Net Security & Encoding/Decoding Algorithms Explained

[chaoseverlasting]

Does anyone know how to? I don't mean crackers. Its hackers I want to talk to. Those who get it, know the difference. Whats net security all about? How do encoding/decoding algoithms work? How can you compress information and still retain the quality of it?

I know avi/mpeg/vcd/wmp are all codecs which do this, but what's the theory behind it? How is it possible? I thought that the net information content is a constant, so how can you encode something, compress it, and then decode it to get all the information back?

 

[light_bulb]

are you talking about lossy or lossless

here is an example of encoding http://en.wikipedia.org/wiki/LZW

really your just changing bit patterns into shorter ones.

 

[fasterthanjoao]

which of those questions are you looking for answers for? Most compression tools/codec's work by finding repeating patterns and expressing them in a smaller amount of data. Compression is exactly that, taking something and making it smaller. Yes, if you read light_bulb's link you'll find there's compression types that intrinsically involve poorer quality but at the same time there's plenty of clever ways to sustain quality whilst reduce size. It's really down to the inefficiency of the original format.

 

[chroot]

It seems you're confusing the operation of the world wide web with the operation of a video compression scheme. In reality, they have nothing at all to do with each other. You can look up information about video codecs all over the web. You might want to look up MPEG on Wikipedia.

The short answer is that any form of information has some inherent redundancies in it. In the case of english text, the fact that q is almost always followed by u is a form of redundancy. In the case of video, many frames with essentially the same content (i.e. a blue sky in the background) contain a great deal of redundancy.

The point of all data compression schemes is to eliminate as much of this kind of redundancy as possible.

- Warren

 

[cshum00]

Maybe what he is confusing it with is how data is transmitted with hardware. Some hacking techniques might require knowing how the web interact with network hardwares but i think that most of them only require knowing software manipulation.

When hacking the web you need to know how the software of security work. Then if you know that there are some weak spots often called 'holes' or 'gaps', is where a hacker would usually take advantage of.

Or maybe you are trying to use your knowledge of video compression and relate it with data encryption for security? One of the most common ways to bypass password security is by exhaustion where people write softwares that throw automatic generated passwords. But this kind of method is not very useful since what they have to do is to restrict the number of errors per minutes. Or something like if you inputted the password wrong 10 times, you will have to wait for 20 minutes before you can send any log in information.

Also this kind of hacking is very easy to detect. Good luck though. Anything interesting you learn, don't mind sharing it with me.

Edit: When important information is sent over the web, they don't use loosely compression like videos. In this case, what the encryption in information does is that changes the content of the message into something that is not readable or at least not easily or directly until it is decoded. Some of the theoretical methods are similar to the audio/video compression but the sizes does not necessary become smaller like audio/video compression.

For example to read this message replace every 'hou' with a space for easy readability:

ihouseehouahoubighoudog

I think that you what to learn is cryptography.

http://en.wikipedia.org/wiki/Cryptography

 

[MeJennifer]

One of the most common ways to bypass password security is by exhaustion where people write softwares that throw automatic generated passwords.

No, that is simply brute force, not very sophisticated.

Advanced hackers would, for instance, target a frequently downloaded utility or program from the web by including a virus and redistributing it. Such a virus could install for instance a Trojan horse routine that starts up, hidden of course, everytime windows starts up. Such a program, when running, then loads and installs various software from the hacker's machine. For instance a key scan program, such a program collects username and password keystrokes from say Internet Explorer each time the user goes to a secure website to do things like banking or online trading. The results, with the associated websites, is then returned to the hacker's machine.

Moral: always use a good anti-virus program and have a firewall (in addition to the XP firewall.

And super sophisticated hackers go lower level, by installing root kits. Root kits rewrite low level routines such a disk or network reads and writes. Higher level programs, anti-virus software, and even Windows XP have no certainty anymore of what is really happening under the covers. Everytime say a disk write is requested, it could perform the action and, in addition to that, do something else that remains undetected, since the disk read is also rewritten, rewritten in such a way that all the "niceties" are hidden. The same could happen with network read and writes.
Scary huh?

