Saturday, May 10, 2014

Extra hacking info

Hey everyone-In class I mentioned how things are developed with vulnerabilities built into them half the time. I forgot the videos title that I have watched about this sort of thing but I have finally remembered. If you google or youtube search " To protect and infect" You will see a 3 part video series of some very interesting topic. I hope everyone has a great summer and it was great having class with you all.

Tuesday, May 6, 2014

Revised Ethical Post


I believe in civilization. In a civilized and moral correct form of interactions with one another. I believe people that want to reflect good moral qualities should strive for: Integrity, responsibility, fairness, friendship and the mutual security of each other. Because of my moral views the only option I have with my new knowledge is to use it in a way that reflects my previously motioned values.  

I have the moral responsibility to use my new technical skills responsibly. I try at least for the most part of my time being morally righteous as a person to the best of my abilities. Is kind of like being tough to drive a tank and to know that my new knowledge can only be used in a responsible and morally correct manner other ways the new skills can cause me and the people around me unnecessary problems. Is just like discussed before, having the ability to do something and knowing that you can get away with it doesn’t make it right when you do it. I have acquired more knowledge on how to analyze, secure, and pen test a computer network.

A Door We Must Choose Ourselves - A Revisit

A power indeed we have learned, for the dark side is as tasty as the light. Although not as epic as the powers Jedis hold, I have learned a great deal from this class. These skills that I have learned have opened many doors for me. These doors, however, are no longer simply labeled as good and bad, dark and light, but rather each of these doors hold a cautionary question: "Is this ethical?"

In general, I would not perform actions on networks and computers if they have analogous actions performed on homes or organizations that I would reject; homes or organizations are defined by their property lines. As such, intrusive actions are analogous to entering someone's property, while non intrusive actions are analogous to actions performed from outside the property. Just as I would only enter a home if let in, I would only enter a network or computer if I was let in. In most cases, the method of entrance to a home or network is determined either explicitly by the home owner, or at the location the agreement to enter was made at, in either case there in a clear means and agreement of entering. As such I only enter computers or networks that I have been given explicit consent, and by extension the mode of entrance. Once inside a property, the rules of interaction are sometimes explicitly noted upon entry. There are some situations where someone is explicitly given power such as a administrator, or penetration tester. Thankfully, I do not plan on working within the IT fields. I do not wish to be put in situations where I must pick between upholding job efficiency and retaining moral code. But if I were, I would choose to uphold the privacy of people as much as I can and only breach such conditions if it was clear and imminent that the person or people risk the safety of others or breach any rules of the property. I hold this analogous to being a security guard, I would not peek into a bathroom stall unless it was clear and imminent that the person was performing actions that either endangered others or violated the organization's rules. I for one would not work for an organization who's rules did not have a clear purpose, or if they had obscure rules but did not explicitly and clearly state these rules. If these rules are not clear as a non administrator, I would proceed with caution and try to figure them out. Just as I try not to make too many assumptions when in someone's house I will not make too many assumptions in another's network or computer. I will often limit my actions to common actions performed by non enlightened personnel, so no hacking or scanning when inside a network or computer.

Non-intrusive actions are fair to me. Just as there are fences you can lean on an buildings you can look at, there are parts of a system that you are allowed to interact with such as ports. So any information gathering is fair game as long as it's information that is publicly available. And port scanning is fair game. Since I know these skills I have the responsibility to inform people if I do find any vulnerabilities when scanning. I also do not consider these vulnerabilities as open doors but instead a closed door with a faulty lock. In both cases I would not take advantage of the problem.

Although many consider packet sniffing fair game, thinking that the information is in free air, that it is information that is available to collect and decrypt. I think otherwise as I think this analogous to finding a delivery truck and opening the letters inside. So no, I do not consider packet sniffing acceptable and I would not do it.

To summarize, any information that is publicly available is fair to interact with, any intrusive action must be given explicit consent, and any vulnerabilities I find must be reported accordingly. This outline of my actions are of course a mere guideline and put into many theoretical settings. My actual actions will be based on much more than what is outlined and will require information such as the purpose of performing such actions as well who it affects and the level of communication with the people effected.

