Computer Security Computer security (also known as cybersecurity or IT security is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide.
In the computer security a hacker is someone who seeks and exploits
weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of
reasons, such as profit, protest, challenge or enjoyment. The subculture that has evolved around
hackers is often referred to as the computer underground and is now a known community.While other
uses of the word hacker exist that are not related to computer security, such as referring to someone
with an advanced understanding of computers and computer networks,they are rarely used in mainstream
context. They are subject to the longstanding hacker definition controversy about the term's true meaning.
In this controversy, the term hacker is reclaimed by computer programmers who argue that someone who breaks
into computers, whether computer criminal (black hats) or computer security expert (white hats),is more
appropriately called a cracker instead.Some white hat hackers claim that they also deserve the title hacker,
and that only black hats should be called "crackers".
| No | Name | Convicts | Nick Name |
|---|---|---|---|
| 1 | Kevin Mitnick | Four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication |
Condor |
| 2 | Robert Tappan Morris | Intentional access of federal interest computers without authorization thereby preventing authorized access and causing a loss in excess of US$1,000 |
rtm |
| 3 | Kevin Poulsen | Pled guilty to seven counts of mail, wire and computer fraud, money laundering and obstruction of justice |
Kevin Poulsen |
| 4 | Adrian Lamo | One-count of computer crimes against Microsoft, LexisNexis and The New York Times |
- |
| 5 | Mark Abene | Misdemeanor theft-of-service for a free-call scam to a 900 number One count of computer trespass and one count of computer conspiracy |
Phiber Optik |
| 6 | Lewys Martin | Pled guilty to five counts of `unauthorised acts with intent to impair operation of or prevent/hinder access to a computer two of `unauthorised computer access with intent to commit other offences one of `unauthorised computer access with intent to commit other offences and one of unauthorised access to computer material. Hacking attempt on the websites of Kent Police, Cambridge University and Oxford University. Former member of NullCrew and said to have penetrated the servers of Department of Defense (DoD), Pentagon, NASA, NSA, other UK government websites |
sl1nk |
| 7 | Nahshon Even-Chaim | 15 charges including trespassing on the University of Texas computer network, altering data at NASA and the theft of the ZARDOZ file |
Phoenix |
| 8 | Raphael Gray | Pled guilty to theft and hacking offenses which fall under the Computer Misuse Act and six charges of intentionally accessing sites containing creditcard details and using this information for financial gain |
Curador |
Tailored Trustworthy Spaces (TTS) provide flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats. A TTS recognizes the user’s context and evolves as the context evolves. The user chooses to accept the protections and risks of a tailored space, and the attributes of the space must be expressible in an understandable way to support informed choice and must be readily customized, negotiated and adapted.
The scientific challenge of tailored spaces is to provide the separation, isolation, policy articulation, negotiation, and requisite assurances to support specific cyber sub-spaces.
Research is required to develop:
A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information is provided) or black box (where only basic or no information is provided except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses (if any) were defeated in the penetration test.A penetration can be likened to surveying a rabbit proof fence, which must be whole to keep the rabbits out. In surveying the fence the penetration tester may identify a single hole large enough for a rabbit (or themselves) to move through, once the defense is passed, any further review of that defense may not occur as the penetration tester moves on to the next security control. This means there may be several holes or vulnerabilities in the first line of defense and the penetration tester only identified the first one found as it was a successful exploit. This is where the difference lies between a vulnerability assessment and penetration test - the vulnerability assessment is everything that you may be susceptible to, the penetration test is based on if your defense can be defeated. Security issues uncovered through the penetration test are presented to the system's owner.[citation needed] Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
The most successful phishing attacks manage to dupe their victims a full 45 percent of the time, according to a study released last week by Google.
On average, phishing's success rate is about 14 percent, but even the most obvious scams still manage to lure 3 percent of the people targeted to a fake website and convince them to turn over personal information, the report found.
"Considering that an attacker can send out millions of messages, these success rates are nothing to sneeze at," said Elie Bursztein, Google's antiabuse research lead.
Google's report, titled "Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild," describes how professional attackers focus exhaustively on exploiting a single victim's account, with the goal of causing financial losses.
Roughly 9 such incidents per million users occur per day, Bursztein said. To study the phenomenon, Google used 14 datasets collected between 2011 and 2014.
"The simple answer is, phishing works," John Shier, a security advisor at Sophos, told the E-Commerce Times. "Otherwise, it wouldn't be so popular with cybercriminals."
A hijacked account is "very valuable to an attacker, and there are many ways to accomplish that," he added. "Manual hijacking is just one way to do it."
About 20 percent of the hijacked accounts identified in Google's study were accessed within 30 minutes of the hacker's acquisition of its login information. Once inside, hijackers spent more than 20 minutes there, often changing the password to lock out the true owner, searching for other account details, such as bank information and social media accounts, and scamming new victims.
People in the contact lists of hijacked accounts are 36 times more likely to be hijacked themselves, Google found.
"The account hijacking data from Google paints a clear picture of the threats facing Internet users today," Mark Stanislav, security project manager with Duo Security, told the E-Commerce Times.
One particularly interesting result: Google observed a 2:1 rate of phishing campaigns targeting email accounts versus banking information, Stanislav pointed out.
That "makes a lot of sense," he said. "Once an attacker can access a user's email account, they can often perform password-reset operations for many sites and services, allowing them to go much further into a person's life than just a single bank account could."
Also notable is that only 14 percent of accounts relying on "challenge questions" for account recovery succeeded in restoring access, while the rate was 81 percent when a user leveraged SMS to do so, Stanislav added.
"This statistic shows that users who do get hijacked need a reliable means that is more physical rather than knowledge-based to recover accounts easily," he explained. "This same principle can extend to the reason why authentication that uses a user's smartphone is a great means to prove that they are who they say they are."
Two-factor authentication technologies are a key to reducing attackers' success rates, Stanislav said.
While Google has used the findings of its study to improve the account security systems it has in place, it also encouraged users to be proactive, such as by reporting suspicious emails, giving Google a backup phone number or secondary email address for emergency contact, and using two-step verification.
"There is a shared responsibility on the consumer side to educate themselves regarding phishing and online fraud," Ken Westin, security analyst for Tripwire, told the E-Commerce Times. "It is particularly timely given the holidays, when phishing and cybercrime in general are on the rise."
Two-factor authentication is "a good idea all around," Westin noted, "and not just for email but also social media accounts -- most mainstream services provide this feature."
In general, "consumers should never click on a link that appears to come from your bank or financial institution," he warned.
"Instead, go directly to your browser, enter the URL of the bank and log in directly," Westin advised. "If it is an urgent matter, it is recommended that you call your bank directly to verify."
The Conqueror was founded by Fatih Budak to struggle with black hat hackers in 1992