Global Payments is one of the largest credit and debit card payment processors in the world, handling payments for every major credit card brand. Sometime in early March, the company realized that a small group of its North American servers had been accessed by hackers. Global Payments issued a statement on Friday, acknowledging that the breach likely resulted in credit card numbers being stolen. Trading of the firm’s shares was halted on the New York Stock Exchange on Friday after share prices quickly dropped 9% on news of the breach.

Visa has already announced that it is dropping Global Payments from its list of preferred credit card processors and it’s very likely that the other big players in the industry will follow suit. Global Payments has tried to downplay the severity of the breach, noting that 1.5 million cards represents only a tiny fraction of the company’s processing volume and that the vast majority of its infrastructure is sound.

The problem facing Global Payments, however, is that its customers are not consumers – its customers are Visa, MasterCard, American Express and the other major credit and debit card issuers. It will be those companies who would be on the hook for any fraudulent purchases made with stolen credit card numbers, and those companies are absolutely not in the business of losing money because of someone else’s negligence.

Instead, the major credit card companies will seek damages from Global Payments to reimburse them for any fraudulent activity and likely for the inconvenience and cost of dealing with the issue with its cardholders. Given the number of available options to them, it would be fairly easy for the big credit card companies to move on without Global Payments, but it will be interesting to see if they are given a second chance.

“Build your own Security Lab A field guide for network testing” is great at what it is intended to be: an introduction for a novice security person in what they should be working on to get experience in the field. I have Michael Gregg’s Certified Ethical Hacker and in most terms I would say this book is more of a work book for the study guide. It gives you a feel for what equipment you will need and how the equipment should be connected, but doesn’t go to in-depth into the nuts and bolts of it.
The book includes a copy of BackTrack and a few other tools on the DVD and these items help the novice have an idea of what tools they should be looking for on the Internet, but a better idea may be to have a central repository for the tools or include the link to the tools since most of the tools were outdated by the time the book was published.
Almost every chapter or in some cases a group of chapters could be written as a stand-alone book. The author did an excellent job of summarizing some of the areas and others I felt he could have covered in more detail.
It would have been nice to see more information on sniffers and packet analyzing. The book was labeled “field guide for network testing”, but there was only a page dedicated to Wireshark. A big part of network security is analyzing the traffic that is crossing the network. The author covers some of it under Intrusion Detection, but again it is not sufficient in my opinion.
I was a little surprised by the lack of anything more than a mention of Netcat. With the value of this tool and the wide spread use of variants of the tool I would have expected a page at least of the use of the software and how it is distributed. There was no reference to Tiny and a few other tools or there variants that are in common use throughout the Internet. There was no reference to VNC, RDP or Dameware some remote administration tools that are commonly exploited on most networks.
I would have thought at this level a chapter on forensics and cryptography would have been over the top of most of the readers heads. The author does make a good job just summarizing the information just enough to wet the appetite of a serious novice. I think it would have been a great benefit to the reader to have more references to in-depth material, but a determined reader will find what they need.
The cryptography chapter gets somewhat confusing. The author is discussing symmetric algorithms and then starts discussing PGP before going back to symmetric algorithms and then goes into asymmetric algorithms. The inexperienced reader would believe that PGP is a symmetric algorithm.
Overall the book was good and the exercises were great, but anyone who has mid-level experience or greater in information security will find this book a little to novice. I have already recommended the book to a few beginners.

More Details

If your job is to design or implement IT security solutions or if you’re studying for any security certification, this is the how-to guide you’ve been looking for. Here’s how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

The book contains useful information, specially for people like me, beginning in this area. Recommended.