Below is a reflection I previous wrote in the original version of this post:

Throughout the class we learned how to hack. We learned how to search for vulnerabilities within a network, and exploit them. We learned that through old and possibly current systems, we are able to access the internal information not available to the public. In many cases, these actions are deemed illegal outside a virtual or closed environment. And to most, the combination of the words "hacking" and "illegal" induce an almost automatic response to labeling these actions as "bad" or unethical. But early in the class we realized that these lines are not as defined as we thought. We watched a documentary for class on Anonymous and their hacktivism. Through this film and our discussion, the class came to the understanding that laws regarding technology, just like all laws, can come under scrutiny and that its status as a law does not define it as unethical. We also ran through the scenario of being a penetration tester. We assume that since it is our job to test a system, and that we have a certain level of access to their information, that what we do is okay. But does this make it okay to sift through personal information that may be within the bounds of your contract as well? What if you realize that the company you work for runs a shady business in the side, but you are contractually obligated not to divulge any information found in the network. This is where our lines begin to blur, and where we began to paint our own lines. Because without this guideline, the task of determining what is right and what is wrong no longer default to the law, but instead it is determined by our own hands. This is our first responsibility: judging our own actions.




In class we learned how to collect packets that are sent over the network that are not necessarily meant for us. There are some arguments that suggest that these packets are free for the taking since they are in free air, and that the information in public space is public as well. But we can also liken this situation to playing catch, when we throw the ball to our friend, do we loose ownership of the ball? We ran through many similar situations regarding property, but what was apparent to me is that our current view on technological philosophy is ancient. This is our second responsibility, moving forward our philosophical views on technology.

Final Ethical Power Revised

What sorts of moral responsibilities come with the hacking powers you have acquired this semester?  Be specific and precise!  What powers have you acquired?  What responsibilities do you take on with those powers?

In this semester i have learn a lots of thing , such hacking and social engineering task. The hacking power come with  a lot abilities and responsibilities. In this semester we learn about what is ethical hacking is and what is good and bad is. As i learn ability to hack, also come with some responsibility such as when can you used this power and what low allowed to do with power.Hacking is very big deal it can used for bad thing, so we have careful when we used and who to tell. Other Power I have acquired this semester is Social Engineering. Social Engineering is very power full a person can have. This Power we can do lot of thing we take lot of information about company just by calling at company. we can used for good or bad of this abilities. In my opinion leaning this semester is we have to take responsibility.we have to thing if am not crossing  the line and what right and wrong. What is moral value.  Moral value are principle and standers  which determine whether is right or wrong.  When we have more power we have responsibility. so it depend on what principle and stander you follow.  my moral value depend on religion., so if i tried to hack some one computer , but my religion  does't let me.
i always follow the what is good  and be honest. In the class we did  social engineering task some of the task i couldn't because it was right for me and my principle. I learn a lot of think that doing social engineering that i didn't have  power  before ,  I learn how take information from and communicate. taking information it not easy, but good power to have, because you can do anything  without  hacking. reputability of this power is  we us it good way or   bad way. my principle is use good way. let other know people what could do just by taking and taking your information. 

Last Ethics Assignment (REVISED)

What sorts of moral responsibilities come with the hacking powers you have acquired this semester?  Be specific and precise!  What powers have you acquired?  What responsibilities do you take on with those powers?


The only powers I have acquired this semester is lying and tricking people into giving me information. To be honest, I don't consider them powers because people do them on a daily basis (unfortunately). Real powers would be powers people everyday wouldn't have like flying themselves up in the air, x-ray vision, super strength, transformation, and etc. Those are the kinds of power that saves people's lives. If I had super strength, my moral responsible would be to help prevent violence in the city. As a super hero, I believe in helping ours in times of trouble, being kind and honest. Although, there are pros to lying and trickery in ethic hacking. As ethical hackers, we are responsible for knowing different types of tools and techniques to help prevent computer networks from being attacked. We are responsible for upholding contracts for different companies we work for. We should never use what we learn in ethic hacking in vein, only to help others.






















Final Ethics (Revised)


           Throughout the semester, we have been exposed to an intense training on how to become ethical hackers. With the support of our two great professors, the training was full of both theory and practical sessions. What is an ethical hacker? By definition, an ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testingintrusion testing and red teaming. Today, as ethical hackers, we are asked about the sorts of moral responsibilities that come with the hacking powers we have acquired this semester. What powers have we acquired?  What responsibilities do we take on with those powers?

