Lesson 1

Information Systems Security & HardwareSecurity & Computer Hardware Course for Teens

Lesson 1Being a Hacker

Course Design by. Peleg (based on the origianl Hacker High School and Youth Technology Corp)

2

Rules

Homework Assignments No Late Homework

Discussion with your classmates is encouraged; however, you must not copy each other’s work.

The school has a strict policy against plagiarism.


3

Rules

If you copy a sentence, it shall be in italics with proper reference. Ifyou copy a paragraph, it is considered plagiarism.

If two students use the exactly same sentence on the homework, both receive zero credits for the homework.

If two students submit identical homework, both get F.A report goes to the academic office and

associate dean. Cheating on an exam or quiz will result in a 0 on the

exam quiz and an F for the course.A report goes to the academic office and

associate dean. You are encouraged to discuss the homework, but DO NOT

look at each other’s homework. Zero tolerance on violation of academic integrity.


4

What is a hacker?

Someone who plays golf poorly Someone who is inexperienced or

unskilled in a particular activityan expert at programming and

solving problems with a computer (White/Grey Hat)

a person who illegally gains access to and sometimes tampers with information in a computer system (Black Hat)


5

Learning

Hacking, in reality, is a creative process that is based more on lifestyle than lesson.

What we teach today may not be relevant tomorrow.

You must embrace the habits of being constantly vigilant in learning.

Only then will you become a great hacker.


6

Are you a kiddie…?

It is much better for you to embrace hacker learning habits, which are probably the most vital part of hacking and will separate you from the script kiddie (a person who runs hacking tools without knowing how or why they work).


7

Concepts

If you do not understand a concept then: Ask me… Research it Please SPEAK UP!

Ignoring concepts will only make it difficult for you to understand concepts in other workbooks and parts of this and future lessons.


8

Investigation

You will need to investigate concepts and topics

Use: Computers Hacking Internet Books Magazines Etc.


9

Who makes a good hacker? Great hackers are well rounded and

creative. Many of them are painters, writers, and designers.

Hacking skills can also be applied to other fields, such as Political Science (see The Prince by Machiavelli for an example).

Remember, hacking is about figuring out how things work regardless of how they were designed to work.


10

Books

Those paper things collecting dust on your shelves at home.

Yes, those old musty “books” actually hold a wealth of knowledge.

…and you do not need to plug them in…WOW!


11

More Books

Nothing will help you more than reading a current book on the subject.

Books get old right? How can a old book help you?

The secret is to learn to see the fundamental structure underneath the thin skin of details.

Computers are still based on Boolean Logic.

What is Boolean Logic? (Research it…)


12

Even More Books

The Art of War by Sun Tzu covers fundamental principles that still apply today, and it was written in the 8th Century B.C.


13

Yep! We are still on Books…

A writer spending a year writing a book is more likely to check facts than someone who is updating a blog six times a day

Remember – accurate does not mean unbiased


14

Do you need to read cover to cover?

No! Jump through the book, backwards

and forwards, just as you would bounce from link to link in a web page.


15

Magazines

Timely information Short not in depth “Pop Journalism” isn't always

“Accurate journalism” Good for social engineeringWhat is Social Engineering?

(Research it…)


16

Magazines continued…

Consider the theme or topic A Microsoft magazine will play down

Apple and vise-versa Read an interesting fact in a

magazine, look into it further Pretend that you believe it, and look

for confirmations, then pretend that you don't believe it, and look for rebuttals.


17

In Class Exercise 1

Search the Web for 3 online magazines regarding Security

How did you find these magazines? Are all three magazines about

computer security? Do you believe the material on the

site? Yes, why? No, why not?


18

Do you have a zine I can borrow?

Zines are small, often free magazines that have a very small distribution.

Is the New York Times a zine? How about “Bob’s house of rocks and

stones”? Ever hear of 2600?


19

2600

www.2600.com

Autumn 2009

February 1987


20

Blogs or Bogs I always forget…

Blogs are a modernization of the zine. Like zines, however, anyone may criticize

a story and show an opposing opinion. Remember…Question and do not take

information at face value. Always ask yourself “Does the author

have a ulterior motive?” Are they trying to SELL you something. Best test: “If you found a gold mine

would you share it?”


21

In Class Exercise 2

Search the Web for 3 zines regarding computer security.

How did you find these zines? Why do you classify these as zines?

Remember, just because they market it as a zine or put “zine” in the title does not mean it is one.

Search the Web for 3 blogs regarding computer security.

What communities are these associated with?


22

The Invisible Web…ohhhh!

Did anyone see the invisible web slide….it was here a minute ago?

Welcome to: Forums and Mailing Lists

Many forums and mailing lists are not searchable through major search engines.

Opps…sorry Google


23

Forums & Mailing Lists

You can find forums on almost any topic and many online magazines and newspapers offer forums for readers to write opinions regarding published articles.

This information is called “the invisible web” as it contains information and data that is invisible to many since a very specific search is needed, often through meta-search engines or only directly on the website of the forum.


