So you want to be a hacker: More resources, free and not

There are thousands of resources on the web that will teach you how hackers do what they do. They range from the legitimate resources like SANS, Security Focus (with hundreds of others) to much less savory - which we won't go into here. 

Not everyone finds these things interesting, but everyone can benefit from learning a little bit about how hackers and identity thieves operate, and there are a lot of sites that will teach you without exposing you the risks searching the seamier side of the web might. So here are a few places you can go to either learn more about computer security or learn more about how the bad guys take advantages of computer insecurity:

Wikipedia, about.com, howstuffworks.cometc. Go to these sites, type in your query, and pick the topic that most closely matches what you're looking for. About.com and howstuffworks.com usually have short courses in topics like computer security, networking, etc. At these sites you can learn the basics of just about any topic, not just computers.

csrc.nist.gov is the Computer Security Resource Center at the National Institute of Standards and Technology. Here you can find the security standards government computers are supposed to comply with (and usually don't) and you can find instructions for seriously hardening your system against attack.

Security Focus is a Symantec site that reports on vulnerabilities and has a number of security related email lists covering topics from security basics to Windows and Apple specific lists. It links to the Symantec connect site, where you can find forums and blogs on a number of topics, most related in some way to Symantec products.

SANS is THE place to go for security training. There are other places that offer good and recognised training, but SANS is the one place everyone in security knows. You could say they're the Microsoft of security, but without all the hate and ill feelings. They have a large library of free security papers written by security professionals.

 

So you want to be a hacker 2

If you feel like you're making progress at Hackthissite.org but something's lacking, you might take a gander at social-engineer.org, a site that looks at the human side of the security equation.

Unlike hackthissite, social-engineer is a work in progress, seeking the aid of others in the community to help fill in the gaps of the site. But it does have interesting and useful information. Some of the videos in the resource section look dated, but the information is still good. The most interesting parts of this site would be the blog, podcast and newsletter. The "Framework" is the most in need of information. It's basically a wiki waiting to be filled, although there is some interesting information in it.

But if you're cruising through 'hackthissite,' know everything 'social-engineering.org can teach, are ready to go to the next level, and think you might like to get serious, maybe even make a career of this security stuff, maybe it's time to look into Offensive Security, SANS, or other groups offering certification courses online and off. Depending on the certification you're seeking, courses can run a few hundred to a few thousand dollars. It seems expensive, but the amount of information in these courses is unbelievable, and well worth the price.

So you want to be a hacker...

Have you ever wondered how hackers and crackers (white hats and black hats) learn their trades? There are probably as many ways to become a hacker as their are hackers. One thing I've noticed is that a number seem to come sciences such as physics and mathematics. Others were inspired when some script kiddy at the school they taught at (and administered the server to) hacked into the school server. Some wanted to get into the school server.

If you'd like to try your hand at becoming a hacker, a fair start is at hackthissite.org. As the name suggests, hackthissite.org is a site with "missions" that teach you ways to hack into a site. The missions range from basic, suitable for students with little or no knowledge of computer security, to steganography, the art of hiding information. They also have a forum section that has discussions on a number of technical issues, including building your own computer. There are forums dedication to the missions, but be sure you've made real effort to solve the puzzle before asking for help.

So what are you waiting for? Head to hackthissite.org and become the nations next über hacker.

Smart Phones becoming big targets

Redorbit.com reports that Smartphones were a big topic at the Blackhat computer security conference last week. There are a number of factors that push this trend:

1. Smartphone users tend to have their phones with them.

2. They tend to trust their phones with large and ever increasing amounts of personal and financial information.

3. They are downloading huge numbers of apps without giving much thought to security.

There have been a couple of incidents recently that underscore the importance of security on your Smartphone. Just last Friday I blogged briefly about the wallpaper apps from China that harvested information from the phones it was installed on. Redorbit tells of another case:

"A hacker from Russia cracked into a legitimate game, planted a virus and then offered the infected app for free at a copycat website ... The software app was modified to make the smartphone call eight telephone numbers that charged premium rates and then channeled most of the charges back to the hacker. The calls added a total of $12 to a smartphone owner’s monthly bill. The software was programmed to repeat the calls once per billing cycle."

Smartphones are great tools and the apps you can get for them are amazing, but even a simple cell phone is a small computer. Some Smartphones are actually very powerful computers that we still treat like the simple phones we had 10 years ago. That's going to have to change.