            First of all, let’s talk about those powers acquired. In this semester, we got to understand two main part of the exercise, which are ethics and hacking (technical). When talking hacking, we developed the skills of doing penetration testing, brutal force attacks, network sniffing, password cracking, victim exploitation, sql Injection, social engineering, DDOS Attacks (Distributed Denial Of Services), etc. With these skills, we have the power of attacking, disabling, stealing, change or destroying as well as defending information in networks and systems infrastructures.

            Secondary, the ethics part we acquired a better understanding of topics with which the ethical hacker interacts. Talking about property, a thing or things belonging to someone, an entity, or an organization. Since the ethical hacker doesn’t own a systems or a network infrastructure, he has no right to attack or still or destroy its information, unless the owner (organization) asks him to do so. How would the owner ask an ethical hacker to do a penetration testing or an sql injection, etc? There comes the term “contract”, a written agreement or commitment, especially one concerning employment, sales, or tenancy in which parties must sign, and which is intended to be enforceable by law. So when a scope is defined and agreed upon by a client or an organization and an ethical hacker, both parties are bound to this agreement or contract by showing consents. Contracts have boundaries meaning that the hacking is not supposed to do a task that doesn’t fall under the scope of the work, as well as the client have towards him.

            Finally, we learned about justice, which means doing something just, or right, or fair. As an ethical hacker, I have the power to do bad things but morally unless I’m permitted to do so, I wouldn’t do them to anyone’s property. So my responsibilities are to keep my moral and cultural values as I live in a society which has rules and regulations. My moral values are based on my personal system of honesty and integrity. Therefore I maintain a high degree of awareness to perform only the mutually negotiated items of our signed contract. In order to maintain a good relationship with customers and what is right. The culture in which I was raised has consistently stressed the importance of honesty and integrity which reinforces the way in which I would honor my professional contract with customers. Doing something which will offence someone would make me feel bad!

N.Y

Final ethics post



Original post:
The power I feel with the hacking powers I’ve learned is to my friends, family, and loved ones. I feel like I have a responsibility to let them know that these things, such as SQL attacks and password crackers, and people who do these types of things and more, are out there and they can cause major problems. I feel the need to tell my loved ones that they need to be careful with the way they use computers of any form. I’ve been continuously sharing with friends and family (especially my parents) throughout this course about various things and how they can protect themselves. That is my biggest thing. I don’t want people I know and care about to get ripped off by thieves online. Any of the hacking powers I have obtained, I have no intention of using, unless it is in a working manner when I have permission to do so. Any social engineering I would do is just me being me – being friendly. That’s just the type of person I am. I wouldn’t use any information I gathered against people, that wouldn’t be right, and quite frankly it is beneath my character.

What do you believe?  What are your values? 
Simply put, I believe there is a right way to treat people and a wrong way to treat people. I try to treat people how I would want to be treated. I try to be nice to people. I try to be fair to people. I may joke around about certain things, and if someone gets hurt, that’s unfortunate, but it certainly wasn’t on purpose. I definitely don’t believe in doing something, just because you can – as one of our ethics questions earlier this season asked. I actually like the example PZB used in class about this subject when he discussed milk – if a person needs milk and they have the money to go buy it at the store, of course I would have no problem with that, but if the person steals milk from a store or otherwise, just because they can get away with it, that’s wrong. I would say it is wrong regardless of why it is needed and regardless if a person has a family to feed and they are in dire straits financially. I can understand an argument for that last scenario, but personally I wouldn’t see myself doing it. Then again, I’m a single person living alone and maybe I would feel differently if I did actually have a family to feed and things  got to that point.
The above is also how I feel about hacking and the computer world as well. Just because a person has the ability to trick people or hack into people’s systems, that doesn’t mean they should do it. As I’ve stated in class – although I realize it is unrealistic, I don’t believe IT security and related professions should even be needed because people shouldn’t be trying to access other people’s information or flat out steal from other people, that’s just not how I was brought up. When I was younger I did my fair share of downloading music that I shouldn’t have. It was kind of the thing to do, and at that point I didn’t realize it wasn’t supposed to be happening. Now, any music I download is from iTunes and I pay for it. I’ve told people this, and they look at me funny and say I’m stupid. I might be stupid, but at least I’m honest.
Hopefully all of the above fulfills what I was supposed to write about in this assignment – now for this: 

 Now, why is that the case?  Why is that the right thing to do?

