Pleeeez help a new user!!

[B-Man]

OK, I'll join in for my first post to this site.

I will begin by stating that I'm a definite newbie. My current job deals with setting up "secure" OS installs, configuring firewalls, and general network tasks (routing, authentication, troubleshooting, etc.) I've been using Unix for a year now and no longer feel like an idiot, although I would say I've moved up to beginner plus.

After seeing tons of security bulletins, I've started digging into how these exploits are done. Most of what I see involves hackers writing their own code. So, I've figured that I need to start learning to program if I'm to understand further.

I have two questions:

1) What language should I study for maximum benefit. Currently, I have a very basic understanding of Perl and C++. While I can code some stuff, it seems to take me longer than "computer science" people I know. My code may work, but I don't always believe it is done the best way.

2) What should be my first program? What would be a good beginning task for a newbie?

B-Man

[tearsofnight]

Well, I'd say that your first program should be "Hello World!", and then you should write smaller programs and gradually work your way up to writing a a database for something with a good user-interface, then toss in sockets and make it web-accessible. Once you have that up and running, re-write it from scratch. If you can do that then you know almost all aspects of programming and you'll be a much desired asset. Of course, I know nothing about programming, so I'll shut my lame-assed script kiddie mouth about it and leave the much superior NoNeckJoe to answer your question.

[Terr]

Originally posted by B-Man
OK, I'll join in for my first post to this site.

I will begin by stating that I'm a definite newbie. My current job deals with setting up "secure" OS installs, configuring firewalls, and general network tasks (routing, authentication, troubleshooting, etc.) I've been using Unix for a year now and no longer feel like an idiot, although I would say I've moved up to beginner plus.

After seeing tons of security bulletins, I've started digging into how these exploits are done. Most of what I see involves hackers writing their own code. So, I've figured that I need to start learning to program if I'm to understand further.

I would recommend getting Hacking Exposed (2nd ed). At least for me, it gave me a really good picture at what kinds of things are possible and common, and basic avenues of attack.

I would add that most DAMAGE is caused by kiddies using code made by others on computers that someone didn't bother to fix. Or, I should say, the most MEDIA ATTENTION, rather than damage...

[B-Man]

Hey, thanks for the responses!

For tears, I'm okay with simple control structures, arrays, pointers, etc. I was just wondering how to "specialize". If it's simply "become a complete programming guru", then I could face some problems since I already have one occupation.

For terr, I already own Hacking Exposed, but it seems that most of the stuff in there relies on tools written by others. While I'm not quite dead against "script kiddies", since regardless of their coding abilities, they can still obtain the desired results if they understand the tools fully.

I purchased Hack Attacks Revealed, but that is a glorified code listing without hardly any comments on what the code is doing. I'm not against whipping out the debugger and stepping through what it's doing, but I feel that that book was written to a programmer and not even a typical "security professional" since most of my more experience colleagues hardly even touch code and they've done a pretty good job protecting the large corporation I work for. We've had two security audits and no penetration attacks succeeded.

Some of my colleagues believe that I'm possibly wasting my time since they believe if you know what to protect, that is more than half the battle.

My response to them is that every computer professional can't be so lax and that some of these attacks are taking advantage, through code, of things that can't always be easily protected.

B-Man

[Lascaux]

Quick question: I never thought that being a "hacker" had to have anything to do with breaking into computers or necessarily defending them. I always envisioned a hacker a someone with excellent computing knowledge that compiled programs to help them with their everday tasks,used it to secure their box, and spread the knowledge to others. Just about anything that had anything to do with computers they were into and were always out to find more, learn more, and integrate it into what they had. Was I really THAT wrong ?
(Hmmmm that wasn't so quick, and really wasnt a question till the end there......)

[MrLinus]

You're aren't wrong. It's just a different view. The "Mass Media" has begun and continues to use the term hacker as a negative view point.

The original meaning, in terms of computers, is what your definition is. This has been bastardized now to mean someone who maliciously or surreptitiously gains access to computer systems (machine or whole networks) for their own purposes and usually, their own gain. This may mean to get credit card numbers, free hard drive space or defacement of web sites.

Additional to this was the creation of terms like phreaker (someone who uses the telephone systems without having authorization to do so. e.g., gain long distance access without paying or voice mail box on telephone systems that don't belong to them) and of course, crackers (persons who distribute "warez" or pirated software and/or serial numbers for software). I suppose now-a-days the term cyber attacker or attack is more apropos for those that attempt to violate systems.

Just my measily .001 cents worth (damn exchange rate).