It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Databases Hacked - How?
page: 15
share:
As most of us are aware databases have been, are, and will be hacked from within and without our countries borders. Hackers are attacking
corporations, government agencies, and military complexes. Even spy agencies are hacked.
My curiosity has got the best of me. I am no expert. This has been going on for years and seems to be getting worse. So how come in today's advanced security technology is this continuing? How is it the hackers can still hack with such ease.
Thanks in advance for your factual replies.
My curiosity has got the best of me. I am no expert. This has been going on for years and seems to be getting worse. So how come in today's advanced security technology is this continuing? How is it the hackers can still hack with such ease.
Thanks in advance for your factual replies.
a reply to: bucsarg
Im very new to the genre...myself as a hobby getting into programming and web design. A great site is called Hack This Site which gives you little puzzles. Basically from what im getting is you have to find the weakness...you could stare at the code of something for quite some time until you find a little error here or there. They also use tools that do some of this work for them...for example the Kali Linux Distro has tons of tools on it..which you can get for other distros as well but you are basically using someone elses software to find flaws. Once you find the flaw then that is it....
Someone like me could look at at several flaws and never even know they were flaws because I am not that good.
Also especially when something has soooooo much code...think of video games and all the little bugs they have...its just impossible to get everything right always...that is why windows has updates usually as they find weaknesses.
Get ready man...hacking is the future.
On a side note I actually use a chrome book with no identity attached to it to do most things online now...normal viruses dont work on it and since i use it to browse online only or for a few junk emails i keep for gaming stuff I literally have 0 fear if someone got access to it. Chromebooks are a couple hundred bucks and you can do 90% of everything a normal computer can....I then keep my gaming computer usually disconnected or will use that one for personal stuff like my real email...etc.
Im very new to the genre...myself as a hobby getting into programming and web design. A great site is called Hack This Site which gives you little puzzles. Basically from what im getting is you have to find the weakness...you could stare at the code of something for quite some time until you find a little error here or there. They also use tools that do some of this work for them...for example the Kali Linux Distro has tons of tools on it..which you can get for other distros as well but you are basically using someone elses software to find flaws. Once you find the flaw then that is it....
Someone like me could look at at several flaws and never even know they were flaws because I am not that good.
Also especially when something has soooooo much code...think of video games and all the little bugs they have...its just impossible to get everything right always...that is why windows has updates usually as they find weaknesses.
Get ready man...hacking is the future.
edit on 22-7-2015 by rockpaperhammock because: (no reason given)
On a side note I actually use a chrome book with no identity attached to it to do most things online now...normal viruses dont work on it and since i use it to browse online only or for a few junk emails i keep for gaming stuff I literally have 0 fear if someone got access to it. Chromebooks are a couple hundred bucks and you can do 90% of everything a normal computer can....I then keep my gaming computer usually disconnected or will use that one for personal stuff like my real email...etc.
edit on 22-7-2015 by rockpaperhammock because: (no reason given)
a reply to: bucsarg
I've been working exclusively with databases for over 20 years. Clients from Gap Inc to the State Dept and the NSA.
Databases are hacked through social engineering (faking your way into getting someone to give you their account information to access the database), standard accounts such as SYSADM with easy passwords, etc.
In all honesty, get a userid, and then just HACK away at the password. There are programs designed to try random guesses at passwords until they get in.
However, most databases have a limit of 3 times entering a bad password before the account is automatically locked.
Also, some people/places are putting userid/passwords in standard text files on their servers. Some even transmit them internally in clear text.
All bad things.
Feel free to ask anything you wish to know, if I cannot answer, I'll do what I can to find you an accurate answer.
I've been working exclusively with databases for over 20 years. Clients from Gap Inc to the State Dept and the NSA.
Databases are hacked through social engineering (faking your way into getting someone to give you their account information to access the database), standard accounts such as SYSADM with easy passwords, etc.
In all honesty, get a userid, and then just HACK away at the password. There are programs designed to try random guesses at passwords until they get in.
However, most databases have a limit of 3 times entering a bad password before the account is automatically locked.
Also, some people/places are putting userid/passwords in standard text files on their servers. Some even transmit them internally in clear text.
All bad things.
