DOCSLIB.ORG

B La C K H a T B R Ie Fin

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
B La C K H a T B R Ie Fin SensePost b l Automation - Deus ex Machina or Rube Goldberg Machine? a How far can automation be taken? How much intelligence can be c embodied in code? How generic can automated IT security assessment tools really be? This presentation will attempt to show which areas of attacks lend themselves to automation and which k aspects should best be left for manual human inspection and analyses. SensePost will provide the audience a glimpse of BiDiBLAH - an h attempt to automate a focussed yet comprehensive assessment. The tool provides automation for: a • Finding networks and targets • Fingerprinting targets • Discovering known vulnerabilities on the targets t • Exploiting the vulnerabilities found • Reporting Roelof Temmingh is the Technical Director of SensePost where his primary function is that of external penetration b specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known r vulnerabilities, and coded the world-first anti-IDS web proxy “Pudding”. He has spoken at many International Conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The i Black Hat Briefings. Roelof drinks tea and smokes Camels. Haroon Meer is currently SensePost’s Director of e Development (and coffee drinking). He specializes in the research and development of new tools and techniques for network penetration and has released several tools, f utilities and white-papers to the security community. He has been a guest speaker at many Security forums including the Black Hat Briefings. Haroon doesnt drink tea or smoke camels. i Charl van der Walt is a founder member of SensePost. He n studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British g Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars s and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish. b l a c k h Assessment automation: Deux ex Machina || Rube Goldberg a Machine? 2005 t LAS VEGAS b r Introduction i SensePost has done hundreds of external assessment e Tried and trusted methodology So…in search of an automated assessment tool f This talk is about: • What is this methodology? • Can it be automated? i • Where does automation really work well? n • Where does it simply sucks? • Why does it fail? (and can it be corrected?) • Implications for penetration testers g s digital self defense b l Principles of automation a To have an automatic process we need to code it To code it we need to have an algorithm or flow In order to have an algorithm or flow it we need to c understand the process To understand the process we need to have done it many times k If you cannot write the process down on paper you probably don’t understand it completely h Exceptions on the rule – the root of all evil Tradeoffs – if it will work in 99.99% of cases and a will take me 2 months to code support for the 0.01% of cases…is it worth it? t b r Weird perceptions i e Unix good….Windows baaaad! (meeaaaaa) ‘Hard core’ hackers will tell you that Windows sucks. f GUI apps limit you to do complex things Problem is not the OS – it’s the implementation of the GUI People think that, because it’s a GUI app, it needs to be “dumbed down” i People think that, because it’s a GUI app, it needs to user friendly n People think that, because it’s a GUI app, stupid people will use it Unix tools are mostly “fire and forget” Unix tools have difficulty showing progress g Unix makes it hard to write X11 interfaces – so ppl stick to text based interfaces BiDiBLAH uses “hot” text boxes – you can copy and paste & grep and s awk and sed all you wish digital self defense b l The demos you are about to see… a BiDiBLAH is a tool for doing attacks/assessments Its built for large networks c …we don’t have a large network …but our clients do …but we don’t want to show their network k …no...we don’t…really… SO: h Passive: IBM,Playboy Active: SensePost/VMWare a There’s just too much risk in doing this live …but everything you see is real t (some time lapse in places – I’ll tell you where) b r SensePost external methodology i e f i Vulnerability Penetration Footprinting Finger printing Targeting discovery testing n g s digital self defense b l Methodology: Footprinting a c k Find Find forward Find netblocks/ Find reverse Perform vitality Find domains sub domains DNS entries Define netblocks DNS entries testing h a t b r Methodology:Footprint:Find domains i Initial domain e f TLD expansion Name expansion Related domains i Content n matching Network (MX/NS/IP) g matching Meta data Final domain s matching list digital self defense black hat briefings Fu Google Google keywords Domain Contains Subdomains main domain? digital self defense digital Methodology: Footprinting: Find subdomains Methodology: Footprinting:Find Video Video – BiDiBLAH’s footprinting : Sub domains Hit lists possible? ll forwards Domain / T subdomain A Z MX/NS records Perform forward digital self defense digital yes Video Video – BiDiBLAH’s footprinting Forwards : Methodology: Footprinting: Forward DNS entries black hat briefings b l Methodology: Footprint: Netblocks a Trim forwards to c class C Whois k Find the AS Find other Clean routes netblocks Additional in the same AS blocks: ARIN h RIPE APNIC LACNIC