More Details

Dr. Ali Jahangiri, a world-renowned information technology (IT) expert, brings us the next must-have in IT training: Live Hacking, the definitive and comprehensive guide to computer hacking. Groundbreaking, insightful, and practical, this guide serves to inform IT professionals about and challenge existing conceptions of hacking, its victims, and its consequences, but with an eye to empowering prospective victims with the knowledge they need to thwart the criminal elements in cyberspace. Whether you work in a Fortune 500 company or if you’re just looking to protect your home office from hackers, this book will provide you with all the information you need to protect your valuable information. Live Hacking is straightforward, easy to read, and a reference that you’ll use again and again. It’s the kind of book you’ll want to keep in your back pocket! With a user-friendly writing style and easy-to-follow diagrams and computer screenshots.

Earlier this year Fyodor sent me a pre-publication review copy of his new self-published book, Nmap Network Scanning (NNS). I had heard of Fyodor’s book when I wrote my 3 star review of Nmap in the Enterprise in June, but I wasn’t consciously considering what could be in Fyodor’s version compared to the Syngress title. Although the copy I read was labelled “Pre-Release Beta Version,” I was very impressed by this book. Now that I have the final copy (available from Amazon) in my hands, I am really pleased with the product. In short, if you are looking for *the* book on Nmap, the search is over: NNS is a winner.

I’ve reviewed dedicated “tool” books before, including titles about Snort, Nessus, and Nagios. NNS dives into the internals of Nmap unlike any other title I’ve read. Without Nmap author Fyodor as the author, I think any competitor would need to have thoroughly read the source code of the application to have a chance at duplicating the level of detail Fyodor includes in NNS.

Instead of just describing how to use Nmap, Fyodor explains how Nmap works. Going even further, he describes the algorithms used to implement various tests, and why he chose those approaches. The “Idle Scan Implementation Algorithsm” section in Ch 5 is a great example of this sort of material. I will probably just refer students of my TCP/IP Weapons School class to this part of NNS when we discuss the technique!

One of the best parts of NNS, mentioned but explained in no other text, is the Nmap Scripting Engine (NSE). Ch 9 is all about NSE, with a brief intro to Lua and excellent documentation of using and building upon NSE. Beyond this groundbreaking material readers will find many examples of Nmap case studies from users. This and other sections help make NNS a practical book, showing how people use Nmap in their environments for a variety of purposes.

If you use Nmap, for any reason, you should buy this book. Everyone (except author Fyodor) will learn something about network reconnaissance from this text.

More Details

• ISBN13: 9780979958717
• Condition: New
• Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!

Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire.

Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.

Nmap’s original author, Gordon “Fyodor” Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http://nmap.org/book for more information and sample chapters.

A trip to the world of computer hacking, whether ethical or unethical, can be a fascinating experience for any individual. The term is often perceived as glamorous and chic, despite its darker side. Computer hacking is basically an alteration of computer hardware or software, in order to accomplish a goal which is outside the creator’s original purpose. A standalone computer is less vulnerable to hacking, as compared to a computer on a private or public network. In case of standalone computers, it is necessary to get the hands on the computer machine, whereas, in case of computers on network, unauthorized access can be gained without actually handling the machine.

Computer hacking is both an art and science, for the people who try to break into protected or unprotected networks. Art, because it involves creativity which is equivalent to the painting of a beautiful landscape, and science because of its technical aspects. People practicing unethical hacking, generally tend to steal personal information, change a corporation’s financial data, break security codes to gain unauthorized network access, or conduct other destructive activities. There are two kinds of people who indulge in computer hacking, namely those who develop an interest in it out of simple intellectual curiosity, and others with less noble motives. But the common traits amongst all hackers is that they possess technological savvy, are willing to take the risks and are passionate about various programming languages.

Computer hacking invariably involves some degree of infringement on the privacy of others, breaching the network security, and thus causing damage to confidential files, web pages or software. It may also involve downloading or alteration of files through unauthorized access, and the impact resulting from such activities will vary from being simply inquisitive to being illegal. However, many big shot companies often hire a team of hackers, in order to probe into their own loopholes. These individuals use their skills to find flaws in the company’s security system, and to prevent them from getting discovered by unethical hackers. In most cases, ethical hacking helps to prevent identity theft and other serious computer-related crimes.

