The Hindu Business Line : Easy ways to become a hacker

HERE is a typical office scene: An idle computer is running a screensaver, and there's none around. Except an intruder who tries to access the machine and so, taps the keyboard. As anti-climax, the PC responds with a message popping up to demand a password.

How smart that the users could achieve protection during their absence! But wait, Windows screensaver password can be bypassed, points out Ankit Fadia in his new book Windows Hacking, from Vikas (www.vikaspublishing.com) .

"Open the regedit.exe file. Search for the following registry key: HKEY_CURRENT_USER\Control Panel\Desktop. Delete the ScreenSave_Data value in order to reset the screensaver password," reads the how-to of a technique with a high `prank quotient.'

Playing fields are many, for such pranks. "More than 1.5 billion computers use one of the many generations of Windows. This popularity has led Windows to be quite vulnerable," writes the 20-year-old `computer security expert.'

The book has tips on: cracking all Windows passwords, locking the toolbars, disabling MSN Messenger, forcing logoff on the Start menu and so on. It may frighteningly seem, therefore, that the book can be dangerous in the hands of mischief-makers.

But Fadia's goal is `harmless fun with friends and family' so that you can guard your computer from malicious attacks. `The comprehensively researched security tips, tricks and hacks' can help you protect your system `against the most common vulnerabilities, loopholes and threats,' assures the author.

Security checklists at the end of the book speak of best practices. Run `Windows Update' every week "to patch your system against the latest vulnerabilities," advises Fadia. Also, install anti-virus software, basic firewall, and anti-spyware.

Another book, titled E-Mail Hacking teaches `the easy way' to tracing, forging, cracking and the many malicious things that can happen to mails. "Most cyber crime investigators turn to e-mail headers for evidence in any kind of e-mail related crime," informs Fadia. He should know, because he was `consulted by a classified intelligence agency' in November 2001 `for breaking an encrypted message sent by one of Osama bin Laden's men'.

E-mail headers are embedded into messages automatically, and you can analyse these chunk-wise by beginning from the bottom, he explains. Do you know that the message ID line is a critical part of the header with `valuable information about the source mail server' and also `the timestamp' such as 20040506115412 in the yyyymmddhhmmss format?

The book discusses popular tools, as for instance NeoTracePro, which is `extremely accurate' in tracing "an IP address or a hostname to its respective geographical location on a world map." The chapter on e-mail forging notes that there is no guarantee that a mail was actually sent by an authorised person. "E-mail forging attacks can easily be used to create a number of misunderstandings, cancel orders, spoil relationships, and defame corporations," cautions Fadia.

What are the countermeasures? "E-mail systems are only as secure as the people using it," alerts the author. "E-mail communication is nowhere close to being safe on the Internet." Reduce reliance on e-mail as the sole mode of communication, suggests Fadia.

Which means we can yet beat the hackers by meeting more often face to face and talking.

As in those good old days!

SayCheek@TheHindu.co.in

More Stories on : Books | Say Cheek | Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Easy ways to become a hacker