AFRINIC Inspect reverse a entries t b r Video – BiDiBLAH footprinting : NetBlocks i e f i n g s digital self defense b l Methodology: Footprint: Reverse DNS a Netblocks c To netblocks Perform reverse for each IP in block k Filters Unmatched no Match filter? entries h yes Extract domain Matched Extract domain entries a More More related Do we have name no domains the domain? expanded domains t b r Demo – BiDiBLAH’s footprinting : Reverse DNS i e f i n g s digital self defense b l Methodology: Footprint: Vitality a Netblocks c Port hitlist k TCP scans UDP scans ICMP scans h a IP list t b r Vitality : Async scanning i e Sniffer f Send SYNs SYN ACK Flags & SRC RST port i n Open ports Closed ports g Send FIN s digital self defense b l Video - BiDiBLAH – Vitality (SensePost network) a c k h a t b r Final domain Initial domain Google list keywords Name Related TLD expansion expansion domains Google Fu i Contains main domain? Content matching MX/NS records e Network (MX/NS/IP) Subdomains matching ZT possible? Meta data Hit lists matching yes f Perform forward Trim forwards to All forwards class C i Whois Find the AS Clean Find other routes netblocks in the same AS Additional blocks: ARIN n RIPE APNIC Inspect reverse LACNIC entries AFRINIC Port hitlist Perform reverse for each IP in g block TCP scans UDP scans ICMP scans Unmatched no Match filter? entries IP list Filters yes s Extract domain Matched Extract domain entries More related domains Do we have More no the domain? name expanded domains digital self defense b l a w c e i v t n e r k e f f i d a – h g n i t n i r p a t o o F t b r Automation of footprint i Pheeww…glad that’s over! e Which steps are difficult to automate & why? • Domain finding f • works semi OK, but never complete [not implemented] • currently, you can learn a lot from reverse entries • Sub domain finding – easy - [DONE] i • Forwards – easy - [DONE] • Netblocks – difficult… n • AS expansion is not always good for smaller (hosted) blocks. • Whois info on these blocks are pretty unless. • No standard interface to registrars g • [Currently set to manual] • Reverse scans – easy - [DONE] • Vitality – easy [DONE (tcp only)] s digital self defense b l SensePost external methodology a c So, where are we now? k Vulnerability Penetration Footprinting Finger printing Targeting discovery testing h a t b r Methodology: Fingerprinting i e OS detection from the Internet to a firewalled host is difficult…Not just technically, but conceptually : f An Apache box protected by a FireWall-1 running on Win32 and 1:1NAT will report itself as a Windows machines on a network level…but as a Unix machine on app level..so what will it be?? i BiDiBLAH does not try to do OS detection, but rather just do banner grabbing n Using Async banner grabbing for 21,22,25,80,110,143 Multithreaded 443 (SSL) g Any banner/version can be grabbed asynchronously but it gets increasingly tricky.. s digital self defense b l Async banner grabbing – the process a Right SRC Sniffer port? c Send SYN Is FIN? Is SYN ACK? Is ACK? k Send FIN/ACK Send ACK Port 80? 0 Extract banner h 1 Extract banner Port 80? from HTTP header a Send GET / HTTP/1.0 t b r Video - BiDiBLAH: Async banner grabbing i e f i n g s digital self defense b l SensePost external methodology a c So, where are we now? k Vulnerability Penetration Footprinting Finger printing Targeting discovery testing h a t b r Methodology: targeting i With a great deal of potential targets, we want to be able to select e only those that really interests us.
Load more

Recommended publications
  • A Study of Android Application Security
    A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri Systems and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University enck, octeau, mcdaniel, swarat @cse.psu.edu { } Abstract ingly desire it, markets are not in a position to provide security in more than a superficial way [30]. The lack of The fluidity of application markets complicate smart- a common definition for security and the volume of ap- phone security. Although recent efforts have shed light plications ensures that some malicious, questionable, and on particular security issues, there remains little insight vulnerable applications will find their way to market. into broader security characteristics of smartphone ap- In this paper, we broadly characterize the security of plications. This paper seeks to better understand smart- applications in the Android Market. In contrast to past phone application security by studying 1,100 popular studies with narrower foci, e.g., [14, 12], we consider a free Android applications. We introduce the ded decom- breadth of concerns including both dangerous functional- piler, which recovers Android application source code ity and vulnerabilities, and apply a wide range of analysis directly from its installation image. We design and exe- techniques. In this, we make two primary contributions: cute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. We design and implement a Dalvik decompilier, • Our analysis uncovered pervasive use/misuse of person- ded. ded recovers an application’s Java source al/phone identifiers, and deep penetration of advertising solely from its installation image by inferring lost and analytics networks.
