Jump to content

Ethical Hacking


Recommended Posts

MGA MASTERS, I need an advice or some general or even first hand knowledge about this one, i know off to sa topic thread na to, recently i got robbed in my office, dumaan ata sa bintana yung magnanakaw kasi walang force entry sa main door...anyhow....whats really concern me is the data in my laptop, it has a original windows OS, three account on my windows, two admin one guest, one admin is not password protected the other is password protected, the admin which is not admin protected cannot access the files in admin with password....ano ba usually modus operandi ng mga magnanakaw ng laptop.....once they get my laptop do they format it immediately to sell? kalkalin ang files? or any tips about this matter...thanks in advance please do pitch in.

 

Your admin password will not protect you or your files if someone has physical access to the laptop. And since yours was stolen, I suggest you prepare for the worse... financial records, bank accounts, online purchases, important , sensitive documents... find ways to prevent additional damage.

 

 

The simplest way to access files on a windows hard drive is by making it a slave drive or an external drive of a linux or mac system.

 

Password crackers are readily available. There even exist a free and open source software where one can create a live-cd and boot from it. this will do the rest of the job, and after a few minutes, appears the admin password.

 

If the drive is reformatted, there are data recovery softwares that can be used to recover most of the files inside a drive regardless of how many times it has been reformatted.

Link to comment

Your admin password will not protect you or your files if someone has physical access to the laptop. And since yours was stolen, I suggest you prepare for the worse... financial records, bank accounts, online purchases, important , sensitive documents... find ways to prevent additional damage.

 

 

The simplest way to access files on a windows hard drive is by making it a slave drive or an external drive of a linux or mac system.

 

Password crackers are readily available. There even exist a free and open source software where one can create a live-cd and boot from it. this will do the rest of the job, and after a few minutes, appears the admin password.

 

If the drive is reformatted, there are data recovery softwares that can be used to recover most of the files inside a drive regardless of how many times it has been reformatted.

 

 

 

Most ng mga magnanakaw ay kailangan lang ibenta ang goods once na naacquire. hindi nila gaano pinapakealam ang laman kasi mabusisi at most of them do not know anything about cracking a laptop

 

but the problem now is yung pagbebentahan, usually mga computer stores at repair yung mga bibili nun. the least they can do is format the laptop and use it for spare parts(since yung whole laptop is a "hot item")

 

but take note that scandals are a big thing right now. i dont want to scare you but if ever you have personal videos there, beware. tinatyaga nilang hanapin yun and they have programs to open your pc, lalo na pag windows XP, then search your hard disk for videos or pics.they can even scan your deleted items

 

for your recent browsing history, kapag pinili mo ay "save this password to your pc" then you may have a problem, kasi i-open lang nila ang browser then auto log in sa FB at social sites

 

as for your bank passwords, so far our criminals are not that sophisticated enough to delve into that kasi kailangan ng advance skill set to pull it off

 

 

but the best you could do is this:

1. never store very important information in your laptop/desktop like bank accounts

2. dont lose your laptop!

Link to comment

would you hack into somebody else's computer if your boss tells you?

 

 

if you are a network security analyst or it is your job to ensure the network security of your company, then it is ok. but take note that if it is your job, you are only allowed to break into the computer and not look at the contents. ibig sabihin, pag naaccess mo na ang system files and/or desktop ng target pc mo, then your job ends there.pag sinilip mo ang files niya then that is invasion of privacy.

 

if it is not your job, the i strongly suggest not to do it kasi may deniability ang boss mo, ikaw wala, so pag nahuli ka, tigok ka kasi you have no right to access other pc.

Link to comment

would you hack into somebody else's computer if your boss tells you?

 

 

if you are a network security analyst or it is your job to ensure the network security of your company, then it is ok. but take note that if it is your job, you are only allowed to break into the computer and not look at the contents. ibig sabihin, pag naaccess mo na ang system files and/or desktop ng target pc mo, then your job ends there.pag sinilip mo ang files niya then that is invasion of privacy.

 

if it is not your job, the i strongly suggest not to do it kasi may deniability ang boss mo, ikaw wala, so pag nahuli ka, tigok ka kasi you have no right to access other pc.