Feel free to ask anything you wish to know, if I cannot answer, I'll do what I can to find you an accurate answer.
originally posted by: bucsarg
As most of us are aware databases have been, are, and will be hacked from within and without our countries borders. Hackers are attacking corporations, government agencies, and military complexes. Even spy agencies are hacked.
My curiosity has got the best of me. I am no expert. This has been going on for years and seems to be getting worse. So how come in today's advanced security technology is this continuing? How is it the hackers can still hack with such ease.
Thanks in advance for your factual replies.
There are lots of exploits. The easiest one for SQL databases is called SQL injection.
Unfortunately,if you lock down data too hard, you make it inaccessible (even to yourself).
It is security versus functionality.
Finding weaknesses.
Older sites/databases are prone to sql injection.
Poor sysadmins.
Stupid people giving out info.
Silly passwords
etc
etc
ETA: A hacker finds a backdoor that was planted by the gov snoopers!
Older sites/databases are prone to sql injection.
Poor sysadmins.
Stupid people giving out info.
Silly passwords
etc
etc
ETA: A hacker finds a backdoor that was planted by the gov snoopers!
edit on 22-7-2015 by VoidHawk because: (no reason given)
Do you think someday they will come up with a security method other than passwords? Perhaps pictures or using a person's eye, or their sweat, or
their breath or some combination. Perhaps sounds.
Shows you how much I don't know.
Shows you how much I don't know.
originally posted by: bucsarg
Do you think someday they will come up with a security method other than passwords? Perhaps pictures or using a person's eye, or their sweat, or their breath or some combination. Perhaps sounds.
Shows you how much I don't know.
All bio methods can be hacked.
Does encryption work? What about changing password several times a day?
The ideal scenario for the hackers is to get access to the database itself and get a copy of it without being detected via a breach of network
security. Once they have the database in their possession, they can take as much time as they want try to crack the hashcodes stored inside. As was
mentioned already, normally a system will lock you out after a few attempts, but if you have the database you can try as many times as you like and as
fast as you can using your own program until success is achieved. They use brute force methods to work the problem (trying as many combinations as
possible -- often from a dictionary) and are mainly going to have the most success with those accounts that have more vunerable passwords -- such as
those using as few characters as possible or not using special characters.
In some really sad situations, the IT people do not even bother to encrypt the passwords and they are stored as clear text (human readable and usable). Only the most irresponsible IT shops store clear text passwords in their databases these days.
So I suppose the take away of it all is to always create your own password using at least 10 characters so yours is less likely to be exposed by a brute force attack once the database is compromised.
Also if you're curious, this link from Wolfram Alpha will give you some idea about how difficult things can be (numbers of combinations) for various lengths of passwords (there is an input box to change the password length and see the result):
www.wolframalpha.com...
In some really sad situations, the IT people do not even bother to encrypt the passwords and they are stored as clear text (human readable and usable). Only the most irresponsible IT shops store clear text passwords in their databases these days.
So I suppose the take away of it all is to always create your own password using at least 10 characters so yours is less likely to be exposed by a brute force attack once the database is compromised.
Also if you're curious, this link from Wolfram Alpha will give you some idea about how difficult things can be (numbers of combinations) for various lengths of passwords (there is an input box to change the password length and see the result):
www.wolframalpha.com...
edit on 22-7-2015 by ThreadTrekker because: (no reason given)
They are using quantum computers now. Quantum computers don't have to go through the wires or through the wifi, they only have to find the
geocoordinates on earth where the actual computer is, and regardless of material around the computer, like thick walls or whatever, the quantum
computer taps into a potential place in time where the computer is, without accessing the physical world. It's a hyperspace coordinate. They can see
it in front of your perspective, with qubit processing.
The alternative is to blame the obvious: the people guarding the computers aren't doing what they are told. The simplicity of cloud computing only is safe when everybody abides by the honor system, it really is a throwback from something around 1974 where they had walkie talkies using the same thing. Back then they called it not secure. These days they rediscover the hard way, not secure.
The alternative is to blame the obvious: the people guarding the computers aren't doing what they are told. The simplicity of cloud computing only is safe when everybody abides by the honor system, it really is a throwback from something around 1974 where they had walkie talkies using the same thing. Back then they called it not secure. These days they rediscover the hard way, not secure.
originally posted by: rockpaperhammock
a reply to: bucsarg
Im very new to the genre...myself as a hobby getting into programming and web design. A great site is called Hack This Site which gives you little puzzles. Basically from what im getting is you have to find the weakness...you could stare at the code of something for quite some time until you find a little error here or there. They also use tools that do some of this work for them...for example the Kali Linux Distro has tons of tools on it..which you can get for other distros as well but you are basically using someone elses software to find flaws. Once you find the flaw then that is it....