So, why is all of that important to me? Again, it goes back to my parents and how I was raised. I was raised to earn an honest living, not take from others. I’m not saying I’m a perfect person, far from it, but I do my best to live a virtues life, and I try to surround myself with friends who are the same way.
Think about it this way, how does it feel when you get your information or money or secrets or whatever stolen from you? How does that make you feel? My guess would be pretty crappy or pretty upset or hurt or violated or some combination of all of the above. I leave you with this, why would you want to do that to someone else, and make them feel that way?

Monday, May 5, 2014

Cyan for the last!

For starters, this class has been one of the better CIT classes I’ve taken since I’ve been attending this college. I have learned quite a lot of very cool and interesting things, especially the newfound hacking skills I have acquired. I may not currently be sharp with using these skills, however with practice, I can easily develop these skills (Something we’ve been doing the entire semester with the SE skill).

Hacking powers, these skills are wonderful to have. The power to penetrate high level security systems and do recon on valuable data, which can use to get what you want. Now, that brings up the question, is getting what you want using those skills the right thing to do? Is it moral? Well, my answer to that is, OF COURSE NOT! You can’t just go about taking stuff that does not belong to you. You may have the bigger “balls”, but stealing is not considered morally acceptable. I may know how to crack FTP usernames and passwords using brute force techniques but I won’t be going around to people’s FTP servers and trying to break into it to get whatever I want. I wasn’t given the permission to go into their server, so I have no right and to be in there. Also, I have the knowledge and skills necessary to socially engineer users into getting crucial information from them about their company, which can put them at risk of loosing their job. If I don’t have the job title of “Penetration Tester” for their company and even if I was, and wasn’t given the authority to do it, then I have to right to go around and socially engineer people until I know every dark secret about them and the company: I can get into a lot of trouble if I did and got caught. With these skills I’ve acquired this semester, I’m going to have to be careful when, and how I use them and (if I do use them) use them for the right purpose and not deface anyone’s property.

Although I have attained a lot of power, I have not completely mastered all of the hacking techniques I have learned. The only skill that I believe I have developed a lot is my social engineering skills. At the start of the semester, I didn’t think I would have survived doing the social engineering tasks but as I got more into doing it, it became easy and fun.

"With great power there must also come--great responsibility!"

I take all responsibilities on these powers. It is my duty to realize that these powers are for the betterment of me and everyone around me, not to hurt and destroy. Although, I argued that justice is used by the powerful to control those that are weak, I will try to be just in my decisions and keep within the confines of the law.

So, I kind of answered why already, but I’ll try again, with a twist. Let us start by defining the term “Why”. A simple google search shows that ‘why’ can be defined as a reason or explanation. Now, why did I define the term “why”? Some people might not know the proper way of finding out the definition or even use of the term ‘why’, however, I do know how to find a definition and I do know how to use the term ‘why’. So I make it a priority to inform about the definition and use before I actually use it. It’s something I find to be quite helpful in a lot of research papers and essays, showing the reader that you know how to use the points and that they have the right to know and use it as well for the betterment of not only themselves but for that of everyone around them. Same thing with the skills I have acquired. It’s not only for me to know and for me to use for my own needs. It’s to be used and shared with others so that they will also know and use for the improvement of everyone around them.

I just sent your nickname emails an important message with a form for the course evaluation.  Please email me if you didn't get the message and I'll send it to you.

Ethics FINAL!


In my current journey of Ethical Hacking, I have learned many new skills but the main ones I feel that will further my concentration in I.T are social engineering, masking malware/keylogger into look alike programs, and more importantly an understanding of power and control in the field. First social engineering has brought me to an understanding that not everyone in life, or the world are who they seem they are. Given that maybe 90%+ of the population of people we come to interact with may seem harmless but it’s the little things in life that people don’t pay attention to, which may come back to haunt them.
            I refuse to be social engineered after being in this class. What may seem harmless in class will not be the same in real life. We are constantly bombarded with social engineering at a workplace that most of the time we do not think about. It is important “I” as an educated I.T personal do not fall victim to social engineering. This important to me as the powers I have acquired through this class may make me invulnerable to such attacks. J

