Linux Today: Linux News On Internet Time.

SysAdmin: How to Hack [Overview of Three Part Series]

Mar 17, 2001, 22:10 (1 Talkback[s])
(Other stories by Kurt Seifried)

"An earlier term for gaining unauthorized access to computers was "cracking" (as in safe cracking), whereas "hacking" applied to people that pushed computers and software to their limits (and beyond). Over time, the media has bastardized the term "hacking", leaving "cracking" to pedantic geeks and the history books. The term hacker is now applied equally to people like Linus Torvalds (father of Linux) or Tim Berners-Lee (father of the modern WWW), and criminals that steal information or execute attacks on network sites."

"What is a hacker (ignoring the law-abiding definition)? It's anyone who tries to intrude into other computers and networks. This definition covers almost anything modern -- from corporate networks to the phone system and power grid. Anything remotely complex in the modern world is invariably controlled by computers, and people have discovered that networked computers are more useful and easier to manage then standalone computers."

"The first thing to realize is that the majority of hackers possess very little expertise. Teenagers have managed to take major online companies (like Yahoo and CNN) offline with network-based attacks. How can it be that they are not geniuses? To put it bluntly, because the state of computer security, on average, is terrible. The fundamental protocols used for communicating on networks were designed a long time ago in a less hostile environment, and in many cases, these protocols were not meant to survive this long. The majority of computers placed on networks are insecure, because securing a modern OS takes a significant amount of effort. In most cases, you must disable services, remove unneeded software, upgrade and patch the system, make sure the OS is hardened, and then worry about users running foreign content sent to them in emails labeled "I love you". Most admins don't have the time or resources to properly secure their infrastructure, and far too many projects (especially online e-commerce ones) are rushed to completion."

Complete Story

Related Stories: