in addition to the Tor question, where do you even begin with computer hacking?

It looks all cool in the films and on the telly, but nobody ever really mentions where they start, you just see some code being punched in and booya!! they’re flying jets remotely (this may have been a dream)

Just curious

you spend 90% of your time looking at a terminal window with nothing very exciting happening in it. you start nowerdays mostly by downloading some free cms or webstore and installing it then looking for bugs in it and seeing how the code causes them. or if you are on one of the uni ethical hacking things you’ll be looking as damn vunerable linux/webapp etc. that and read some blog posts.

Google CEH (ethical hacking).

Where you begin is an innate curiosity and a desire to explore.

Also,

Films are broadly bunk. The only films I’ve ever seen with a vague grasp on reality are War Games and Sneakers. And ever then you need a pinch of salt.

Also,

“Hacker” is an abused term. “Cracker” is closer to most Hollywood portrayals. Hackers are akin to tinkerers, hobbyists.

Social engineering

http://globalthermonuclearwar.net/

Cougar
Also,

Films are broadly bunk. The only films I’ve ever seen with a vague grasp on reality are War Games and Sneakers. And ever then you need a pinch of salt

This x1000

In films, the hacker simply plugs in there generic windows laptop the the device to be “hacked” even if that is an alien space ship, which wouldn’t have the correct socket, voltage levels, number of digital pins, may not even use electricity, not have a std protocol, not use a std operating system, work at a different frequency etc etc etc, and presses a button. 3 secs later after the laptop screen has shown some wizzy graphics, the device is “hacked” and the hacker has complete and full control over that device…..

Have recently seen an effort to make this more realistic in TV and films. Blackhat wasn’t the usual ridiculous hollywood bunk. I’m also quite liking Mr Robot.

But doesn’t the “U” in USB stand foruniverseal? 😕

matrix trilogy got some bits right, you seen nmap and a known ssh exploit get run. i still take ceh with a dim view, but it might have improved from the joke it used to be. and the term hacker is correct, the mythical 80’s use has well and truly been superseded, best you can do now is try and pin hat colours on people.

Mr Robot is great definitely a step up in the realism stakes. Like the small details even the episodes are named like files you’d torrent. Plus good script and great acting.

I’ve never heard of that, what is it? (Yes, I could Google, but personal recommendation and all that…)

Extended trailer.

Get yourself a plane ticket to Vegas and pay your $230 (cash only) on the door and hack all day with the best of them……

https://www.defcon.org

Or if you want to be a good guy:

https://www.blackhat.com

I sat in a very interesting cybersecurity talk a few weeks back, these might be useful bits of kit to take along to help, hackers generally rely on the social engineering way in nowadays along with a few key tools……

USB Rubber Ducky

WiFi Pineapple

http://www.instructables.com/id/USB-Keylogger/

Big axe, just mind out for the shards of plastic 🙂

there are nearly as many blackhats at blackhat as there are a defcon, due to ticket prices you see just as many industry people at defcon too. and i disagree with the se point if you look at any of the major breaches over the last few years they weren’t caused by se, much more likely to be sqli, drive by downloads, or just standard phishing, se, apt and targeted attacks are saved for special occasions not the daily ownage.

All you need is this H4XX0R

I work in “cyber security” and it isn’t sexy 😆

As said up there ^^ you look at a terminal swearing mostly 😀

Plus it’s not all “lets fire up some software and launch it at things” you actually have to do some of that there thinking.

If we strip this back to the bare basics, old Internet code was written if A happens then proceed to C If B happens proceed to D. When I was a kid I’d look at the source code (the Web page script) and read the code. I’d look for passwords or back doors In the script (this was many years ago mind, it’s much more complicated now) and I’d use that to log in and look at……. you guessed it…. porn. I’d also take a look at a free picture on called say www. Xxxx/0001.jpg and run that through a programme that went through all the numbers until another file was found. Very very basic but that’s where it started.

[video]https://www.youtube.com/watch?v=gOrkA_XJ4FU[/video]

Or pay LIAG to do it for you (ethically, of course)!

It often stems from an interest in computer science, and a desire to understand the systems better. The term “hack” comes from an American slang term for “prank”. And “forcing something to work in a different way than it was originally programmed/designed”.

