Anonymous got lucky. When five of its hackers attacked security company HBGary Federal on February 6, 2011, they were doing so in order to defend the group’s privacy. It wasn’t because they hoped to reveal plans to attack WikiLeaks, create surveillance cells targeting pro-union organizations, and sell sophisticated rootkits to the US government for use as offensive cyber weapons—but that’s what they found.
In the weeks after the attack, the hackers released tens of thousands of e-mail messages and made headlines around the world. Aaron Bar, the CEO of HBGary Federal, eventually resigned; 12 Congressman called for an investigation; an ethics complaint was lodged against a major DC law firm involved with some of the more dubious plans.
Join Ars' editors as they dig into the secret world of Anonymous and hackers for hire in Unmasked.
Exposes complete methodologies showing the actual techniques and attacks. Shows countermeasures, tools, and eye-opening case studies. Covers the web commerce playground, describing web languages and protocols, web and database servers, and payment systems. Softcover.
The Weaponry and Strategies of Digital Conflict and Cyber War, Version 3, covering Cyber Warfare, Cyber Terrorism, Cyber Tradecraft, Cyber Activism and offensive, defensive actions and intelligence collection.
Cyber warfare, cyber terrorism, cyber espionage and cyber crime are all growing threats. The 2012 Version 3 of the Cyber Commander's eHandbook provides the insight needed to understand the new world of cyber warfare, as well as defines the tools and techniques for offensive and defensive cyber action, and provide cyber intelligence needed to understand the strategies behind building a dynamic and relevant cyber warfare capability.
Fuzzing is often described as a “black box” software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.
Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
. Learn How Fuzzing Finds Vulnerabilities
Eliminate buffer overflows, format strings and other potential flaws
. Find Coverage of Available Fuzzing Tools
Complete coverage of open source and commercial tools and their uses
. Build Your Own Fuzzer
Automate the process of vulnerability research by building your own tools
. Understand How Fuzzing Works within the Development Process
Learn how fuzzing serves as a quality assurance tool for your own and third-party software
Many international terrorist groups now actively use computers and the Internet to communicate, and several may develop or acquire the necessary technical skills to direct a co-ordinated attack against computers in the United States. A cyberattack intended to harm the U.S. economy would likely target computers that operate the civilian critical infrastructure and government agencies. However, there is disagreement among some observers about whether a co-ordinated cyberattack against the U.S. critical infrastructure could be extremely harmful, or even whether computers operating the civilian critical infrastructure actually offer an effective target for furthering terrorists' goals. While there is no published evidence that terrorist organizations are currently planning a co-ordinated attack against computers, computer system vulnerabilities persist world-wide, and initiators of the random cyberattacks that plague computers on the Internet remain largely unknown. Reports from security organisations show that random attacks are now increasingly implemented through use of automated tools, called ‘bots', that direct large numbers of compromised computers to launch attacks through the Internet as swarms. The growing trend toward the use of more automated attack tools has also overwhelmed some of the current methodologies used for tracking Internet cyberattacks. This book provides background information for three types of attacks against computers (cyberattack, physical attack, and electromagnetic attack), and discusses related vulnerabilities for each type of attack.The book also describes the possible effects of a co-ordinated cyberattack, or computer network attack (CNA), against U.S. infrastructure computers, along with possible technical capabilities of international terrorists. Issues for Congress may include how could trends in cyberattacks be measured more effectively; what is appropriate guidance for DOD use of cyberweapons; should cybersecurity be combined with, or remain separate from, the physical security organization within DHS; how can commercial vendors be encouraged to improve the security of their products; and what are options to encourage U.S. citizens to follow better cybersecurity practices. Appendices to this book describe computer viruses, spyware, and ‘bot networks', and how malicious programs are used to enable cybercrime and cyberespionage. Also, similarities are drawn between planning tactics currently used by computer hackers and those used by terrorists groups for conventional attacks.