 

 

to those who are interested in hacking, please take note that in order for someone to hack into something, you have to know all the inner workings of the system. this mean that you have to study a lot of things in order to have the proper skill set to do the job. i for one am not a full on hacker. i am just curious on how things work and what i can do with it. i am also considered as a lazy hacker since i constantly try to look for a simple program to do all those commands. but believe me when i tell you, you still have to study a lot. there are only a handful of one click programs you can use and they can only do limited things

 

in the movies, they portray hackers as knowing simple commands to break in any pc. that is not the case in reality. in order to hack into something, you have to know what system they are using (in order to know what vulnerabilities that they have). then you have to know where you are in that system.you also have to learn how computers think and speak.

Link to comment
  • 4 weeks later...

if you are a network security analyst or it is your job to ensure the network security of your company, then it is ok. but take note that if it is your job, you are only allowed to break into the computer and not look at the contents. ibig sabihin, pag naaccess mo na ang system files and/or desktop ng target pc mo, then your job ends there.pag sinilip mo ang files niya then that is invasion of privacy.

 

if it is not your job, the i strongly suggest not to do it kasi may deniability ang boss mo, ikaw wala, so pag nahuli ka, tigok ka kasi you have no right to access other pc.

 

 

to those who are interested in hacking, please take note that in order for someone to hack into something, you have to know all the inner workings of the system. this mean that you have to study a lot of things in order to have the proper skill set to do the job. i for one am not a full on hacker. i am just curious on how things work and what i can do with it. i am also considered as a lazy hacker since i constantly try to look for a simple program to do all those commands. but believe me when i tell you, you still have to study a lot. there are only a handful of one click programs you can use and they can only do limited things

 

in the movies, they portray hackers as knowing simple commands to break in any pc. that is not the case in reality. in order to hack into something, you have to know what system they are using (in order to know what vulnerabilities that they have). then you have to know where you are in that system.you also have to learn how computers think and speak.

 

say you are not a network security analyst but a systems admin. and the CEO wants you to check out the emails of an employee. would you do it?

Link to comment

say you are not a network security analyst but a systems admin. and the CEO wants you to check out the emails of an employee. would you do it?

 

Hi Sir,

 

I think when it comes to this request, you are covered by whatever IT policy that the company employs. If it doesnt suit any of those policy, you have the right to explain to your superior that this request may violate privacy issues in the company.

 

Cheers

;)

Link to comment
  • 2 weeks later...

Hi Sir,

 

I think when it comes to this request, you are covered by whatever IT policy that the company employs. If it doesnt suit any of those policy, you have the right to explain to your superior that this request may violate privacy issues in the company.

 

Cheers

;)

 

 

true, ask for your privacy policy. kasi there are some na merong right to read everything in the computer. example siguro ay sa CIA or sa Pentagon sa US. but i think even they have no right to access all personal email,pwera lang kung pinagsususpetya.

 

when in doubt, ask someone from your company that knows more.

Link to comment
  • 2 weeks later...

would you hack into somebody else's computer if your boss tells you?

 

well dati i was asssign with this job and also naireason ko rin regarding privacy but there was one supervisor (one of the boss relative) who said to me na "At bakit me ganung rason, e computer ng company yan, binili namin yan sa kanila para gamitin sa trabaho, hindi sa pangsarili nilang interes"

 

but looking back and thinking about this, it looks to me na tama sya

Link to comment

i think the point im driving at here is not if we use company computers for personal use or if the company has rules and regulations about it but if your superior orders you to do it period.

 

in my case my boss wanted me to hack into someones email because they wanted to prove that that employee was leaking stuff to competitors.

my boss admitted that we were breaking "rules" but it was "necessary" to get the info we need.

But since we broke the rules although necessary eh is it still "ethical" hacking?

Edited by JayZip
Link to comment

a, kung yun yung purpose, as i have said company related, then pwede.

 

yun lang, kung non IT ang position sa company, at sa iyo ipinagawa,even though you know you can do it, medyo kaduda duda.better refer to the people who have the legal rights to do it...

 

basta hinay hinay at mahirap maging escape goat.

Link to comment

say you are not a network security analyst but a systems admin. and the CEO wants you to check out the emails of an employee. would you do it?

unless that employee or the employees on that company has an email ad which are being given to them for official use then yes .. but if it is/was a personal email address of the employee say yahoo address or alike.. then thats a different storyy..