Depending on the domain of their work, there are basically three types of hackers. A white hat hacker is the one who breaks security for non-malicious purposes. These purposes may range from testing the security system, to finding the major loopholes in the network. Such people normally follow the legitimate ways and work within the precincts of cyber laws. The second category includes the black hat hackers, who generally subvert computer security without authorization, with the help of viruses and various other hacking tools. These hackers use technology for vandalism, credit card fraud or identity theft. The third category includes grey hat hackers, whose domain of work lies mid-way between black hat and white hat hackers. They are of ambiguous ethics and work on the borderline of legality.

The best way to learn computer hacking is to master programming languages like Python, C/C++, Java, Perl, and LISP because these particular languages teach the programmer a very different approach towards problem solving and algorithms. This in turn provides a stronger hold on the machine and its components. However, it is not possible to reach the skill level of a hacker, just by accumulating various languages in the knowledge box. It is important to learn the algorithms and working of computers in general. It is also necessary to gain knowledge about the operating system and the various important files which are used by it.

Computer hacking is an interesting way to discover the myriad latent aspects of the wonderful world of computers. The more one tries to learn about it, the more one gets inquisitive about the different domains he can probe into. However, one should always try to understand and follow cyber laws, before trying out one’s hand at hacking.

Ethical hacking is a white hat technique, wherein the hacker breaches the security of a computer system or the network, to expose the security systems vulnerability. A career in ethical hacking, as a consultant, has bright prospects considering the dependence of the entire world on computer technology, and easy access to world wide web.

What is Ethical Hacking-
In ethical hacking, the hacker identifies the weakness in the system, but instead of taking advantage of the situation, alerts the owner, so that the later can fix the problem and make his system secured. The ethical hacker can convey the message to the owner by various means ranging from a simple phone call to leaving an electronic card in the system, as an obvious signal that the system was breached. Ethical hackers use the same tools as hackers do, but they are not a threat to the system. Some people do ethical hacking as a hobby, while some pursue it as their career.

Ethical Hacking for Beginners
It is very difficult to defend yourself against an unknown enemy, similarly in the case of hacking, it’s difficult to fight them without knowing how they work. Hackers use various methods and tools to hack into a particular system, and in order to understand their methodology, one has to get into the hacker’s shoes. Ethical hacking guide covers black hat methods used by hackers to vandalize your network, for its security. Be careful to use your own computer to practice ethical hacking. You can try hacking your own system to find the loopholes in the security. You can also hack a friends PC, but make sure that you have the permission to do so. Illegal hacking is considered as a severe Internet crime, and can earn up to 10 years imprisonment, hence it is wiser to take necessary precautions.

Basic Requirements to Become an Ethical Hacker
The ethical hacker has to possess excellent programming and networking skills, as well as good working knowledge of various operating systems. All these skills should be backed up with the knowledge of necessary hardware and software. More importantly a certified ethical hacking or cyber security course is the basic requirement to become an ethical hacker. Ethical hacking is not a process which can be executed with a snap of the finger, being patient is the important key, especially in ethical hacking for beginners. In some cases, you may have to monitor the system for days or weeks to get a single opportunity to hit the jackpot.

Privacy Issues
Privacy of the client’s information is one of the most predominant issue in the ethical hacking guide. While working on a project, the ethical hacker may come across some vital information about the user or the company. He should make sure that this information is kept secret. All the results, documented as well as in electronic format, have to be kept in safe custody. The information may mean a lot to the user or the company, and hence the ethical hacker has to respect his client’s priorities.

Computer security has become a major concern in the world today. Though ethical hackers can penetrate into your system and warn the administrators about the possible hacking attacks, it’s the administrators who have to be careful about the hazards of the advanced technologies. Make sure that the computer security system is in place and people in charge of the security are well versed with changing concepts of computer malpractices.

