PROFILE OF AN ETHICAL HACKER
By PETER DIZIKES
Feb. 16, 2005 Almost every day in United States, savvy, determined hackers attempt to break into computer networks and pilfer valuable information. But here's the good news: Some of them are professionals, being paid to test the safety of the same computer systems you may be using regularly.
They are "ethical hackers," computer security experts hired by companies hoping to avoid costly holes in their information networks. While the term "ethical hacker" has been in use at least since the 1980s, it has only been a job description since the mid-to-late 1990s -- and it seems to be an increasingly common one at the moment, as computer security becomes a booming business. Research firm IDC, of Framingham, Mass., estimates worldwide computer security revenues will expand from $19 billion in 2002 to $45 billion in 2007.
That means more opportunities for ethical hackers, especially at major industry players. Take Joshua Lackey, a senior ethical hacker at IBM, who is based in Tucson, Ariz., and can sum up his job in one crisp sentence: "We'll go out and break into your computers."
Like many people in the field, Lackey had a personal interest in the subject before it became his profession.
"I've always been interested in security, always had that bent of mind," says Lackey, who joined IBM in 1999, as he was finishing his Ph.D. in mathematics at the University of Oregon.
"I think the one thing we have in common is that there is a little different approach when you're a security guy," says Lackey. "Somehow breaking things is a little more ingrained than getting things to work."Not that there is one dominant career path for ethical hackers, though; one of Lackey's IBM colleagues is a former CIA agent.
Authorized to Hack
In the world of technology, breaking things, or at least attempting to do so, is also an integral part of getting them to work. Many contracts IBM inks with large clients require a security audit, involving an authorized visit to the firm by a team of hackers using agreed-upon "rules of engagement." For what Lackey calls a "premium hack," an IBM team might take two weeks to do the job.
In the last few years, the surge in use of wireless computer networks has been a particular focus for Lackey and some of his IBM colleagues. Traditional wired local area networks, of the kind probably used in your office, are essentially limited to the computers hooked up to the network. Local wireless networks revolve around access points computers can detect on their own. But since wireless network capabilities are now frequently built into computers, even machines sitting in offices may seek out access points. Lackey and his colleagues will often take access points -- which can be bought in stores -- and set up shop in the parking lot outside a client's headquarters to see how quickly they can penetrate a company's information system.
Employees who telecommute or use a laptop computer at a public wireless access point -- in an airport, coffee shop or another location -- can also put valuable company information at risk. Given the existence of an access point, skilled hackers can monitor the flow of packets of information being sent over wireless networks, and, if a computer is not using encryption technology, potentially view the actual data being sent as well.
"When you're on a wireless network," says Lackey, "you should just sort of assume that everyone around you, given the will and the technical ability, could look at your packets.
India shuts server linked to Duqu computer virus
New York: Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.
News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program. Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.
The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said. "This one is challenging," said Marty Edwards, director of the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."
He declined to comment on the investigation by authorities in India, but said that his agency was working with counterparts in other countries to learn more about Duqu. Two employees at Web Werks said officials from India's Department of Information Technology came to their office last week to take hard drives and other parts from a server.
They said they did not know how the malware got on to Web Werks' server. "We couldn't track down this customer," said one of the two employees, who did not want to be identified for fear of losing their jobs. An official in India's Department of Information Technology who investigates cyber attacks also declined to discuss the matter. "I am not able to comment on any investigations," said Gulshan Rai, director of the Indian Computer Emergency Response Team, or CERT-In.
Unlocking the secret
Stuxnet is malicious software designed to target widely used industrial control systems built by Germany's Siemens. It is believed to have crippled centrifuges that Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program. Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.
Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities. Duqu - so named because it creates files with "DQ" in the prefix - was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.
Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure. The hackers behind Duqu are unknown, but their sophistication suggests they are backed by a government, researchers say. "A cyber saboteur should understand the engineering specifications of every component that could be targeted for destruction in an operation," said John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit.
That is exactly what the authors of Stuxnet did when they built that cyber weapon, said Bumgarner, who is writing a paper on the development of Stuxnet. "They studied the technical details of gas centrifuges and figured out how they could be destroyed," he said. Such cyber reconnaissance missions are examples of an increasingly common phenomenon known as "blended" attacks, where elite hackers infiltrate one target to facilitate access to another.