 

[chroot]

I believe the original poster was looking for "hacking" information -- that is, information about the depths of computer systems -- and not "cracking" information, as in information that could be used to break into computer systems.

Please note that we cannot have any specific discussion about breaking into computers on this forum. Keep it general.

- Warren

 

[russ_watters]

A note on compression: for some applications, such as compressing documents or other data where integrity is critical, the compression is done without loss by identifying repeating patterns (as already said). But for images, video and sound, most compression schemes do involve significant loss of data. But as it turns out, you can cut out upwards of 90% of the information from a video stream, for example, and not notice. Our eyes just aren't that good.

Probably the simplest compression is jpg/mpeg, which finds areas where the colors are close to each other (such as a flat blue sky) and makes the colors identical. As you up the compression, it becomes very noticeable, but you can cut a pretty huge fraction of the data before that happens.

 

[cshum00]

I didn't say that the software which generate passwords are 'sophisticated', i just said that it is 'common'. But yep, it is completely brute force and easy to guard against like i mentioned before.

Sorry about your moral for pc protection, but i don't use any protection software at all because it takes memory and slow things down (especially since my pc is not a fast one). When the times come, i just format everything and install all the softwares again. Besides, i never shop online or have any personal info in my pc.

Last thing is that even though hackers do use really evil methods as writing trojan and viruses, it only hack user pcs. Unless i am wrong, the question says how to hack online web pages. Spywares are excluded as well since it is from a web page to a user pc rather than user pc to web pages.

Although teaching how to hack is forbidden it is still a very interesting subject. But still, there is nothing i can teach since i never hacked before.

 

[chaoseverlasting]

I know a bit about brute forcing. But if you have 128 bit encryption, wouldn't that take you a couple of months with a normal computer to break the encryption?

But more to the point, over the web, how is information transferred?

 

[cshum00]

Not sure either but there is a document i found.

http://www.eurim.org.uk/activities/netgov/9911paperinternettech.pdf"

 

[chaoseverlasting]

What exactly is hacking?

 

[Anttech]

It seems you're confusing the operation of the world wide web with the operation of a video compression scheme. In reality, they have nothing at all to do with each other. You can look up information about video codecs all over the web. You might want to look up MPEG on Wikipedia.

Thats what I thought to.

What exactly is hacking?

The word hack is supposed to refer to someone who is an expert in programing, and understands the "internet" with reference to open standards etc. The media seems to think it means a cracker, someone who breaks into computers and steal information.

 

[nithin]

Hmmm windows and weak could produce a lot of pages of info. Anyways every OS has ts weakness. But for the most vulnerabilities in windows are buffer overflows. Let me explain what's a buffer overflow. Let's say u create a char array of size 50.
char buffer[5]; \\ in c++ Next you do something to cause the program to have a buffer overflow( you input a value that is too long ;etc)
What happens is that the program would try to manipulate data that it thinks is its but its not. It overwrites thing that are on the ram
for example buffer[5] = "dfdsffddsfdsf" \\ oh oh we have more than 5 character that we are writing to buffer . This would cause unusual problems and most likely cause it to crash. You can also use it to run other programs are etc..

check this link out its on bufferoverflows.. very detailed
http://www.phoenixbit.com/site/tutorials.asp?view=U2VjdXJpdHkgKEhhY2tpbmcpL2J1ZmZlciBvdmVyZmxvdyBwYXJ0MQ
hope i helped

 

[cshum00]

Hacking is the act of 'infirtrating' or 'breaking' into another computer or system without authorization.

Cracking in the other hand, does not only infiltrate. Cracking also changes the configuration of the system to the one the he/she wants.

So a hacker might or might not steal information after getting inside a system, and will not modify anything from the original settings.

However, a cracker is a hacker that leaves a malicious code like virus, trojan or whatever. A cracker might not infiltrate a system manually while the hacker does it in real time. The cracker rather hack systems using the malicious code he/she has spread.

Therefore, the cracker usually needs to know more about programming while the hacker more about (hardware to software, software to hardware, software to software, hardware to hardware) interactions. Some crackers might not crack systems but only small software applications.

So a hacker might be a cracker depending on his aim. And a cracker might be just a programmer who creates a code for his own purpose.