    [Show full text]
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • Coleman-Coding-Freedom.Pdf
    Coding Freedom !" Coding Freedom THE ETHICS AND AESTHETICS OF HACKING !" E. GABRIELLA COLEMAN PRINCETON UNIVERSITY PRESS PRINCETON AND OXFORD Copyright © 2013 by Princeton University Press Creative Commons Attribution- NonCommercial- NoDerivs CC BY- NC- ND Requests for permission to modify material from this work should be sent to Permissions, Princeton University Press Published by Princeton University Press, 41 William Street, Princeton, New Jersey 08540 In the United Kingdom: Princeton University Press, 6 Oxford Street, Woodstock, Oxfordshire OX20 1TW press.princeton.edu All Rights Reserved At the time of writing of this book, the references to Internet Web sites (URLs) were accurate. Neither the author nor Princeton University Press is responsible for URLs that may have expired or changed since the manuscript was prepared. Library of Congress Cataloging-in-Publication Data Coleman, E. Gabriella, 1973– Coding freedom : the ethics and aesthetics of hacking / E. Gabriella Coleman. p. cm. Includes bibliographical references and index. ISBN 978-0-691-14460-3 (hbk. : alk. paper)—ISBN 978-0-691-14461-0 (pbk. : alk. paper) 1. Computer hackers. 2. Computer programmers. 3. Computer programming—Moral and ethical aspects. 4. Computer programming—Social aspects. 5. Intellectual freedom. I. Title. HD8039.D37C65 2012 174’.90051--dc23 2012031422 British Library Cataloging- in- Publication Data is available This book has been composed in Sabon Printed on acid- free paper. ∞ Printed in the United States of America 1 3 5 7 9 10 8 6 4 2 This book is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE !" We must be free not because we claim freedom, but because we practice it.
    [Show full text]
  • WHO ARE COMPUTER CRIMINALS? by Kevin W. Jennings, M.S.C.J. A
    WHO ARE COMPUTER CRIMINALS? by Kevin W. Jennings, M.S.C.J. A dissertation submitted to the Graduate Council of Texas State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy with a Major in Criminal Justice August 2014 Committee Members: Brian L. Withrow, Chair Bob Edward Vásquez Jay D. Jamieson Matthew Draper Jose R. Agustina COPYRIGHT by Kevin W. Jennings 2014 FAIR USE AND AUTHOR’S PERMISSION STATEMENT Fair Use This work is protected by the Copyright Laws of the United States (Public Law 94-553, section 107). Consistent with fair use as defined in the Copyright Laws, brief quotations from this material are allowed with proper acknowledgment. Use of this material for financial gain without the author’s express written permission is not allowed. Duplication Permission As the copyright holder of this work I, Kevin Jennings, authorize duplication of this work, in whole or in part, for educational or scholarly purposes only. DEDICATION To Hal Jennings, Judy Jennings, and Matthew Draper, for showing me the path. To Sara Jennings, for joining me on the journey. ACKNOWLEDGEMENTS This dissertation never would have been possible without the support of many people who have guided me and cheered me on throughout this process. Dr. Brian Withrow was an excellent chair, and Doctors Vasquez, Jamieson, Draper, and Agustina all did their part in making this paper possible. Thank you for helping me, but even more important, thank you for putting up with me. I also need to give a big thank you to my mentor Dr. Tomas Mijares, who could not be on my committee but helped and guided me throughout the process of learning, teaching, and growing at Texas State University.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Group Project
    Awareness & Prevention of Black Hat Hackers Mohamed Islam & Yves Francois IASP 470 History on Hacking • Was born in MIT’s Tech Model Railway Club in 1960 • Were considered computer wizards who had a passion for exploring electronic systems • Would examine electronic systems to familiarize themselves with the weaknesses of the system • Had strict ethical codes • As computers became more accessible hackers were replaced with more youthful that did not share the same ethical high ground. Types of Hackers • Script Kiddie: Uses existing computer scripts or code to hack into computers usually lacking the expertise to write their own. Common script kiddie attack is DoSing or DDoSing. • White Hat: person who hacks into a computer network to test or evaluate its security system. They are also known as ethical hackers usually with a college degree in IT security. • Black Hat: Person who hacks into a computer network with malicious or criminal intent. • Grey Hat: This person falls between white and black hat hackers. This is a security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent associated with a black hat hacker. • Green Hat: Person who is new to the hacking world but is passionate about the craft and works vigorously to excel at it to become a full-blown hacker • Red Hat: Security experts that have a similar agenda to white hat hackers which is stopping black hat hackers. Instead of reporting a malicious attack like a white hat hacker would do they would and believe that they can and will take down the perpretrator.
