EVEN if David ”Evil” Cecil is guilty, he is not necessarily a hacking mastermind. Computer security professionals say breaking into websites and computer networks is now as simple as downloading free software, selecting a target and hitting ”run”.
Even without a specific target in mind, a method called ”Google hacking” allows hackers to find target servers running vulnerable software using just the search engine.
Advertisement: Story continues below
”If an attacker wants to get in, it’s just a matter of time really,” Ty Miller, the chief technology officer at Pure Hacking, said.
”You can use the search engine to find vulnerable companies and it’s trivial to gain access to company firewalls and administrative access to people’s systems and get straight into their internal network.”
Chris Gatford, of HackLabs, which like Pure Hacking is hired by organisations to break into their systems to test their security, said attackers with specific targets in mind often used a software tool called ”Metasploit”.
Hackers just point the software at a target and then wait while it searches for exploits in the system and, if there are any holes, provides access.
”Tools to perform complex attacks are readily available, they’re extremely easy to use and people have made good use of these tools for several years,” Mr Gatford said. ”I could teach you the basics of gaining unauthorised access in a day.”

Mr Miller said all it took was one piece of software on the target server to contain an unpatched security flaw for the entire system to be vulnerable. Even fully patched systems can be accessed if the attacker has what is known as a 0-day exploit.
”We do internal penetration tests where we act as a rogue employee or an attacker … usually within a day we’ve been able to take over the entire network, gaining access to every system and every application and also all of the user names and passwords for the company,” he said.
As the federal police Assistant Commissioner, Neil Gaughan, said yesterday: ”Even the best security systems are only as strong as the weakest link.”
The police charged Mr Cecil over allegedly breaking into a national broadband network service provider, but their investigation began when Sydney University’s website was defaced and a Melbourne web-hosting provider was attacked.
Website vandalism is so common that the website Zone-H.com, which catalogues website defacements, logs over 95,000 separate incidents a month. In 2002 when the site launched it was averaging 2500 monthly defacements.
Mr Miller said he was ‘’surprised” Mr Cecil was arrested considering the extent of cybercrime and the fact that arrests and convictions are rarely secured.
“When you’re no longer shocked that a company has been hacked but you are shocked that a hacker has been arrested, that’s not good,” he said.

Source:http://www.smh.com.au/technology/security/software-takes-brain-power-out-of-hacking-20110727-1i076.html

Following our recent report on the Firefox extension Firesheep, which allows wireless network users to easily hack into others’ accounts, this week has seen the release of Blacksheep, an extension that alerts users to the presence of a Firesheep hacker.

The news will be welcomed by regular users of unsecured wireless networks, such as those in cafes and bars, and marks the first major step towards properly addressing the issues surrounding the fragility of wireless networks.

It is these security issues that the original programmer of Firesheep claimed the release of his software was designed to highlight, although it was received with mixed opinions last month.

Some claimed that the extension simply opened up hacking to more users, allowing people to access others’ accounts in a way that was before only the preserve of those with high technical knowledge.

The ability for people to hack in such a way is not a new thing, however, and the programmer behind Firesheep stood by his original claim that the intention was to highlight the security issues and move towards solving them in the future.

Blacksheep certainly seems to be a step towards doing this and while it works purely as a flag for wireless network users, to let them know that a user on the same network is using Firesheep, and not an actual block or prevention tool, it is fulfilling Firesheep’s wish for wireless internet security to be addressed and solutions sought.

The developers of the new Blacksheep software, web security specialists zscaler, have it available to download for free on their website now.

Specifically mentioning the Firesheep extension, their site introduces Blacksheep as a “Free tool to protect against Firesheep Security threat.

Blacksheep alerts users if sessions are hijacked after logging in to a social network or email.”

Source:http://theeword.co.uk/seo-manchester/new_firefox_extension_combats_recent_hacking_threat.html