Hackers who infiltrated Nasdaq's computer systems last year installed malware that allowed them to spy on the directors of publicly held companies. In March, hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp. Researchers said they are still trying to figure out what the next phase of Duqu attacks might be.
"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."
source- "IBNLive"
Young Youth Indian Achiever - "Sharat babu" _ An Entrepreneur
"Sharat babu" - An Entrepreneur
Family
I was born and brought up in a slum in Madipakkam in Chennai. I have two elder sisters and two younger brothers and my mother was the sole breadwinner of the family.
It was really tough for my mother to bring up five kids on her meager salary. She sold Idlis in the mornings, worked for the mid-day meal at the school during daytime and taught at the adult education programme of the Indian government, thus doing three different jobs to bring us up and educate us.
It was really tough for my mother to bring up five kids on her meager salary. She sold Idlis in the mornings, worked for the mid-day meal at the school during daytime and taught at the adult education programme of the Indian government, thus doing three different jobs to bring us up and educate us.
My mother, according to me, is the most successful entrepreneur.
Education
I did schooling in Kings Matriculation Higher Secondary School, Chennai,graduated in Chemical Engineering from BITS, Pilani and after working for 3 years in Polaris Softwares completed MBA from IIMAhmedabad.
Business
Foodking was setup with a vision to offer employment to illiterate and semi-illiterate people and bring up their living standard.
Foodking has started its operations on May 16th, 2006 by supplying snacks to corporate sectors, banks and software firms.
It undertakes Event Catering, Industrial Catering and Institutional Catering and also has Retail Outlets.
Today, at 29, he is CEO of Foodking Catering Services which is providing services at BITS, Pilani, IIM, Ahmedabad, BITS, Goa, BITS Hyderabad and SRM, Chennai among others and has a turnover of Rs. 7 crore.
Achievements
- Honorary Alumni XLRI, Jamshedpur
- Honorary Rotarian, Dist 3201
Awards
- PEPSI-MTV Youth Icon 2008 (earlier recipients were Mr. Anil Ambani, Rahul Dravid, Shah Rukh Khan, M. S. Dhoni)
- “Example to Youth Award 2008″, CHENNAI.
Peer Speak:
http://www.iimaalumni.org/n/front/newsmakers/indexsub.asp?NMID=89
http://www.pagalguy.com/forum/cat-and-related-discussion/14780-know-your-iimite-sarath-babu.html
http://www.pagalguy.com/forum/cat-and-related-discussion/14780-know-your-iimite-sarath-babu.html
Wanna become Ethical Hacker ???
If you are looking to become a cool Ethical Hacker then we are going to help you as much as we can. Fiirst to become an Ethical Hacker following terms should LOAD in your mind ;)
- Know about the pros and cons ! of different types of hackers, such as White Hat, Grey Hat and Black Hat hackers.
- Seek out job opportunities for ethical hackers. There are lucrative jobs available in government organizations, banks, financial institutions, military establishments and private companies.(don't worry about job actually :P)
- Analyze the basic requirements to become an ethical hacker. Try to find out the areas where will you need to work really hard.
- Decide the area where you would prefer to work primarily with hardware or software. Do not think of specializing in both the areas. Though knowledge of both is required but the decision will help you to know where to begin. You must be aware of every function, every component of computer on which you will have to work on.
- Evaluate your strengths and interests and gain some programming knowledge such as C, or Java. These programming languages can be learned by taking formal programming courses and reading books. It will help you to read and write code.
- Learn the UNIX operating system as it is regarded as the original operating system built by hackers. Also learn about Windows and Mac OS.
- Take a professional course. There are a wide variety of courses available for IT security professionals in "Ethical Hacking” or “Internet Security” which would help you to expand your knowledge in ethical hacking.
- Do the experiments on your own to know the actual happening of a situation.
- Start experimenting with hardware and software to learn how to take control of the situations and how to prevent a computer from getting hacked.
- Read on your own to know what are the areas where you need to improve and what need to be learned to refine your focus. Technology changes rapidly, and a good ethical hacker must be willing and eager to keep up with the new technological developments.
- Get certified as it would help you to succeed in the vanguard of your profession.
