Enllaços
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
2004
2003
|
|
 |
diumenge, 30 / novembre / 2003 |
tcpick és un sniffer especialitzat en identificar i seguir els streams tcp (per exemple, les sessions telnet, HTTP, SMTP, etc...), enregistrant-los en un fitxer o visualitzant-los per pantalla.
|
23:41 (# Enllaç permanent) ()
|
|
Una aplicació que s'executa a Windows bàsicament el que fa és processar els missatges que va rebent. Qualsevol programa té la capacitat d'enviar missatges a d'altres programes i no hi ha cap sistema d'autenticació, el que obre la possibilitat a un nou món de vulnerabilitats de seguretat.
Quands.cat - Hispasec.com.
|
19:51 (# Enllaç permanent) ()
|
|
[InformationWeek] The Mind of a Hacker Excel·lent article
Why do hackers hack? They say it's to learn about technology and how computers work. That's small comfort to security pros.
(...)
The distinction between hacker and legitimate security researcher can be difficult to make. In 2001, Maiffret's firm, eEye Digital Security, found a weakness in Microsoft's Internet Information Services server software. The security firm notified Microsoft about the flaw, and Microsoft issued a patch. But a month later, the notorious Code Red worm raced through the Internet and attacked hundreds of thousands of unpatched systems around the globe by taking advantage of the security weakness eEye discovered.
(...)
One teenage hacker complains that society and the media lump criminals, vandals, and virus writers in with young tech lovers who try to stay within the bounds of the law. "I try not to break the law," he says. "I don't break into networks, though if you look around there are plenty wide open." But today's computer security and copyright laws make it "hard to tell what you're allowed to do and not allowed to do even with the software you buy. Just trying to study the software and write about the security holes you find could land you in jail."
(...)
Most security and business-technology professionals have little patience with the argument that hackers help make computer systems and networks more secure. "These chumps have nothing to offer. They have no valuable security contribution at all," says TruSecure's Ranum, who has developed security software since the 1980s and is the author of The Myth Of Homeland Security (John Wiley & Sons, 2003).
But not all. "Bug hunters are absolutely essential [for] keeping systems clean, semi-free of code defects, but most importantly they keep software vendors honest," says a security analyst at a major manufacturer.
(...)
Richard Thieme, who writes and lectures about computer security and has spoken at numerous hacker and security conventions, agrees. "You can't be a good security person or good cop unless you know how a criminal thinks, and you can't know how a criminal thinks unless at least part of your heart is devoted to the black arts of larceny," he says. "It's all about how you choose to channel and harness that energy."
(...)
A nice story. But it's small comfort for business-technology managers worried about someone getting access to sensitive customer data or battling wave after wave of worms and viruses that threaten critical systems and networks and drain their budgets. Until this onslaught is brought under control, hacker will continue to be a dirty word to most business-technology and computer-security professionals.
|
15:38 (# Enllaç permanent) ()
|
|
© Copyright 2001-2004 Xavier Caballe. 
|
|
|