Hacking is a serious problem faced by the governments of the world. In this era, stealing of confidential information from the government and other organizations can cause serious security problems and financial losses. There are so many people who excel in this hacking business and they can be broadly divided into three categories:

• White hat hackers
• Black hat hackers
• Gray hat hackers

Some of the most famous hackers of all times, are listed below.

Top 10 Famous Hackers

1. Kevin David Mitnick
At the age of 16, Kevin Mitnick hacked the computer systems of Digital Equipment Corporation (DEC) and copied the software, which they had developed for their computer’s operating system and also hacked the Pacific Bell voice mail computers. Kevin used social engineering to get the confidential information of the people by manipulating them. He used cloned cell phone to hide his location from the police. He even copied the valuable software by hacking into the computer systems of Motorola, NEC Corporation, Nokia, Sun Microsystems and Fujitsu Siemens.

2. Gary McKinnon
His nick name is Solo. He is famous for hacking military and NASA computers. Gary hacked the military computers and deleted very important files from the operating systems of the computer network, which caused automatic shut down of 2000 computers for 24 hours. He also hacked 16 NASA computers. In a BBC interview, Gary McKinnon said that “he was not a malicious hacker bent on bringing down US military systems, but rather more of a bumbling computer nerd”. The government officials claim that he caused a $700,000 loss for the government.

3. Jonathan James
Jonathan James, a.k.a., c0mrade, intruded into the Defense Threat Reduction Agency (DTRA) servers and hacked the emails and passwords of the employees by installing a back door in the server. He also stole a software from NASA, which was worth $1.7 million.

4. Adrian Lamo
He hacked the computer network systems of The New York Times, Yahoo!, and Microsoft. He worked on the WikiLeaks scandal case and reported to the federal authorities that Bradley Manning, an army officer, leaked confidential information from the government documents.

5. Stephen Gary Wozniak
Stephen Wozniak (Woz) is the founder of Apple computers, who is basically a computer engineer and a programmer. He invented machines which significantly contributed to the 1970s computer revolution. He is a white hat hacker and he assembled a computer by designing his own hardware and software. He and his best buddy, Steve Jobs (co-founder and CEO of Apple), researched on frequencies and created an electronic device called ‘blue box’, to make distance calls, free of cost. Woz, once called The Pope, using his blue box and made Pope believe him to be Henry Kissinger. He received the National Medal of Technology (1985) and Doctor of Engineering degree (1989) from the University of Colorado at Boulder.

6. Kevin Poulsen
He is a former black hat hacker who crashed thousands of telephone lines connecting to a radio station in Los Angeles, named KIIS-FM, to get a prize to be the 102nd caller. He is also famous for lock-picking, money-laundering and cyber-crime, etc. He even hacked the computer systems of FBI and was sentenced to 51 months imprisonment. He is currently working as a journalist in Wired News.

7. Robert Tappan Morris
Robert Tappan Morris is an American scientist who created the world’s first computer worm which was called Morris Worm. While doing his graduation in Cornell University, Robert created this worm, which affected many computer systems. He was also accused under Computer Fraud and Abuse Act and was sentenced to three years of imprisonment, 400 hours of community service and a huge fine of $10,050.

8. Vladimir Levin
He used dial-up wire transfer service to hack the username and password of the Citibank account holders and stole $10.7 million. He was sent to jail for three years, and later Citibank upgraded their systems.

9. Richard Stallman
He is also called the ‘Father of free software’. He claims that software should not have restricted access and so he created codes to break it. He also nullified the password settings of the users in computer labs.

10. Tsutomu Shimomura
Tsutomu Shimomura is a computer security expert and a scientist from Japan. He became instantly famous for helping the FBI to arrest the famous hacker, Kevin Mitnick. He employed a cellular frequency antenna and connected it to his laptop and traced Kevin Mitnick.