When I worked in Fidelity, people were being social engineered on a daily basis and most of it was harmless, it was noticeable in businesses that this is becoming a norm. Social engineering such as shoulder surfing, piggybacking, passwords sharing are extremely common in day to day activities. What I did not realize was this was a really bad practice and not just that, but the lack of security enforcement through the I.T team. Nobody honestly cared other than fulfilling their jobs.
I did not understand the trend going on in business workplaces where people shared passwords through active directories. We had specific logins where our account ID’s would have specific access to certain materials. This yielded lack of responsibility and failed to ensure ownership of errors and poor decision making that could fall into the wrong hands. This is not how a business should be ran from a security point of view.
There was never an issue with any of the mentioned activities but I realized that once something does happen, it could get really ugly, really fast. Jobs could be lost, people could get fired, managers & supervisors could get written up etc.. Further, I have learned that it is not hard at all to hide simple keyloggers into everyday programs such as internet explorer or firefox. There are some keyloggers out in sourceforge.net that will not show up as malware. Also I have noticed friends and family around me fail to be aware of phishing emails and the drive-by malware downloads. They will click on anything and everything that they get in their e-mails. I can say my I.T awareness are much higher than prior to me engaging in the class.
During production hours, I have never seen such a poor attitude and commitment to their job. We had dozens of team members including supervisors and management keeping themselves busy with facebook posts, flash games, and social e-mails. During my time there, we had 2 major incidents where phishing e-mails were clicked on and some yielded worms which took almost 2 weeks to get rid of. These e-mails that undereducated staff members clicked on spread throughout the internal network of contacts and quickly reproduced itself thousands of times in everyone’s mailbox. Results included shutting down e-mail services, and hundreds of hours of wasted time. Again, these situations are not ideal and are a total waste of resources. If I was I.T supervisor, I’d turn off certain ports such as HTTP:80/ or even block certain webpages such as facebook/social media, and disable the installation of java and flash players. These are the most common ways of workers misusing the internet while in production.
Last but not least, I don’t know if this is considered a power or not, but I’ve come to understand and learn the use of power and self-control in the field. In every job I’ve been at, you are given some type of login and password, whether admin or not, there are an insane amount of information you can get with such logins, I knew before I got laid off, I could of easily disclosed confidential information by being a disgruntled employee and gotten away with it since 95% of workforce was told be laid off. During my last weeks of employment, I was given a final task to break down the entire network of PCs, and was given all types of access physically into secure areas of the building and remotely to reestablish access to other data center sites located in other states. I have learned that given such privileges and access comes with strong desire and will to control it. This was something that was entrusted to me and not something to be abused with. Obviously being disgruntled and all, I did what was the right thing to do, finish my job and understand the limits and boundaries of what I should and shouldn’t do.
            This is not a power but I’ve learned the value of my moral responsibility when it comes to information technology. Knowledge is power, but also the understanding and preaching of such knowledge is important to me. I want to educate the people around me at home, and at work that the internet is a wild place to be in. You can get yourself in problems really quickly. There are dozens of defensive measures one can take. Often I find family members bringing me their PCs or workstations to be fixed either for viruses/malware or for upgrades. I’ve also learned that family members will buy anything they’re told they need at places such as Best Buy. It pains me to see people who need laptops for school buying 1300$ apple or ultrabooks when they could of easily bought what they needed at less than HALF the price. I also want to educate others around me on the importance of I.T security. As technology evolves further, there is a need for security. Viruses and malware are hitting the marketplace harder than ever in Android, iOS, and even Windows Stores in the mobile market.

Sunday, May 4, 2014

Freedom's Requiem

Hello,
First i would like to answer the spider-man question? How would I do it if i were spider-man? Everyone gets one. If i already saved you and you are in trouble? Too bad, should have thought it out. Everyone gets one.
What powers have I acquired? None really. I could already BS which is the backbone of social engineering. as far as technical hacking powers, I learned the power to Google it and figure it out for myself. What can I do with a database that has access to all information ever known to mankind? i know what you are thinking, cat pictures or pornography. Nope. Wrong answer. Just think about the weight of being able to learn any skill with a click of a mouse or be able to access any piece of knowledge that is protected or otherwise. That in itself is a huge responsibility. Do I use this power to teach myself skills that would compromise the integrity of the internet or society in general? Or do I use it to learn and better myself as a person? Do I focus on personal development and then channel that into efforts that benefit society as a whole? I felt the need to reference this as a power because as most people don't realize or take for granted that it exists. Imagine if some of history's greatest minds had access to this unlimited resource? The sky is the limit. The moral responsibility with this is measurable as well. We should all use this together to expand on our current knowledge and attempt to better society. To not use it as a platform for racism, anarchy, as well as other nefarious deeds. I personally take on the responsibility that now I know there are methods out there to break into computers or commit cyber crimes such as fraud, I must not take part in those crimes. I should with my knowledge try to put a stop to people that are engaging in such behavior. I should use my knowledge to make other people aware that their information may not be safe, and methods they could use to enhance their own personal information security.

