HACKING

Dont Learn to Hack Hack to Learn

Meaning of "Hacking"
The word "Hacking" is one of the most common words used in the field of Cyber Crimes. In fact it is more or less a generic term used to represent Cyber Crimes. According to the global understanding, "Hacking" refers to "Unauthorized Access to a Computer Network" which may otherwise be called an "Unauthorized Intrusion". A finer distinction is made when such "Intrusion" is with a criminal intention of causing harm. In such cases the "Unauthorized Intrusion" may be called "Cracking". On the other hand, access undertaken to check the security vulnerability of a system though Unauthorized, is also called "Hacking" and is considered a part of the IT security testing. Such a Hacker has no intention of causing harm. Some times such hackers also act under the knowledge and permission (without access privileges being shared) of the Information Asset owners.

Who is a hacker?
There are at least two common interpretations:
Someone who bypasses the systems access controls by taking advantage of security weaknesses left in the system by developers Someone who is both knowledgeable and skilled at computer programming, and who is a member of the hacker subculture, one with its own philosophy and code of ethics

What Do Hackers Do?

System
Access confidential information Threaten someone from YOUR computer Broadcast your confidential letters or materials Store illegal or espionage material

What Do Hackers Do?

Network
Eavesdrop and replay Modify data / stream Denial-of-Service

Hackers techniques
System hacking Network hacking Software hacking

Credit Card Fraud

Broadly speaking, credit card fraud is the illegal obtaining of goods or services by using another persons card. However, this obviously can also involve other forms of card fraud - debit cards and store cards For example. This can be done by creating a copy of a card, 'skimming' the details during a routine transaction, stealing a card or intercepting it in the post and many other creative ruses.

Types of Identity Theft

Financial fraud - This type of identity theft includes bank fraud, credit card fraud, computer and telecommunications fraud, social program fraud, tax refund fraud, mail fraud, and several more. Criminal activities - This type of identity fraud involves taking on someone else's identity in order to commit a crime, enter a country, get special permits, hide one's own identity, or commit acts of terrorism. These criminal activities can include: Computer and cyber crimes Organized crime Smuggling Money laundering

Security Standards For electronic Payment System

A secured payment transaction system is of critical importance to e-commerce Without security standard ,one cannot assume the success of e-commerce There are two common standards used for a secure electronic payment system SSL SET

Secure Socket layer (SSL)

SSL is a protocol for giving data security layers between high-level It is a key protocol for securing web transactions ,data packets in the internet It provides sever & client authentication and an encrypted SSL connection It uses public key cryptography and system for validating public key & digital certificates over the server . SSL Provides 3 basic services :Sever authentication ,client authentication & encrypted SSL connection . SSL sever authentication uses public Key cryptography to validate server's digital certificate and public key on t he client ;s machine

What Happens When a Web Browser Connects to a Secure Web Site

What is SSL?
A protocol developed by Netscape. It is a whole new layer of protocol which operates above the Internet TCP protocol and below high-level application protocols. SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security between browser and server Encryption is used to guarantee secure communication in an insecure environment SSL uses public-key cryptography

SSL Working
An SSL certificate allows sensitive information to be encrypted during online transactions Authenticated information about the owner of the certificate is also contained in it. The identity of the owner of the certificate is verified by the certificate Authority at the time of its issue

What Can SSL Do?

It provides the following
Data Encryption ,Server Authentication ,Message integrity ,Optional Client authentication . SSL provides a security handshake protocol to start the TCP/IP connection. The consequence of this handshake is that the client and server agree on the level of security they would use & completes any verification necessities for the connection .After that ,it is only used to decrypt and encrypt the message stream .

 SSL includes two sub-protocols: the SSL Record Protocol and the SSL Handshake Protocol. Record Protocol -- defines the format used to transmit data. Handshake Protocol -- using the Record protocol to exchange messages b/t an SSL-enable server and an SSL-enable client.

SSL usage
Any online store Anyone who accepts online orders & payments through credit cards A site that offers a login or sign in Anyone processing sensitive data such as the address ,birth date ,license or ID Numbers Anyone who is required to comply with privacy & Security requirements Anyone who values privacy & security requirements Anyone who values privacy & expects others to trust them

Challenge-Response e-mail system

It is an anti-spam system which is designed to shift the filtering workload from the recipient to the spammer (or the legitimate sender). The fundamental idea is that spammers will not take the time to confirm that they want to send you email, but a legitimate sender will. The system maintains two lists of addresses: a "blacklist" of senders that will always be blocked, and a "whitelist" of senders that will never be blocked. If someone sends you email from an address not listed in either list, they will get an "challenge" (and their message will be queued temporarily). If they give the correct "response" to the challenge, they get added to your white list and their queued message(s) get forwarded to you.

Challenge Response System

A challenge-response system is a program that replies to an email message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automated senders The system ensures that messages from people can get through and the automated mass mailings of spammers will be rejected. Once a sender has passed the test, the sender is added to the recipient's whitelist of permitted senders that won't have to prove themselves each time they send a message The system might ask the answer to a simple question, for example, or require the user to copy distorted letters or numbers displayed in an image Companies that provide free e-mail accounts often use a challenge-response system to ensure that their accounts aren't given out to spammer's programs A CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a challenge-response system test designed to differentiate humans from automated programs.

The End

Secure Electronic Transaction (SET)

Developed by Visa and MasterCard Designed to protect credit card transactions on the Internet SET is a system for ensuring the security of financial transactions on the Internet Set of security protocols and formats Not a payment system Ensures privacy.

Secure Electronic Transactions

Key Features of SET:
Confidentiality of information- all messages encrypted Integrity of data Cardholder account authentication Merchant authentication Trust: all parties must have digital certificates Privacy: information made available only when and where necessary
Henric Johnson 21

SET Business Requirements

Provide confidentiality of payment and ordering information Ensure the integrity of all transmitted data Provide authentication that a cardholder is a legitimate user of a credit card account Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution

SET Business Requirements (contd)

Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction Create a protocol that neither depends on transport security mechanisms nor prevents their use Facilitate and encourage interoperability among software and network providers

Participants in the SET System

SET Transactions

SET Transactions
The customer opens an account with a card issuer.
MasterCard, Visa, etc.

The customer receives a X.509 V3 certificate signed by a bank.

X.509 V3

A merchant who accepts a certain brand of card must possess two X.509 V3 certificates.
One for signing & one for key exchange

The customer places an order for a product or service with a merchant. The merchant sends a copy of its certificate for verification.