 

[-Job-]

Common techniques involve SQL injection and Cross Site scripting. There are also harmless "site hacks" which you can implement with some client-side code (i.e. javascript), such as what ChickenFoot for FireFox offers.

 

[cshum00]

Right! How could i forget the most important part of web data transfer. SQL! Most of the data transfers are done via database that use SQL commands. And yep, security is often done in the scripting side like Job said.

Anything else not mentioned yet?

Edit: Of course there are also programing languages that work on the security for the web. Many programming languages include Java, C#, Perl, Ruby, etc.

 

[chaoseverlasting]

I know a bit of C++. How what would i have to do to cause a buffer overflow? Before assigning memory to a variable/array, doesn't the OS check if that much memory is availaible or not?

 

[chrisalviola]

mac, unix, novell are a lot more stable compared to windows os's that's why 90% of viruses are built to run on windows only

 

[chaoseverlasting]

I know a bit of SQL too, but what the heck are SQL injections?

 

[cshum00]

mac, unix, novell are a lot more stable compared to windows os's that's why 90% of viruses are built to run on windows only

I think that it is because most of the computers use windows as OS. And people who make viruses would usually want to target as many machines as possible. If Mac were to be the leading OS, most of the viruses would be targeted for that kind of machine and therefore, people will always find the flaws within it.

What make people say that Windows is less secure than other OSs, is the history of flaws that have been found in it. But the flaws that have been found is bound to the reason of being targeted. While, since other OSs are not targeted that regularly, the number of flaws in other OSs might not been found even though it is there (or rather not interested to severe the flaws).

But yes, Windows is not completely stable.

I know a bit of SQL too, but what the heck are SQL injections?

Not sure. I found a wiki:http://en.wikipedia.org/wiki/SQL_injection"

 

[-Job-]

SQL Injections are simple. When you write an application that interacts with a database, your application must generate SQL code, which it sends to the database as a query.

Commonly it happens that the SQL query that the program is putting together uses input directly provided from a user. For example in a search engine which enables users to search items by name, the program acquires input from a text box and uses it to build the search query, such as:

string query = "SELECT * FROM MyItemsDatabase.dbo.MyItemsTable WHERE ItemName LIKE '" + TextField1.Value + "%'";

What this means is that the user has direct access to the SQL query that gets sent to the database.
He/She can take advantage of this for some malicious purpose Suppose i type the following into the text box:

cheese'; DROP DATABASE MyItemsDatabase; SELECT * FROM MyItemsDatabase.dbo.MyItemsTable WHERE Item Name LIKE 'cheese

Then the SQL that gets sent to the database is:

SELECT * FROM MyItemsDatabase.dbo.MyItemsTable WHERE ItemName LIKE 'cheese'; DROP DATABASE MyItemsDatabase; SELECT * FROM MyItemsDatabase.dbo.MyItemsTable WHERE Item Name LIKE 'cheese%';

... which deletes the database, assuming the database account being used by the program has enough privileges (which is often the case, database permissions are often not as restrictive as they should be).

This is an example of SQL injection. Since today's database servers have more powerful capabilities, such as the ability to send out email, SQL injection can enable a malicious user to do a number of things (i.e. spam).
You can also access private information. Since you are able to obtain the names of all tables in a database easily, without even knowing the system you might be able to use SQL injection to steal some confidential information (i.e. credit card numbers).

 

[cshum00]

http://en.wikipedia.org/wiki/Computer_insecurity"

Here is a nice wikipedia article of what Hackers take advantage of.

 

[Integral]

I call someone who has informally learned some advanced software skills a hacker. A hacker may or may not have some informal hardware skills also.

While I agree that a hacker is not necessarily malicious, it seems that it is more then the mass media who are not clear on this. This comment is in reference to the posts which I deleted as they were seeking and discussing cracking information. If this thread is to be left open you need to avoid cracking, even if you call it hacking, disscussions.

 

[Anttech]

While I agree that a hacker is not necessarily malicious, it seems that it is more then the mass media who are not clear on this.

Yes, so can we at least be clear on this forum then?

A Hacker is NOT a cracker. A hacker does not break into systems... I think we can have better discussions if we stick to the correct defintions

 

[cshum00]

I call someone who has informally learned some advanced software skills a hacker. A hacker may or may not have some informal hardware skills also.