    [Show full text]
  • Introduction
    Introduction Toward a Radical Criminology of Hackers In the expansive Rio Hotel and Casino in Las Vegas, I stood in line for around an hour and a half to pay for my badge for admittance into DEF CON 21, one of the largest hacker conventions in the world. The wad of cash in my hand felt heavier than it should have as I approached the badge vendor. DEF CON is an extravagant affair and attendees pay for it (though, from my own readings, the conference administrators work to keep the costs reduced). The line slowly trickled down the ramp into the hotel con- vention area where the badge booths were arranged. As I laid eyes on the convention, my jaw dropped. It was packed. Attendees were already mov- ing hurriedly throughout the place, engaged in energetic conversations. Black t- shirts— a kind of hacker uniform— were everywhere. Las Vegas- and gambling- themed décor lined the walls and floors. Already, I could see a line forming at the DEF CON merchandise booth. Miles, a hacker I had gotten to know throughout my research, mentioned that if I wanted some of the “swag” or “loot” (the conference merchandise), I should go ahead and get in line, a potential three- to four-hour wait. Seemingly, everyone wanted to purchase merchandise to provide some evidence they were in attendance. Wait too long and the loot runs out. After winding through the serpentine line of conference attendees wait- ing for admittance, I approached the badge vendors and (dearly) departed with almost $200. Stepping into the convention area, I felt that loss in the pit of my stomach.
    [Show full text]
  • Strategic Latency: Red, White, and Blue Managing the National and International Security Consequences of Disruptive Technologies Zachary S
    Strategic Latency: Red, White, and Blue Managing the National and International Security Consequences of Disruptive Technologies Zachary S. Davis and Michael Nacht, editors Center for Global Security Research Lawrence Livermore National Laboratory February 2018 Disclaimer: This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes. LLNL-BOOK-746803 Strategic Latency: Red, White, and Blue: Managing the National and International Security Consequences of Disruptive Technologies Zachary S. Davis and Michael Nacht, editors Center for Global Security Research Lawrence Livermore National Laboratory February
    [Show full text]
  • How Hackers Think: a Mixed Method Study of Mental Models and Cognitive Patterns of High-Tech Wizards
    HOW HACKERS THINK: A MIXED METHOD STUDY OF MENTAL MODELS AND COGNITIVE PATTERNS OF HIGH-TECH WIZARDS by TIMOTHY C. SUMMERS Submitted in partial fulfillment of the requirements For the degree of Doctor of Philosophy Dissertation Committee: Kalle Lyytinen, Ph.D., Case Western Reserve University (chair) Mark Turner, Ph.D., Case Western Reserve University Mikko Siponen, Ph.D., University of Jyväskylä James Gaskin, Ph.D., Brigham Young University Weatherhead School of Management Designing Sustainable Systems CASE WESTERN RESERVE UNIVESITY May, 2015 CASE WESTERN RESERVE UNIVERSITY SCHOOL OF GRADUATE STUDIES We hereby approve the thesis/dissertation of Timothy C. Summers candidate for the Doctor of Philosophy degree*. (signed) Kalle Lyytinen (chair of the committee) Mark Turner Mikko Siponen James Gaskin (date) February 17, 2015 *We also certify that written approval has been obtained for any proprietary material contained therein. © Copyright by Timothy C. Summers, 2014 All Rights Reserved Dedication I am honored to dedicate this thesis to my parents, Dr. Gloria D. Frelix and Dr. Timothy Summers, who introduced me to excellence by example and practice. I am especially thankful to my mother for all of her relentless support. Thanks Mom. DISCLAIMER The views expressed in this dissertation are those of the author and do not reflect the official policy or position of the Department of Defense, the United States Government, or Booz Allen Hamilton. Table of Contents List of Tables ....................................................................................................................
    [Show full text]
  • An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p. ii ABSTRACT This dissertation examines both the subculture and social organization practices of computer hackers. The concept of normative orders (Herbert, 1998: 347) is used to explore hacker subculture in different contexts.
    [Show full text]
  • Tilburg University Breaking and Remaking Law and Technology Dizon
    Tilburg University Breaking and remaking law and technology Dizon, Michael Publication date: 2016 Document Version Publisher's PDF, also known as Version of record Link to publication in Tilburg University Research Portal Citation for published version (APA): Dizon, M. (2016). Breaking and remaking law and technology: A socio-techno-legal study of hacking. [s.n.]. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 27. sep. 2021 B REAKING AND R EMAKING L AW AND TECHNOL OGY A Socio-Techno-Legal Study of Hacking MICHAEL ANTHONY C. DIZON B REAKING AND R EMAKING L AW AND TECHNOL OGY A Socio-Techno-Legal Study of Hacking Proefschrift ter verkrijging van de graad van doctor aan Tilburg University op gezag van de rec- tor magnificus, prof.dr. E.H.L. Aarts, in het openbaar te verdedigen ten overstaan van een door het college voor promoties aangewezen commissie in de aula van de Universiteit op dinsdag 28 juni 2016 om 16.15 uur door MICHAEL ANTHONY CO DIZON geboren op 13 juni 1975 te Quezon City, Filipijnen Promotores: prof.dr.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]