Someone like me could look at at several flaws and never even know they were flaws because I am not that good.
Also especially when something has soooooo much code...think of video games and all the little bugs they have...its just impossible to get everything right always...that is why windows has updates usually as they find weaknesses.
Get ready man...hacking is the future.
On a side note I actually use a chrome book with no identity attached to it to do most things online now...normal viruses dont work on it and since i use it to browse online only or for a few junk emails i keep for gaming stuff I literally have 0 fear if someone got access to it. Chromebooks are a couple hundred bucks and you can do 90% of everything a normal computer can....I then keep my gaming computer usually disconnected or will use that one for personal stuff like my real email...etc.
HackThisSite is actually completely outdated. However, it is a great place to get started. The forums aren't used as much as they used to be in the early 2000s. And, if i recall correctly, the founder of HTS was arrested on some sort of hacking related charges. So I do recommend looking into another website; there are a few better ones out there.
As far as Kali Linux, it is definitely fun to use and has a lot of built in tools for hacking. But if you're not familiar with Linux, you may want to do your research first. I personally have it, amd love it, but have not used it much lately. In fact, I think I've had it for too long and am ready to try a different distro.
The problem is a lot of projects don't really have security as one of the main points of the design so it gets implemented and bodged into place
possibly with all sorts of defects/bad security permissions/default passwords and once its live theres not much chance quite often to get in there and
fix the problems as management will want you on the next project asap.
Amazon don't get hacked (famous last words) as they spend a significant lot of dosh on security and its built into the design process from the start unlike Sony so it seems
Amazon don't get hacked (famous last words) as they spend a significant lot of dosh on security and its built into the design process from the start unlike Sony so it seems
I'd imagine that governing computers are only online to share data between different departments. Information is key to countries worldwide, everyone
wants to know what the other is doing. Gone of the days of spies and secret agencies todays war is mostly online, we the public just don't hear about
it as much as those like Syria or other.
a reply to: bjvanwash
hey if you can pm me those other sites...im still new so i enjoy the challenges and im really just trying to learn python and html...using code academy as well....and i always keep at least one computer with linux around...using ubuntu now.
always nice to toss linux on an older computer and its like you bought a new computer again haha
hey if you can pm me those other sites...im still new so i enjoy the challenges and im really just trying to learn python and html...using code academy as well....and i always keep at least one computer with linux around...using ubuntu now.
always nice to toss linux on an older computer and its like you bought a new computer again haha
new topics
-
Maestro Benedetto
Literature: 52 minutes ago -
Is AI Better Than the Hollywood Elite?
Movies: 1 hours ago -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 4 hours ago -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 5 hours ago -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 5 hours ago -
The functionality of boldening and italics is clunky and no post char limit warning?
ATS Freshman's Forum: 6 hours ago -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 7 hours ago -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 7 hours ago -
Weinstein's conviction overturned
Mainstream News: 9 hours ago -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 10 hours ago
top topics
-
Krystalnacht on today's most elite Universities?
Social Issues and Civil Unrest: 10 hours ago, 9 flags -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 10 hours ago, 8 flags -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media: 13 hours ago, 7 flags -
Weinstein's conviction overturned
Mainstream News: 9 hours ago, 7 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 5 hours ago, 7 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 7 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 7 hours ago, 5 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 4 hours ago, 4 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 5 hours ago, 2 flags -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 15 hours ago, 2 flags
active topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News • 60 • : CarlLaFong -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 228 • : cherokeetroy -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 72 • : yuppa -
My Poor Avocado Plant.
General Chit Chat • 77 • : JonnyC555 -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 61 • : Ophiuchus1 -
Is AI Better Than the Hollywood Elite?
Movies • 2 • : 5thHead -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues • 25 • : CarlLaFong -
Mood Music Part VI
Music • 3102 • : Hellmutt -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs • 9 • : Ophiuchus1 -
British TV Presenter Refuses To Use Guest's Preferred Pronouns
Education and Media • 164 • : Annee
5