 

 

 

Link to comment

unless that employee or the employees on that company has an email ad which are being given to them for official use then yes .. but if it is/was a personal email address of the employee say yahoo address or alike.. then thats a different storyy..

 

 

 

 

 

and if he was using that personal email to send out "company info" to say competitors what would you do?

Link to comment

a, kung yun yung purpose, as i have said company related, then pwede.

 

yun lang, kung non IT ang position sa company, at sa iyo ipinagawa,even though you know you can do it, medyo kaduda duda.better refer to the people who have the legal rights to do it...

 

basta hinay hinay at mahirap maging escape goat.

 

when you said pwede eh did you mean na it is still "ethical hacking?"

 

and when you said non IT position does that include the CEO or someone in the executive level?

  • Like (+1) 1
Link to comment

when you said pwede eh did you mean na it is still "ethical hacking?"

 

and when you said non IT position does that include the CEO or someone in the executive level?

 

 

i had to read all the post again kasi parang nauulit yung mga sinasabi ko.

1.the CEO wants you to break into a computer suspected of leaking out info to other companies.

2.based on your job description, you have no legal privilege to do it, and normally you are not authorized to do it in any case

3. the only reason they asked you is because you can

 

my answer:

1. have the order in written form and signed so you have proof na hindi ikaw ang nagkusang gumawa noon

2. if you have the proof, then do what they want you to do under their supervision. nandun sila habang ginagawa mo yun

3. after you get the info you need and the job is done, include it in your job description and ask for a raise (hahaha)

 

ethical hacking pa rin in my opinion kasi you did it for a greater good.

Link to comment

Hello Guys,

 

To put it in simple context, it is hacking but with permission. Permission from whom? Can be IT Manager, Can be Owner of the company, Company Director, CEO, COO, CTO or CIO or whoever has the right or authority to order the execution of such activity. Sa course ng Ethical Hacking, ang unang binibigay is waiver or some form of document para hindi sa iyo mapunta ang sisi. If the CEO, wants you to do it, without paper then it might fall between the thin line that separates it. Again, if it is for some personal gain it falls under hacking, if it is to ensure that after the testing we can secure the information or the network then it goes to hacking. It can go around depende kung paano mo titignan. But, again dont let yourself to be the escape goat in the end. It is much better that you have agreement and everything in black and white.

 

;)

Link to comment

^

 

Thank you so much for the clarification guys.

I apologize if I was being stubborn and skeptical. Skepticism kinda brings out critical thinking in me and I am trying to draft a security document for the place I work in.

 

Anyways, from what I read eh, waiver it is. LOL. Sounds really ironic and funny that the only thing that can save you is a piece of paper.

Link to comment

^

 

Thank you so much for the clarification guys.

I apologize if I was being stubborn and skeptical. Skepticism kinda brings out critical thinking in me and I am trying to draft a security document for the place I work in.

 

Anyways, from what I read eh, waiver it is. LOL. Sounds really ironic and funny that the only thing that can save you is a piece of paper.

 

 

yup,sa mga ganyan, papel at ballpen ang seguridad. that discipline separates the black hat and the white hats...

Link to comment

^

 

Thank you so much for the clarification guys.

I apologize if I was being stubborn and skeptical. Skepticism kinda brings out critical thinking in me and I am trying to draft a security document for the place I work in.

 

Anyways, from what I read eh, waiver it is. LOL. Sounds really ironic and funny that the only thing that can save you is a piece of paper.

 

Walang problema Sir. At least we are also enlightened. There are a lot of security documents in the web na pwede mo gamitin. You can check out sans.org or ethicalhacker.net at madaming white papers, security policies etc that you might find useful.

 

;)

Link to comment
  • 2 weeks later...

ethical hacking is when you find the vulnerabilities of the system and report it to the proper person. now, you only break into the computer, find a simple proof of the intrusion (like a useless file, or the screenshot of the desktop) then you make a report to the proper person.

 

finding proof that a said file exists in a computer and extracting it is black hat or grey hat hacking

 

the difference, white hat cares about the system, blacks care about the file...

Link to comment
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...