Other Famous Hackers

• Linus Torvalds
• Timothy Lloyd
• David Smith
• MafiaBoy
• Loyd Blankenship
• Sven Jaschan

Intruding the computer system and various other networks cannot be done by anyone. It involves high-tech stunts and several lines of codes of programming for computer hacking. The above listed people, no matter white hat hackers or black hat hackers, have immense technical knowledge and that made them to challenge the government.

Wireless Internet access is rapidly gaining popularity over the whole world. Most people prefer the unplugged experience that wireless networks provide. Wi-fi hot spots have mushroomed everywhere and home users are also increasingly going the wireless way. A wireless network operates much like a radio station as it transmits data over the waves. While this feature enables portability and unplugged access, it has a downside, which is exposure of your network to eavesdroppers and hackers. Ergo, it’s very essential that you know how to secure a wireless network, which can effectively prevent malicious attacks.

Simple Steps to Secure a Wireless Networks

Since the dawn of wireless communication technology, security of transmission has always been an issue of consideration. The very feature of wireless networks that make them convenient alternatives to wired Internet access (radio transmission), also makes it vulnerable to hacking. Transmissions can be intercepted and your network can be hacked by eavesdroppers to gain wireless Internet access. To prevent this from happening, wireless router manufacturers have now included many security features to prevent this from occurring. The text that follows will make you aware about them. Even if you do nothing other than following these simple steps to secure wireless networks, you can rest assured that you are protected from hackers. I assume that you are familiar about basics of setting up wireless network and know about how does a wireless network work.

Upgrade to WPA2 Encryption
You can protect the data transmitted over radio waves by enabling the ‘toughest to crack’ encryption technology which is currently WPA2. When checking out wireless router reviews, see to it that it has WPA2 encryption. It is based on Advanced Encryption Standard (AES), which is the most cutting edge encryption standard made available yet. So opting for WPA2, makes your network extremely secure.

Turn On the Router Firewall
Any tutorial on wireless network setup, will tell you that every router, along with every computer that is connected to your network has a software firewall, to prevent unauthorized remote access. Make sure that while setting up your wireless router, its firewall is turned on.

Change Administrator Login Name & Password
When you configure your wireless router, you need to set up an administrator login name and password. Most people don’t change both and let them be default manufacturer set values. This is a bad idea as hackers can completely gain control over your network if they know the default values. So set up as strong a password as possible and also change the login name. In fact, it’s a good idea to keep changing the password periodically.

Change SSID Name & Disable Broadcast
You must change the SSID (Service Set Identifier) of your wireless network. If you let it be the default one, hackers generally get an idea about what kind of configuration you have, just from the name. In fact, for home networks, it’s best that you disable the SSID broadcasts and mask it from exposure to hackers.

Use MAC Filtering
You can restrict which computers have access to your wireless network by setting up MAC (Media Access Control) addresses that are uniquely set for wireless adapters installed in desktop and laptop computers. By restricting accessibility of your network to a select list of MAC addresses, you protect your network from outside access.

Turn Off Wireless Router When Internet is Not in Use
Another step for securing wireless networks is to simply turn your router off when not in use and avoid unnecessary exposure. You can save power too in the process.

Opt For Static IP Addresses & Turn Off DHCP
Most network administrators advise that you set the wireless network to allow static IP addresses that require administrative intervention instead of DHCP which assigns them automatically. The latter allows hackers to pick up IP addresses. Hence it’s a good practice to set DHCP to be switched off and opt for a restricted range of static IP addresses.

Limit Signal Strength & Position Router Smartly
Your wireless network can extend far beyond your home and fall prey to hacking attempts. If you restrict signal power of your wireless router, you can restrict the range to just home premises. This can be achieved through smart positioning of your router. To secure a network (Netgear or any other router based), this is a precaution that you can take.

Turn Off Remote Administration
Most wireless routers can be programmed remotely to make administrative changes. It is best that you turn off this remote administration facility as it also provides a chance for hackers to gain entry.

Following these steps, you will have plugged most of the vulnerable spots in the system which hackers normally use. Hope you found this short guide on wireless networking security to be insightful.