Forwarded From: Nicholas Charles Brawn <ncb05at_private> [Only a few gripes with this article. :) Firstly, I believe the commonly accepted term for a "phone hacker" was a phreak, not as this article suggests, a "fracker". Secondly, I believe the term "cypherpunk" is the accepted description for someone who is a "specialist in cracking cryptographic algorithms", though that might be smearing the term somewhat. Sounds like they're trying to whip up some new buzzwords. :) -Nick] WELLESLEY, MASSACHUSETTS, U.S.A., 1998 MAY 28 (Newsbytes) -- By Jacqueline Emigh, Newsbytes. Network "cracking" is evolving in a more malicious direction, while adding specialty areas like "fracking" and "crypting" in the process, said a member of a new anti-cracking unit at Cambridge Technology Partners (CTP), during CTP's "New Hack Tour." Really, "cracker" -- rather than "hacker" -- is the word to use in describing individuals who break into networks, said Wyly Wade of CTP's Enterprise Security Systems Group, during a meeting with Newsbytes at the CTP-sponsored conference. "Hacker" actually refers to anyone who writes program code, even an end user who scripts Microsoft Word macros, Wade told Newsbytes. Emerging derivatives of the term "cracker" include "fracker," meaning a person who breaks into phone networks, and "crypter," a specialist in cracking cryptographic algorithms, Wade added. The earliest crackers engaged in the practice for "humanitarian" reasons, such as the desire to help companies build better products, according to Wade. The humanitarians were the joined by those who cracked networks to "further the free exchange of information." Later on came groups like the PLO, which breaks into networks "purely for profit;" and finally, people whose motives are entirely malicious. Many of the newest breed of crackers are kids who are unaware of cracking's roots, said Wade, one of eight members of a new anti- cracking Internet security team at CTP. CTP, a systems integration and software development specialist based in Cambridge, Massachusetts, formed the new group, known as "Core," in response to customer requests. CTP takes a "partnering" stance with its customers, meeting whatever IT (information technology) requirements need to be addressed, Wade maintained. With Internet security a rising concern among customers, the new "Core" group stays about a year ahead of the industry at large in keeping on top of new security threats, Newsbytes was told. The job is challenging, because new "incursions," or security holes, keep showing up every day, according to Wade. A few of the more popular methods of cracking being discussed at this week's conference include the FTP (file transfer protocol) bounce attack, protocol tunneling, and tactics such as SYN flooding, which result in "denial of service." In the FTP bounce attack, crackers manipulate FTP PASV mode, using PORT and QUOTE to send scripts that allow them to gain access to unauthorized FTP servers, speakers said during conference sessions. Protocol tunneling calls for encapsulating, or hiding, one protocol inside of another, such as a telnet inside a ping request. Many tactics can be used to bring denial of service, including SYN flooding, ghost routing, and service loops, for instance. In this type of attack, users typically do not even realize a server has been hit, instead believing that the server must be busy, or down for maintenance, for example. Wade pointed out that new viruses continue to fester, as well. Viruses are already showing up in the 32-bit environment, although some people said this would never happen. And these perennials of cyberspace are certain to land on new 64-bit platforms, as well, Wade predicted. Cambridge Technology Partners is located at http://www.ctp.com on the World Wide Web. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:36 PDT