Right, my fault.

Yes, so can we at least be clear on this forum then?

A Hacker is NOT a cracker. A hacker does not break into systems... I think we can have better discussions if we stick to the correct defintions

A cracker is a hacker but a hacker may not be a cracker.

Just remember that:

-Hacker: infiltrates.
-Cracker: corrupts files and systems (which need some kind of infiltration first)

 

[whatta]

What exactly is hacking?

To quote http://freeshell.org/index.cgi?faq?HACKER?01,

We at TMRC use the term "hacker" only in its original
meaning, someone who applies ingenuity to create a
clever result, called a "hack". The essence of a "hack"
is that it is done quickly, and is usually inelegant.
It accomplishes the desired goal without changing the
design of the system it is embedded in. Despite often
being at odds with the design of the larger system, a
hack is generally quite clever and effective.

 

[whatta]

TMRC dictionary, however, gives different definition:

HACK: 1) an article or project without constructive end; 2) work undertaken on bad self-advice; 3) an entropy booster; 4) to produce, or attempt to produce, a hack3.

I saw this as a term for an unconventional or unorthodox application of technology, typically deprecated for engineering reasons. There was no specific suggestion of malicious intent (or of benevolence, either)...

HACKER: one who hacks, or makes them.

A hacker avoids the standard solution. The hack is the basic concept; the hacker is defined in terms of it.

 

[cshum00]

I guess that the term 'hacker' comes from the definition of 'hacking' of the two previous posts. The only difference is that there are good, bad and neutral hackers. Cracker is usually the bad hacker. Not completely bad since without crackers exploting weaknesses, today's technology would be less advanced.

 

[chaoseverlasting]

But the only difference between hackers and crackers are their ethics. Knowledge is knowledge. It doesn't matter if you use it for good or for bad, (both of which are btw, relative terms), it doesn't change knowledge.

And if you hijack a system or something similar generally looked down upon, does it make the hack or crack crass? Is is still not elegant?

Dont you all think that this whole stigma against crackers is dumb? Personally, I think those people who have no knowledge about computers and their workings (Im not talking about booting it up and using word), fear those who can manipulate the system. Manipulation isn't necessarily a bad thing.

All of you on this forum are smart people and the discplines you follow, through years of hard work and dedication, the majority of the worlds population cannot. Doesnt this segregation of knowledge, of what is good and what is bad, decided on by those people who cannot comprehend it, seem silly to you?

Can knowledge not be appreciated for knowledge's sake?

 

[whatta]

this should go to philosophy forum

 

[majora2007]

Just to add a bit more information to this topic, there are two types of hackers: Whitehats and Blackhats. (mainly) Whitehats are the hackers who hack in order to secure a system, first by exploiting it then by patching it. A Blackhat is a hacker who exploits a system and takes advantage of it by malicious means (virii, trojans, rootkits, etc.), otherwise known as a cracker. Aside from Whitehats and Blackhats, there are script kiddies and lamers. Script kiddies are the, usually, 10 year old kids who are to lame to learn about computers, the net, and the interworkings of things, and they just run some perl scripts or type in some google hacks (code that you type into google that let's you retrieve 'special' results, like inline:"hello" will find webpages with hello in their title) and deface a website. The lamers are people who read up on hacking, say they hack, but actually don't do anything at all, which in my opinion are the worst of them all.

Now to answer the question about hacking and the internet. Hackers use many techniques(sp). One technique is Brute Force/Dictionary Attacks and are used to crack into a website by testing multiple combinations of usernames and passwords, till one works. Another technique is SQL Injection and Cross Site Scripting. Other techniques include buffer overflows, injecting low level code (assembler/assembly) into a kernel, and just plain old telneting to a box and cracking the hash file. A hacker must learn a variety of information such as perl, C++, assembly, php, sql, kernel programming, unix, linux, windows xp and 2000 mainly, solaris (sometimes), ports, commands, file architecture, networking (packets, cookies, DNS, ARP posioning), encryption (Triple DES, Blowfish, Twofish, Serpent, Hash), and much much more.