Edited 5/2/14

Per our discussion in class you wanted more specificity. The why. I felt I illustrated it some what clearly but I will elaborate. Why is the information on Google or googling in general considered a responsibility? We have access to a shared resource that can answer any question or teach any skill known to mankind. There are unlimited sources for your questions to be answered. That is a huge responsibility. Why? Because I could use that knowledge to build bombs, rob banks, social engineer or scam people, make and/or sell drugs and every other awful thing that my brain could imagine. It is all on there. My imagination is my only limit.  Before we didn't have that type of exposure but now anyone can manipulate information for their own personal gain. Why are those things wrong? Because they could potentially cause serious harm to a great number of people? Why is harming people wrong? Because it is. It violates the law and our moral responsibility to not hurt and maim others. So what should we use it for? Good. What is good? The active effort to improve society as a whole through thoughtful and considerate actions. The effort to try and help people and create things or ideas that improve the quality of people's lives whether it be by making them smile or curing cancer. Any degree of effort to improve anything for the greater good is in itself good. Also trying to actively stop people from using it to commit evil acts if it is within your power. In addition my definition of the "right thing" is to do what you consider right when no one is looking. Not to have an agenda to do it for praise or personal gain. The reason power and responsibility are connected is you need to be careful how you use your powers. If you have the ability to commit outrageous acts of sabotage and violence you should not engage in said acts and use your knowledge of this medium to teach others how to stop and prevent those malicious actions from hurting others. Become a beacon of light in the fight against darkness. Use your past transgressions or associations as a vessel of good to pave the way for others. You can be an instrument of change in this otherwise obtuse world. That is your responsibility in regards to your powers. This applies to other things such as your voice, your heart and your will to live and breathe free air. To use those tools to the best of your ability to make the world a better place.   I feel this expresses my idea on this subject and to elaborate further would be redundant. Thank you for your time.

Respectfully

Jake

Friday, May 2, 2014

last ethics assigment

What sorts of moral responsibilities come with the hacking powers you have acquired this semester?  Be specific and precise!  What powers have you acquired?  What responsibilities do you take on with those powers?

What do you believe?  What are your values?  Some of you did this, but not all.
-the ever-present question, "Why?"  So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is.  Now, why is that the case?  Why is that the right thing to do?

   among this semester; we have gather/acquired some special powers. Hacking and Social Engineering being the most common and most powerful ones. HACKING: with this power of hacking, comes many special abilities, upload a file, fishing, this power of hacking is  a great one, that we need to protect and take care of it.
With this power of hacking, comes a great responsibility of to know when to use it. Among this semester we have learned ethics, and they have thought us what is good, bad, precise and unpresise.
is in our conciense, to determine as to where to use and how to protect; we cannot go around telling everyone that we have these abilities, they are for people with the right "level of access" only. Hacking can do a great deal of harm to any person,  therefore we need to protect this abilities and only used them whenever necessary, whenever we have a job, or whenever we believe that is necessary, and also whenever the law allow us, it will be better.
my moral values of no doing wrong to none, be honest,  this values among with my religious belief wouldn't allow me to hack someone or do harm in that manner to a person; my ethics of always ebing honest, loyal, careful, dedicated, all of those are things that wouldn't allow me to attack someone that is in a clearly disadvantage or just hack for the fun of it...  
SOCIAL ENGINEERING; the most brutal, and dangerous way of attacking a company or a person. Through Social engineering, we can hack, impersonate a person, do recon, we can gather as much information as possible, and when we have accomplished our mission. PUFF!!disappear.
it depends on how we use this ability. At least for me there are certain things taht shouldn't cross the line, certains things that shouldn't be done, so My Social Engineering abilities,we can say are somewhat limmited by my moral values, do that they are the ones who help me to live with a clear conscience. this also has somet ethics values to it, like certain task that i believe are right and some are wrong. for me i wouldn't be able to lie to someone for a very long time, or to get somebody to do something wrong from me, although i admit it would be cool. but if i do that, what have i accomplished? in order for me to feel proud of what i am doing, or about to do i need to do it myself or at least that the person who does know she/he is doing it for me, and don't lie to her.
the everquestion as "WHY"  my moral responsabilitiy is to have a great responsability with my powers. i may live in a different world that most of the people were this world is balanced, and at the same time is rule by God. is my faith, ethics, and moral values that throughout the years it ahd help me to build up my character. the right thing to do is what i beleive is right, and what my concience, moral values, ethics, tell me to is right. i can no live in a life, where i have the oportunity to do the right thing, and don't do it. i know and am clearly aware of the world we live in, but that doesn't i have to be part of this twisted world.
i always remember a quote said by Shakespeare " Love all, trust a few, and do wrong to none"
So as For me go, i take take full responsibility as to what, and where use this abilities, and even so if i feel somewhat weird, then i should simply try another skill, or ability that i have learn.
because Remember  THE POWER IS SOCIAL ENGINEERING, THIS POWER HAS A LOT OF "ABILITIES";)..