I took the CEH exam a few years ago to expand my knowledge of threats to systems, but much of it was “how to use this tool, how to use that tool”. I have a friend who works for a top UK IT security company, and they spend months developing their own toolsets for exploits on customer systems, finding a weakness in their in-house applications. Very hard work, but very very good money! (He’s CREST registered too….)

I sit the other side of the fence – defensive as opposed to offensive – keeping ‘hackers’ at bay from our systems.

I know of someone (my sister in laws friend) who does the offensive stuff for a living. Hacking loyalty cards for free stuff, social engineering shops and then posing as employees the next day to get into stuff and making scripts for Tinder to show complete Facebook profiles are a few he’s done. Nice work if you can get it I guess, my efforts fizzled out at finding an Abbey National server number through war dialling in a phone box (the manual way) till I got lucky and hit modem noises. Oh and messing about with folk on school computers using Netbus. Apparently that made me a hacker (according to the computer studies teacher) when I got caught and banned.

@dave_rudebar – Shirley you mean NCC or Context? LIAG only work for Queen and country (unless you know something I don’t!).

The way I’ve looked at hacking is that it’s discovering ways of getting software to do things that it should not do.

Traditional development is all about building software that does what the requirements say that it should and traditional testing is all about making sure that it meets those requirements and functions as a product (i.e. it does what it is supposed to). When you have failures in software that allow you to do things that you should not be able to do, for example executing commands as a user with higher privileges than you should have, that’s a bad thing.

My day to day is spent triaging reports of bugs like these. I get exposed to a lot of issues on a lot of technologies and there’s rarely a dull day. Mind you, that’s partly due to my background in test… I love finding problems.

The way I’ve looked at hacking is that it’s discovering ways of getting software to do things that it should not do.

And hardware.

And, come to that, people. (Far and away the easiest way of getting someone’s password is to go up to them and say “hey, what’s your password?”.)

And, come to that, people. (Far and away the easiest way of getting someone’s password is to go up to them and say “hey, what’s your password?”.)

Or:

Social engineering at its finest.

Cougar, fair point.

I got into computer security to meet girls.

how did that work out for you?

Well, cyberstalking is a lot easier if you control the webfilters and page logs…

“Hacker” is an abused term. “Cracker” is closer to most Hollywood portrayals.

But you can’t say cr**er, that’s racist.

maxtorque – Member

In films, the hacker simply plugs in there generic windows laptop the the device to be “hacked” even if that is an alien space ship, which wouldn’t have the correct socket, voltage levels, number of digital pins, may not even use electricity, not have a std protocol, not use a std operating system, work at a different frequency etc etc etc, and presses a button. 3 secs later after the laptop screen has shown some wizzy graphics, the device is “hacked” and the hacker has complete and full control over that device…..

If you’re referring to Independence Day, the best explanation i saw was that the Area 51 craft was studied and became the origins of human computing systems. Therefore, there was some compatibility between Geoff Goldblum’s laptop and the mothership.

If you’re referring to Independence Day, the best explanation i saw was that the Area 51 craft was studied and became the origins of human computing systems. Therefore, there was some compatibility between Geoff Goldblum’s laptop and the mothership.

There are some things that don’t need explanation, and Independence Day is one of them. Great film, but don’t try to justify the stupidity.

And it’s Jeff Goldblum.

(Far and away the easiest way of getting someone’s password is to go up to them and say “hey, what’s your password?”.)

closely followed by looking at the post-it stuck on the underside of their keyboard

If you’re referring to Independence Day, the best explanation i saw was that the Area 51 craft was studied and became the origins of human computing systems. Therefore, there was some compatibility between Geoff Goldblum’s laptop and the mothership

The best explanation I saw was that it was a film made primarily for an American audience

Talk to me like i’m an idiot

Mr Trump, how are you?

Films are broadly bunk. The only films I’ve ever seen with a vague grasp on reality are War Games and Sneakers. And ever then you need a pinch of salt.

Seeing Sneakers at the cinema, and knowing what exotic terms like RAM meant, won me a week long trip for two to LA! I’ll hear nothing bad about that film. 😀

Mate of mine swears that Swordfish, if you take away a lot of the Hollywood bullshit, is actually not a bad film from a technical standpoint. But, but that rationale, Die Hard 4.0 would be a good film as well.

It’s not.

He does think that Nick Cage is a decent actor though, so is not to be trusted.