|
|
Hacking tends to be a misunderstood topic, and the media likes to sensationalize, which just exacerbates this condition. Changes in terminology have been mostly ineffective — what's needed is a change in mindset. Hackers are just people with innovative spirits and an in-depth knowledge of technology. Hackers aren't necessarily criminals, though as long as crime has the potential to pay, there will always be some criminals who are hackers. There's nothing wrong with the hacker knowledge itself, despite its potential applications.
Like it or not, vulnerabilities exist in the software and networks that the world depends on from day to day. It's simply an inevitable result of profit-oriented software development. As long as money is connected to technology, there will be vulnerabilities in software and criminals in networks. This is usually a bad combination, but the people finding the vulnerabilities in software are not just profit-driven, malicious criminals. These people are hackers, each with their own motives; some are driven by curiosity, others are paid for their work, still others just like the challenge, and several are, in fact, criminals. The majority of these people don't have malicious intent and instead help vendors fix their vulnerable software. Without hackers, the vulnerabilities and holes in software would remain undiscovered.
Some would argue that if there weren't hackers, there would be no reason to fix these undiscovered vulnerabilities. That is one perspective, but personally I prefer progress over stagnation. Hackers play a very important role in the co-evolution of technology. Without hackers, there would be little reason for computer security to improve. Besides, as long as the questions "Why?" and "What if?" are asked, hackers will always exist. A world without hackers would be a world without curiosity and innovation.
I hope this book has explained some basic techniques of hacking and perhaps even the spirit of it. Technology is always changing and expanding, so there will always be new hacks. There will always be new vulnerabilities in software, ambiguities in protocol specifications, and a myriad of other oversights. The knowledge gained from this book is just a starting point. It's up to you to expand upon it by continually figuring out how things work, wondering about the possibilities, and thinking of the things that the developers didn't think of. It's up to you to make the best of these discoveries and apply this knowledge however you see fit. Information itself isn't a crime.
"Smashing the Stack for Fun and Profit", Phrack 49. http://www.phrack.org/show.php?p=49&a=14
. "Experimental Quantum Cryptography", Journal of Cryptology , no. 1 (1992): 3–28.
. "Intercepting Mobile Communications: The Insecurity of 802.11." http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf
. Fundamentals of Algorithmics. Englewood Cliffs, NJ: Prentice-Hall, 1995.
CNET News. "40-Bit Crypto Proves No Problem." January 31, 1997. http://news.com.com/2100-1017-266268.html
(Shok). "w00w00 on Heap Overflows", w00w00 Security Development. http://www.w00w00.org/files/articles/heaptut.txt
Electronic Frontier Foundation. "Felten vs RIAA." http://www.eff.org/sc/felten/
(caezar). "Bypassing MSB Data Filters for Buffer Overflow Exploits on Intel Platforms." http://community.core-sdi.com/~juliano/bypass-msb.txt
"Wire Fraud Case Reveals Loopholes in U.S. Laws Protecting Software." http://www.cs.usask.ca/undergrads/bcb668/490/Week5/wirefraud.html
. "Weaknesses in the Key Scheduling Algorithm of RC4." http://citeseer.nj.nec.com/fluhrer01weaknesses.html
"Quantum Mechanics Helps in Searching for a Needle in a Haystack." Physical Review Letters , no. 2 (July 14, 1997): 325–28.
"Simple Active Attack Against TCP." http://www.insecure.org/stf/iphijack.txt
"SSH for Fun and Profit." http://www.shellcode.com.ar/docz/asm/ssharp.pdf
Hackers: Heroes of the Computer Revolution. New York, NY: Doubleday, 1984.
"Russian Adobe Hacker Busted", Wired News. July 17, 2001. http://www.wired.com/news/politics/0,1283,45298,00.html
The NASM Development Team, "NASM – The Netwide Assembler (Manual)", version 0.98.34. http://nasm.sourceforge.net/
"Fuzzy Fingerprints: Attacking Vulnerabilities in the Human Brain." http://www.thehackerschoice.com/papers/ffp.pdf
Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. New York: John Wiley & Sons, 1996.
Scut and Team Teso. "Exploiting Format String Vulnerabilities", version 1.2. http://www.team-teso.net/releases/formatstring-1.2.tar.gz
"Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer." SIAM Journal of Computing (1997): 1484–509. http://www.research.att.com/~shor/papers/
"Stack Smashing Vulnerabilities in the UNIX Operating System." http://tinfpc3.vub.ac.be/papers/nate-buffer.pdf
Solar Designer. "Getting Around Non-Executable Stack (and Fix)." BugTraq post dated Sunday, Aug. 10, 1997. http://lists.insecure.org/lists/bugtraq/1997/Aug/0066.html
Cryptography: Theory and Practice. Boca Raton, FL: CRC Press, 1995.
. Building Internet Firewalls, 2nd ed. Sebastopol, CA: O'Reilly, 2000.
pcalc
A programmer's calculator available from Peter Glen http://ibiblio.org/pub/Linux/apps/math/calc/pcalc-000.tar.gz
NASM
The Netwide Assembler, from the NASM Development Group http://nasm.sourceforge.net/
hexedit
A hexadecimal editor from Pixel (Pascal Rigaux) http://www.chez.com/prigaux/hexedit.html
Dissembler
A printable ASCII bytecode polymorpher from Matrix (Jose Ronnick) http://www.phiral.com/
Nemesis
A packet-injection tool from obecian (Mark Grimes) and Jeff Nathan http://www.packetfactory.net/projects/nemesis/
ssharp
An SSH man-in-the-middle tool from Stealth http://stealth.7350.org/SSH/7350ssharp.tgz
ffp
A fuzzy fingerprint generation tool from Konrad Rieck http://www.thehackerschoice.com/thc-ffp/
John the Ripper
A password cracker from Solar Designer http://www.openwall.com/john/
|
|