Some people are hard to convince. Maybe I'm just too nice for not calling them out, but I don't want to embarrass some of you who sent me "fan mail" to tell me I was all wrong for being critical of them. Or wrong that over Intuit's recent attempts to force QuickBooks users into "better safety and safeguards" of their data.
I guess I truly rubbed some readers raw, because one such email told me it wasn't any of Intuit's business how they used QuickBooks. They don't believe they should have to use passwords if they were the only person opening their QuickBooks file. They emphatically said that, and I quote, "no hacker in his right mind would spend time trying to break into my computer or QuickBooks file."
Of course, my answer is, "Is someone who spends his time trying to break into computers and QuickBooks data (along with almost any other kind of application with sensitive information) someone 'in his right mind?'"
For that matter, is someone who thinks he doesn't need to protect himself against potential invasions, aka, "hack attack," someone in his right mind?"
If we look at the emergence of the anti-virus industry 20 years or so ago, the first viruses that the A/V products were designed to deal with were the boot-sector viruses. Many of these were designed solely for the purpose of being malicious, i.e., doing harm to as much data as they could.
Then, hackers started developing malware for commercially viable purposes, namely the theft of intellectual-property and sensitive information, which now is why most contemporary viruses exist, even if most people don't realize it. Such information gathering malware is known as spyware.
In fact, the software industry has made use of some spyware techniques in what otherwise might be considered legitimate forms of spying known as “adware,” which can track information and report the results back to the originating party.
But hijackers make use of the same techniques in which a user’s browser is commandeered, so that all kinds of unwanted software capable of snooping on that person’s browsing activities is put into place.
In this way, it's easy to see that there's not so much of a difference between legitimate software we permit to be added onto our computers, systems and networks, and illegitimate software we involuntarily permit to find residence in the same devices.
Contemporary malware can tightly enmesh itself into the Windows environment, compromising multiple components of your system and network, all perhaps without detection. Businesses increasingly are being confronted by this problem.
Most invasions of major spyware want to steal intellectual property and sensitive information. As spyware evolves, it becomes increasingly more intelligence at gathering information to conduct furthers phishing activities, gathering even more confidential business information.
Companies and individuals targeted in this way have no knowledge they may be a target. Where previously a virus may cause some disruption, a carefully targeted attack of this type can go unnoticed for months.
In order to explore the possibilities of attack, let's look at some of the ways hackers work. Many are as old as computers, networking and the internet combined, while some go back the telegraph. Yes, there were hackers before the telephone.
Understanding the Hack Attack
No system is perfect, and no preventative steps, software or hardware is full proof. We can count on the fact that hackers will not only attempt, but will successfully exploit the vulnerabilities of the internet, networks, systems and individual computers.
Despite how sophisticated computers and information technology has become, the reality is that most attacks on Information Technologies are variations on long-standing hacking methods, some of which have been used in communications networks long before the advent of computers and the internet.
In order to prepare yourself for the possibility of attack and, to possibly prevent such attacks, it is helpful to be familiar with some of the most common forms of hack attack:
Buffer Overflows
This hack attack methodology first gained notoriety in 1988 with the Morris Internet worm, so you might think anything this old surely has been overcome in years since? But believe it or not, the same basic attack remains effective today. By far the most common type of buffer, overflow attack is based on corrupting the stack. Modern computers use a stack to pass arguments to procedures and store local variables. By overloading a system and causing a buffer overflow, additional data packets can bypass a security measure and end up corrupting your data. Buffer overflows frequently are caused by artificially increasing system and network traffic rates.
CGI Attacks
One of the methods to produce dynamic web pages is Common Gateway Interface (CGI) technology. Attackers take advantage of CGI scripts to perform an attack by sending illegitimate inputs to the web server. These attacks exploit the flaws in CGI scripts written for a web server. The attacks typically involve exploiting standard install scripts and/or scripts written by inexperienced web programmers.
DoS/ DdoS Attacks – DoS (Denial of Service)
Denial of Service attacks are an attempt to make a network resource unavailable to its intended users by temporarily, or indefinitely interrupting or suspending services of a host on the network. DDoS (Distributed Denial of Service) occurs when there is more than one attack source, often thousands of unique IP addresses. Both methods of attack essentially are the same thing: an orchestrated attempt to overload a network or service (such as a web server) to put it out of operation or to gain access for various reasons.
Misbehavior
This includes database access or file tampering by employees or disgruntled ex-employees. This attack also might be motivated by competitors who pay the employee to conduct espionage, or data thieves willing to pay a member of your staff for sensitive information within customer, vendor or employee records.
OS Fingerprinting
This also is commonly known as TCP/IP stack fingerprinting – the passive collection of configuration attributes from a remote device during standard network communications. The combination of parameters then may be used to infer the remote machine's operating system or incorporated into a device fingerprint. By being able to determine the type of operating system your network has, hackers can more easily determine your vulnerabilities.
TCP/IP Spoofing
Cyber criminals commonly make use of the tactic of masking their true identity, from disguises to aliases and caller-id blocking. TCP/IP spoofing is one of the most common forms of online camouflage. Such spoofing allows an attacker to gain unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. This typically amounts to forging IP addresses so they appear to be from one or more trusted sites, servers or computers. This sometimes is done as part of SYN flooding.
SMB Probes – Server Message Block (SMB)
This also is known as Common Internet File System operating as an application-layer network protocol, which is used mainly for providing shared access to files, printers, as well as miscellaneous communications between nodes on a network. Most SMB involves Microsoft Windows based computers running smaller Microsoft Windows Networks rather than Windows Server based Active Directory networks. Server Message Block (SMB) Probes check a system to determine what shared files are available and commonly take the form of a worm to determine file system weaknesses. Probes of this nature also may be associated with OS fingerprinting activity.
Stealth Port Scans
These attacks check a system’s commonly used ports for vulnerability. Scanning of this nature – as a method for discovering exploitable communication channels – is based on the concept of probing as many ports as possible. It also keeps track of the ones that are receptive or useful to your particular need. While it is a common hacking approach, it also can be used as a security technique.
SYN flooding
SYN is a form of DOS/DdoS in which an attacker sends a succession of SYN (synchronize) requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
No matter how secure the specific operating system becomes, which operating system is in use or which security software may be running, the weakest link in the chain always will be the user.
Now, if that doesn't "rub you raw," what will?
Case and point" "I don't want to uses passwords. They are an inconvenience to me, and since nobody else has access to my system, I shouldn't have to use passwords."
We try to blame as many components as possible when hacking occurs – the manufacturer of our computer's operating system, the computer technology, the internet or internet provider, or even the hackers themselves. We blame everybody, it seems, but us.
The truth is that the problems of Information Technology security can never be solved using technology, because technology alone will never be able to control user behavior, at least not as long as there are users using technology.