Need more info on how I can be hacked

Tim Robbins

Hi,
I have worked in software engineering for a number of years, I have very good experience in software development but my knowledge of security of windows is pretty poor. I need to know more about how I can get hacked, tips and tricks, very good knowledge of spyware, trojans, if I am using a wireless lan what to be very careful off etc. etc.

I am familiar with abstract security concepts such as authentication, authorization, SSL etc but I like more concrete know how and tips and tricks.

I am predominately interested in windows OS (XP) because that's what I work with.

Any advice? Books, websites etc? Today I had a look at this book: Gray Hat Hacking, "The Ethical Hacker's hackbook", but It was probably a bit too advanced.

Cheers.

BopNiblets

I'd say the average home user isn't in danger of being hacked if you have a decent Router with WPA2 on (which has been found vulnerable to certain attacks but is still pretty secure with AES afaik).
Unless you keep your credit card number in a text file in My Documents called "CREDIT CARD DETAILS.txt" or a "Private Pictures That Could be Used to Blackmail Me" folder, you should be safe enough... right?

Maybe if you go around using public WiFi points with no decent firewall on your laptop you'd be asking for it.

I did Cryptography in CSSE in uni (when I say did I mean I barely passed ), it's quite tough.

Just noticing all the wifi points near my house recently I saw one with "Go away hackers" as the SSID.

the_syco

BopNiblets wrote: »

Just noticing all the wifi points near my house recently I saw one with "Go away hackers" as the SSID.

Red rag to a bull, tbh I wonder what sort of honeypot they were running?

Naikon

You will need some network tools for security analysis.
It's very hard to trace bugs in applications on windows
due to the lack of source code for most apps.

More people looking at the code generally means less bugs
such as dynamic memory leaks. You can even look at the
code the odd time if you feel like.

Find an old pc, put Linux or BSD on it, and wreck havoc.
Focus on tightning your network security, not just the XP
machine. You WILL learn alot by using an old pc as a router.

http://sectools.org/

Capt'n Midnight

some sites with info on vulnerabilities ,
look up the history of zero day exploits and you will realise that there are plenty of people waiting in the wings

http://www.metasploit.com/
http://secunia.com/

At a guess you are running XP as an admin , so if there is any exploit then the whole system is exposed. Sandboxing / virtual machines offer some protection.

Tim Robbins

Capt'n Midnight wrote: »

some sites with info on vulnerabilities ,
look up the history of zero day exploits and you will realise that there are plenty of people waiting in the wings

http://www.metasploit.com/

downloaded this today but couldn't get my head around it. the examples seem to be best on networks and changing payloads, looking at responses etc. I am single user connected to the internet or in the case of work just to a larger vpn.

what do you think of it yourself?

Also, a question for people how would I know if there is a service on my windows pc which monitors data usage? For example, suppose I put files onto my usb pen drive and there was some sneaky process which was monitoring what I was putting onto my usb pen drive? How would I know?

At a guess you are running XP as an admin , so if there is any exploit then the whole system is exposed. Sandboxing / virtual machines offer some protection.

Could you elaborate that sounds very interesting?