- Stay connected to the hacker community by sharing technical information and ideas.
Thank you
Admin
Why is Cyber Security a Problem?
You've heard the news stories about credit card numbers being stolen and email viruses spreading. Maybe you've even been a victim yourself. One of the best defenses is understanding the risks, what some of the basic terms mean, and what you can do to protect yourself against them.
What is cyber security?
It seems that everything relies on computers and the internet now — communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?Cyber security involves protecting that information by preventing, detecting, and responding to attacks.What are the risks?
There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.What can you do?
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.- Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
- Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Malicious code can have the following characteristics:
- It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
- Some forms propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software.
- Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
- Vulnerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.
STORY ABOUT LEADERS
Posted on:
10:37
tags:
entrepreneur
,
Entrepreneurship
,
how to become entrepreneur
,
how to think like entrepreneur?
,
LEADERS STORY
You’re Not a Real Entrepreneur
Who is an entrepreneur really? It turns out that there are four distinct types of entrepreneurial organizations; small businesses, scalable startups, large companiesand social entrepreneurs. They all engage in entrepreneurship. Yet entrepreneurs in one class think that the others aren’t the “real” entrepreneurs. This post looks at the differences and similarities and explains why there’s such confusion.
Small Business EntrepreneurshipMy parents came to the United States through Ellis Island in steerage in sight of theStatue of Liberty. As immigrants their biggest dream was opening a small grocery store on the Lower East Side of New York City, which they did in 1939. They didn’t aspire to open a chain of grocery stores, just to feed their family.
My parents were no less of an entrepreneur than I was. They went on an uncharted course, took entrepreneurial risk and only made money if the business succeeded. The only capital available to them was their own savings and what they could borrow from relatives. Both my parents worked as hard as any Silicon Valley entrepreneur but with a different definition of a successful business model; when they made a profit, they could feed our family. When business was bad they figured out why, adapted and worked harder still. They were only accountable to one and other.
Today, the overwhelming number of entrepreneurs and startups in the United States are still small businesses.
Scalable Startup EntrepreneurshipUnlike my parents, Fred Durham and his partner Maheesh Jain started the now $100+ million CafePress, knowing they wanted to build a large company. Founded in offices smaller than my parents grocery store, Fred and Maheesh’s vision was to provide a home for artists who made personalized products assembled in a just-in-time factory that today delivers a customized gift each second. Once they found a profitable business model they realized that scale required external venture capital to fuel rapid expansion. With venture capital came accountability to board members, forecasts, and other people’s agendas. Success for a scalable startup is a three-times (or more) return on the investor’s money – either by a public offering of stock or by selling the company.
Scalable startups in technology centers (Silicon Valley, Shanghai, New York, Bangalore, Israel, etc.) make up a small percentage of entrepreneurs and startups but because of the outsize returns attract almost all the risk capital (and press.)
Large Company EntrepreneurshipAt the end of 1980, IBM decided to compete in the rapidly growing personal computer market. They were smart enough to realize that IBM’s existing processes and procedures wouldn’t be agile enough to innovate in this new market. The company established their new PC division (called Entry Systems), as a Skunk Works in Boca Raton Florida a 1000 miles from IBM headquarters. This small group consisted of 12 engineers and designers under the direction of Don Estridge. Success for this new division meant generating substantial revenue and profit for company.
The division developed the IBM PC and announced it in less than a year. Three years later the division had sold 1 million PC’s, had 9500 people and a billion dollars in sales.
Don Estridge’s paycheck and funding for the division came from IBM and he reported up the organization, but in his own division he was no less entrepreneurial than Michael Dell or Steve Jobs – or Fred Durham or my parents.
Social EntrepreneurshipIrfan Alam, a 27-year-old from the Indian state of Bihar started the Sammaan Foundation to transform the lives of 10 million rickshaw-pullers in India. Irfan got banks to finance rickshaw-pullers and designed rickshaws that can shelve newspapers, mineral water bottles and other essentials for rickshaw passengers. These rickshaws carry ads and the pullers get 50% of the ad revenue, the remainder going to Sammaan. The rickshaw-pullers end up as owners after re-paying the bank loan in installments. Irfan started off with 100 such rickshaws in 2007 and have 300,000 today.