 

Wednesday, April 30, 2014

Last Social Engineering task

My last social engineering task was to get two landlines numbers from a couple of our fellow players or a couple of home address. For this task I wanted to use most common resources available online that reverse name or phone number lookup. I have two home addresses and I think I could get more but I need to do verification of the other address. As far as the phone numbers go, I was able to find landlines that might not belong to any of the players but according to my resources thy might belong to someone close to them such parents or relatives. Without even looking for any of the follow information I was able to find: Facebook profiles with pictures of a few players, some YouTube videos, LinkedIn profiles and some other information about the players that would come up by googling their name and connecting dots, example: a scholarship (very nice). I even know what high school he graduated from, etc. I would not call this one a fail, I would call it an incomplete as THERE IS SO MUCH MORE-information that can be found in the internet.

Tuesday, April 29, 2014

Ethics stuff (last one!)

Revise your post.  Pay special attention to two things:
-specifics.  What do you believe?  What are your values?  Some of you did this, but not all.
-the ever-present question, "Why?"  So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is.  Now, why is that the case?  Why is that the right thing to do?

Submit this by 2:00 PM on Tuesday one week from today--essentially, right before our next (and final) class.

IF YOU WANT, see an earlier post for the extra credit portion for ethics.  If you need the Right and Wrong handout (necessary for the extra credit project), email me and ask.

Don't forget!  We have a special ethical hacker guest coming next week to do a Q&A with you.  Please prepare good questions for him!



Final Social engineering challenge

for my final challenge I came up with a list of names that included interns who were previously or corrently employed at my place of employment. I showed these names including Links to Facebook, Linkedin and other information that a hacker would be able to use. Prof L seen this list and said to make a post to reference it. In order to protect the confidentiality of these individuals whom have their information available I restrained from posting this information publcly.

Final Ethics Post-Power and Skills



What sorts of moral responsibilities come with the hacking powers you have acquired this semester?  Be specific and precise!  
When it comes to the tools and skills learned in this course, the moral responsibilities is to the betterment of a community as a whole. In regards to ethical hacking, one must respect the laws that are in place when paid to perform a penetration test for a company. Ethical hackers are employed as penetration testers, network analysts and intrusion analysts. These individuals have the skills and the knowledge that other have but the difference is they work for a common good for the betterment of people or society. In contrast, hackers and criminals work to take advantage of exploits and security issues in order to cause monetary damage or earn financial gain. 
“With great power there must also come--great responsibility!”
What powers have you acquired?  What responsibilities do you take on with those powers?
One thing that reminds me of this quote is something I heard on one of my favorite shows. While watching Bill Maher he stated that the “only thing that stops bad guys with nukes is good guys with nukes.” This concept is applicable to someone who owns a firearm. When you have power that can affect others in a negative or positive way it takes great responsibility, good morals, practical ethical standards and a cause for the greater good to sustain that power. Through the skills taught in this course from the various aspects of ethical dilemmas and the tools such as DDOS attacks, stealing data without leaving traces, social engineering games and tasks, SQL and malware injection and other hacking tools; it takes someone who has great morals and a common cause for the greater good to harness these skills and put them to good use. Technology exists to make our life easier and advance our way of living. It is not a means to spy on people who are innocent, cause malice to others or businesses or other malicious behavior. One example is my opinion is how Edward Snowden expose the NSA and the various programs they had in place that were a direct violation of peoples rights and the constitution. When someone is employed for a specific job they take pride and passion in performing this duty, if the duty at hand does not align with their morals then it is their decision to make a call and decide what to do. I might make statements or reference things that seem extreme is some cases but there is a reason why I choose to do so. We do not live in a perfect world and everyone does not desire the same things. You have to expose the truth no matter how unpopular or harsh it might be. It takes a good guy with a gun (and balls) to stop a bad guy with a gun. Nine times out of ten, if the bad guy knows there is a good guy with a gun it would prevent the crime from occurring. The cause for a greater good should be the responsibility of a penetration tester. Using the skills learned in this course to help prevent the next DDOS attack, virus infection, or TJX exploit should be a part of your core responsibilities.

