This book has not been compiled and written to be used as a tool by individuals who wish to carry out malicious and destructive activities. It is a tool for people who are interested in extending or perfecting their skills to defend against such attacks and damaging acts. In this chapter, we’ll discuss the following topics:
Why You Need to Understand Your Enemy’s Tactics
Let’s go ahead and get the commonly asked questions out of the way and move on from there.
Was this book written to teach today’s hackers how to cause damage in more effective ways?Answer: No. Next question.Then why in the world would you try to teach people how to cause destruction and mayhem?Answer: You cannot properly protect yourself from threats you do not understand. The goal is to identify and prevent destruction and mayhem, not cause it.I don’t believe you. I think these books are only written for profits and royalties.Answer: This book was written to actually teach security professionals what the bad guys already know and are doing. More royalties would be nice, too, so please buy two copies.
* Recognizing the Gray Areas in Security
Since technology can be used by the good and bad guys, there is always a fine line that separates the two. For example, BitTorrent is a peer-to-peer file sharing protocol that allows individuals all over the world to share files whether they are the legal owners or not. One website will have the metadata of the files that are being offered up, but instead of the files being available on that site’s web farm, the files are located on the user’s system who is offering up the files. This distributed approach ensures that one web server farm is not overwhelmed with file requests, but it also makes it harder to track down those who are offering up illegal material.
Various publishers and owners of copyrighted material have used legal means to persuade sites that maintain such material to honor the copyrights. The fine line is that sites that use the BitTorrent protocol are like windows for all the material others are offering to the world; they don’t actually host this material on their physical servers. So are they legally responsible for offering and spreading illegal content?
* Where Do Attackers Have Most of Their Fun?
Hacking into a system and environment is almost always carried out by exploiting vulnerabilities in software. Only recently has the light started to shine on the root of the problem of successful attacks and exploits, which is flaws within software code. Most attack methods described in this book can be carried out because of errors in the software.
It is not fair to put all of the blame on the programmers, because they have done exactly what their employers and market have asked them to: quickly build applications with tremendous functionality. Only over the last few years has the market started screaming for functionality and security, and the vendors and programmers are scrambling to meet these new requirements and still stay profitable.