24

In Class Exercise 3

Find 3 computer security forums How did you find these forums? Can you determine the whole theme of

the website? Do the topics in the forums reflect the

theme of the website hosting them? Find 3 computer security mailing lists. Who is the “owner” of these lists? On which list would you expect the

information to be more factual? Why?


25

You snooze you news…

Which is older the web or news groups?

If you said my gym socks under you bed you are so right.

The correct answer is: NEWS GROUPS.

Guess who bought the ENTIRE archive of newsgroups and put them online at http://groups.google.com?


26

R.I.P

Newsgroups are not as popular and are steadily being replaced by new web services like blogs and forums.


27

In Class Exercise 4

Using Google's groups, find the oldest newsgroup posting you can about security.

Find other ways to use newsgroups - are there applications you can use to read newsgroups?

How many newsgroups can you find that talk about computer hacking?


28

What is de facto standard for sharing information?

The World Wide Web (WWW) You call it “the web” it’s real name is

Pneumonoultramicroscopicsilicovolcanoconiosis or

Web Services E-mail is a web service.


29

Do you have some cache I can borrow?

A cache is an area of memory on the search engine's server where the search engine stores pages that matched your search criteria.

http://www.archive.org What do you see? Cached versions of whole websites

from over the years.


30

You can trust me…honest!

Should you trust a web site that comes up in a search engine?

No WAY!


31

Trust must be earned!

WOT did he say? Web of trust (W.O.T) http://www.mywot.com WOT is a free Internet security add-on

for your browser. It will keep you safe from some online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.


32

Wait the internet is not safe...!?

Many hacker attacks and viruses are spread just by visiting a website or downloading programs to run.

Yes, Cute Fuzzy Bunnies 2.0 (may be a virus)

So do not download stuff from web sites you do not know.


33

Hi, you don’t know me but….

Can I have your credit card number….?

Do you use face book or My Space? Put down you date of birth? Home Address? Best friends real name? Other personal information?


34

In Class Exercise 5

Google if Facebook & My Space are secure.

What did you learn? What do you think now? Going to make any changes on your

Facebook & My Space page? Rule of thumb:

Do not post anything you do not want your mother to see.


35

Group Exercise 1

Open www.google.com Type: “allintitle: "index of" .pdf” Click on a link in the results and you

should find one that looks like a directory listing. Example: Index of /pub/irs-pdf/

This is called “Google hacking”


36

In Class Exercise 6

Find 3 more directory listings which contain .xls files and .avi files.


37

Can you search for searchs?

Yep! http://www.searchengine.comFind 10 search engines which are NOT

meta search enginesSearch for “security testing and

ethical hacking” and list the top 3 answers

Search for the same without the quotes and give the top 3 answers. Are they different? Why or Why not?


38

How to search smarter

I am looking for a online resource of magazines for ethical hacking

Type in all this into the search bar One gets a lot of results If I was to make such a resource, what

information would be in there and what key words could I pick from that information?

Now try “Ethical Hacking”


39

In Class Exercise 7

Search for the following using smart search techniques. my favorite list of magazines on ethical

hacking list of ethical hacking magazines resources for ethical hackers ethical hacking magazine magazines ethical hacking security list

resource


40

In Class Exercise 7.1

Find the oldest website from Mozilla in the Internet Archive.

How? Go to http://www.archive.org Search in: www.mozilla.org


41

Are you chatty or just clam chowder?

Which is older: AOL Instant Messeging, Internet Messenger or Internet Relay Chat (IRC)?

Research it…


42

In Class Exercise 8

Find 3 chat programs to use for instant messaging. What makes them different? Can they all be used to talk to each other?

Find out what IRC is and how you can connect to it. Once you are able to connect, enter the ISECOM

chat room as announced on the front page of http://www.isecom.org How do you know which channels exist to join in IRC?

Find 3 computer security channels and 3 hacker channels. Can you enter these channels? Are there people talking or are they “bots”?


43

Robot or Bot?

What is a bot? (roBOT) A program used on the Internet

that performs a repetitive function such as posting a message to multiple newsgroups or searching for information or news. Bots are used to provide comparison shopping. Bots also keep a channel open on the Internet Relay Chat (IRC). The term is used for all variety of macros and intelligent agents that are Internet or Web related. See botnet, spambot and agent.


44

P2P or PsP?

What do you think P2P stands for?Peer to Peer P2P, is a network inside the Internet P2P computers communicate directly

with each other through a network or the internet.

Do you know what Sneaker Net is?


45

P2P

Most people associate P2P with the downloading of mp3s and pirated movie (bad!)

P2P networks can be a vital resource for finding information

There are also a lot of files on these networks that shouldn't be there. Don't be afraid to use P2P networks, but be aware of the dangers.


46

Next time…more!

Windows Command LineLinux!Hardware….101! IRON Geek! (kind of like Iron

Chef) Much much more…..

Lesson 1

Documents

origianl hacker high

good hacker

youth technology corp2

youth technology corp3

youth technology corp4

youth technology corp5

youth technology corp6

youth technology corp7