole is plugged, and no one can break into your systems. Network penetration testing is one of the best ways to see how good your computer network really is. If you do have vulnerabilities it's best to find out via someone who is honest and is looking for them to benefit you. If you assume everything is okay and it isn't, you could be in for a nasty shock at some point in the future.

It is probably because people limit their definition of hacking that some businesses are more in danger than they realise. Everyone likes to think that all their employees are working honestly and for the company's good, but it doesn't always pan out that way.

Supposing an employee was given notice to leave but they had until the end of the day to clear their desk. They could potentially do a lot of damage to your computer system before they left, if the mood took them that way. Even though you could have them arrested for their actions, the damage would still be done and it would take time to rectify.

An expert in the field of ethical hacking would be able to highlight any potential problems and solve them before anyone else had a chance to exploit them. And that is certainly a service that is worth paying for.

Don't make the mistake of thinking this should only be done once though. Hackers are constantly finding new ways into previously secure systems. If you employ a company to see how up to date your security measures really are, make sure you do it on a regular basis. If you don't, you still run the risk of being caught out.