Irfan doesn’t take a salary but he is as focused on scalability, asset leverage, return on investment and growth metrics as any Silicon Valley entrepreneur ever was.
SummaryIf you put the four entrepreneurs in the room you would understand what they had in common- they were resilient, agile, tenacious and passionate – the four most common traits of any class of entrepreneur.
Also in common, each of their businesses initially were searching for a business model, and each was instinctively executing a customer discovery and validation process.
Yet there are obvious differences in each type; personal risk, size of vision and goal.
1 larhke ki gf ne use khat likha k meri life mein naya ladka aa gya hai... TUM SE ACHA HAI.. mein uski dulhan banugi..meri photo wapis bhijwa do...
ladke ne apne saare doso ki gfs ki 30 photos jama ki beech mein uski photo daalke khat likha..
"le inme se apni photo nikaal le, mujhe teri shakal yaad nahi hai"...:P:P
ladke ne apne saare doso ki gfs ki 30 photos jama ki beech mein uski photo daalke khat likha..
"le inme se apni photo nikaal le, mujhe teri shakal yaad nahi hai"...:P:P
JOKE
JUST JOKKIING
A cow was kept for viva.
KG student : Its a cow!!
UG student : Perhaps dis is a cow !!
PG : This may be cow or a hypopigmented buffalo!!
PHD : Dis may b a hypertrophied goat or an atrophied elephant wid congenital anomalies!!
Moral: The more you study, the more your common sense decreases !! :-P :D
A cow was kept for viva.
KG student : Its a cow!!
UG student : Perhaps dis is a cow !!
PG : This may be cow or a hypopigmented buffalo!!
PHD : Dis may b a hypertrophied goat or an atrophied elephant wid congenital anomalies!!
Moral: The more you study, the more your common sense decreases !! :-P :D
What is Ethical Hacking ?
Posted on:
19:03
tags:
black hat
,
C programming
,
computer engineer
,
ethical hacking
,
grey hat
,
white hat
Ethical hacking, often performed by white hats or skilled computer experts, is the use of programming skills to determine vulnerabilities in computer systems. While the non-ethicalhacker or black hat exploits these vulnerabilities for mischief, personal gain or other reasons, the ethical hacker evaluates them, points them out, and may suggest changes to systems that make them less likely to be penetrated by black hats. White hats can work in a variety of ways. Many companies utilize ethical hacking services from consultants or full-time employees to keep their systems and information as secure as possible.
The work of ethical hacking is still considered hacking because it uses knowledge of computer systems in an attempt to in some way penetrate them or crash them. This work isethical because it is performed to increase the safety of the computer systems. It’s reasoned that if a white hat can somehow break the security protocols of a system, so can a black hat. Thus, the goal of ethical hacking is to determine how to break in or create mischief with the present programs running, but only at the request of the company that owns the system and specifically to prevent others from attacking it.
People enter the field of ethical hacking in a variety of ways. Many people are very computer savvy and many, but not all, have an educational background in computer science. In some instances, the white hat has gained his or her experience by first being a black hat.
If black hat hacking was at a sufficiently criminal level, the black hat turned white hat may have served jail time before resuming a career in a more productive and positive way as anethical hacker. The computer world is peopled with former black hats, who now hold ethicalhacking jobs. Conversely, some white hats, such as Steve Wozniak, never committed any illegal acts, but simply possess the know-how and skills to analyze problems with any computer system.
With increasing use of the Internet and concerns about its security, especially when it comes to things like consumer information or private medical details, there is considerable need for computer experts to work in ethical hacking. Even sites owned by organizations like the US government have been hacked in the past, and concern about information theft remains incredibly high. Designing impenetrable systems or identifying the current weaknesses of a system are vital parts of keeping the Internet safe and information private, and even with the present legion of ethical hackers that perform this work, there is still more work to do.
Those with interest in the field of ethical hacking often acquire a lot of their skills on their own, and many have particular talent with and affinity for computers. Some knowledge can also be acquired through formal education in computer programming. This work requires creativity, and the ethical hacker must be able to think outside of the box, coming up with as many possible ways as he or she can derive, a system might be encroached upon by black hats.
Subscribe to:
Posts (Atom)