Monday, April 28, 2014

Power!!!


            Throughout the semester, we have been exposed to an intense training on how to become ethical hackers. With the support of our two great professors, the training was full of both theory and practical sessions. What is an ethical hacker? By definition, an ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testingintrusion testing and red teaming. Today, as ethical hackers, we are asked about the sorts of moral responsibilities that come with the hacking powers we have acquired this semester. What powers have we acquired?  What responsibilities do we take on with those powers?

            First of all, let’s talk about those powers acquired. In this semester, we got to understand two main part of the exercise, which are ethics and hacking (technical). When talking hacking, we developed the skills of doing penetration testing, brutal force attacks, network sniffing, password cracking, victim exploitation, sql Injection, social engineering, DDOS Attacks (Distributed Denial Of Services), etc. With these skills, we have the power of attacking, disabling, stealing, change or destroying as well as defending information in networks and systems infrastructures.

            Secondary, the ethics part we acquired a better understanding of topics with which the ethical hacker interacts. Talking about property, a thing or things belonging to someone, an entity, or an organization. Since the ethical hacker doesn’t own a systems or a network infrastructure, he has no right to attack or still or destroy its information, unless the owner (organization) asks him to do so. How would the owner ask an ethical hacker to do a penetration testing or an sql injection, etc? There comes the term “contract”, a written agreement or commitment, especially one concerning employment, sales, or tenancy in which parties must sign, and which is intended to be enforceable by law. So when a scope is defined and agreed upon by a client or an organization and an ethical hacker, both parties are bound to this agreement or contract by showing consents. Contracts have boundaries meaning that the hacking is not supposed to do a task that doesn’t fall under the scope of the work, as well as the client have towards him.

            Finally, we learned about justice, which means doing something just, or right, or fair. As an ethical hacker, I have the power to do bad things but morally unless I’m permitted to do so, I wouldn’t do them to anyone’s property. So my responsibilities are to keep my moral and cultural values as I live in a society which has rules and regulations. Doing something which will offence someone would make me feel bad.

N.Y

A Door We Must Choose Ourselves

A power indeed we have learned, for the dark side is as tasty as the light. Although not as epic as the powers Jedis hold, I have learned a great deal from this class. These skills that I have learned have opened many doors for me. These doors, however, are no longer simply labeled as good and bad, dark and light, but rather each of these doors hold a cautionary question: "Is this ethical?"

Throughout the class we learned how to hack. We learned how to search for vulnerabilities within a network, and exploit them. We learned that through old and possibly current systems, we are able to access the internal information not available to the public. In many cases, these actions are deemed illegal outside a virtual or closed environment. And to most, the combination of the words "hacking" and "illegal" induce an almost automatic response to labeling these actions as "bad" or unethical. But early in the class we realized that these lines are not as defined as we thought. We watched a documentary for class on Anonymous and their hacktivism. Through this film and our discussion, the class came to the understanding that laws regarding technology, just like all laws, can come under scrutiny and that its status as a law does not define it as unethical. We also ran through the scenario of being a penetration tester. We assume that since it is our job to test a system, and that we have a certain level of access to their information, that what we do is okay. But does this make it okay to sift through personal information that may be within the bounds of your contract as well? What if you realize that the company you work for runs a shady business in the side, but you are contractually obligated not to divulge any information found in the network. This is where our lines begin to blur, and where we began to paint our own lines. Because without this guideline, the task of determining what is right and what is wrong no longer default to the law, but instead it is determined by our own hands. This is our first responsibility: judging our own actions.

In class we learned how to collect packets that are sent over the network that are not necessarily meant for us. There are some arguments that suggest that these packets are free for the taking since they are in free air, and that the information in public space is public as well. But we can also liken this situation to playing catch, when we throw the ball to our friend, do we loose ownership of the ball? We ran through many similar situations regarding property, but what was apparent to me is that our current view on technological philosophy is ancient. This is our second responsibility, moving forward our philosophical views on technology.