Hey All,

Here's a little General FAQ I put together. I want to put this to my site (in the computers section) but know that there are parts to it that I'm missing. Which is why I'm posting it here. Can you guys post stuff that I'm missing? Thanks.....

*Note: I posted this in the tutorial forum due to it's useful nature.....

------FAQ------

Q: What's the difference between a Hacker and a Cracker?

A: A hacker is almost a myth title now. In the late 70's and 80's, the title was a respected label
for those who were the computer savvy that knew the workings of computers. They knew how
they worked, and how to make them do things they weren't suppose to do. Crackers, are on the
same line, but have malicious intents (defacements, vadalism, theft). Nowadays, Hackers are
Crackers, all thanks to the media. Instead of using the proper labels, they used Hacker like
a buzz word. So now, there basically is no difference. Basically, it boils down to your intentions.

Q: I heard about White Hat Hackers, what are those?

A: The answer is simple. There are actually 3 types. White, Gray, Black. It works like the old
movies. White hat is a good guy, Black is a bad guy, and Gray is a shifty guy who does what
benefits him. This system of labels was created after the neutralization of the term Hacker by the
media. Does it work? meh... who knows, it seems to be used loosely on the net and chat boards.

Q: What's a newbie and a script kiddie?

A: Newbies are people new to a topic. It's not just towards computers this term, but it seems to
be used more often in this area. When you first start out, learning anything, you are considered a
newbie. Then, as your learning progresses, you leave the newbie label and become whatever label
you want, that being either White Hat Hacker, Security Guru, Admin, Junior Programmer, etc.
A Script Kiddie is a person (usually a young male, age 12 to 18) that downloads pre compiled
programs to create malicious intentions towards computers, servers, and websites. Sub7 is a
script kiddie tool, which creates a backdoor access to another persons computer. All a person
has to do is find this tool on the internet, install it on a victim's computer and work the rest.

Q: What's a phreak?

A: A Phreak is a person who "hacks" telephones. They will obtain phone priviledges that are suppose
to be not accessible to them. Most common methods of obtaining these services are with rainbow
boxes (different electrical boxes that emitt sounds via hz frequencies to the phonelines and switching
companies) For more information, see the tutorial section under Hacking.

Q: How do they do it?

A: It start by finding out an IP and trying to connect and viewing it's ports. Then, they'll search to
what possible vulnerabilities reside on that computer and how to exploit it.

Q: How do they get an IP?

A: Several methods. One way is a random IP Scanner which searches a range of ips (ie: from
192.0.0.0 to 192.255.255.255) Another method is by programs like ICQ or mIRC, which gives out
that information, unless otherwise configured.

Q: What is a vulnerability?

A: Basically a programming flaw. It's when a program is made to do something it's not suppose
to do. A hacker will make a service perform a certain task it's not intended to do and result in
the computer either crashing or granting full priviledges.

Q: Why would they do it?

A: It depends on their age. Younger hackers do it mainly for acceptance in a group and to obtain a label
of elite. (see movie Hackers for better understanding). Older people will have a personal aim, such as;
personal gain (services, access), monetary reasons, data theft, or fame.

Q: I've seen people use funny writing, why? (ie: h3770 = hello)

A: Back in the day, so called hackers would chat on bulletin boards and use restricted words. Because
board operators did not like it, they tried censoring it. Unfortunetaly for them, the savvy chatters substituted
letters for numbers. While the board ops tried to block all possible combinations, substitutions are just too
numerous for censorship, thus, the birth of so called "leet speech"

Q: What's a wargame?

A: A wargame is a server set-up by someone to allow other hackers test their knowledge in a legal
fashion. Instead of intruding personal computers, they hack public servers. Most will usually have
different problems to solve, or vulnerabilities to discover, until the next level.

Q: What's social engeneering?

A: Social engeneering is basically a con. It's the ability to speak to a person and get them to devulge
information that they wouldn't usually devolge to a strange. Such information would be either password,
user names, server information, calling numbers, etc. The method is basically talking to them like
if they know something or are someone they ain't (ie: a service rep, employee) Kevin Mitnick, well
known notorious hacker, is a form of pioneer in the field. His book, art of deception, is a perfect
read for this information.

Q: What's the difference between a virus, trojan, and worm. Aren't they all the same?

A: While in simple perspective, yes, it reality no. See they all have different purposes. A virus will write itself
onto your computer and replicate itself over and over on other files. It'll make chances and create odd
behaviours from your computer. A trojan is like the Trojan Horse. It's a smoke screen for a hidden agenda.
Just like the Romans, hidding warriors inside a statue, a trojan is a program hidden inside a program. While
you think this program is doing something, it's actually doing something else, like opening a port on your
computer for external access. A worm is a travelling virus. Most common are e-mail worms, which infect a
computer, read the address book and send out e-mails without the senders knowledge, infecting the
recipients.

Q: What is IP?

A: Internet Protocol. It's the mapping system of the internet and local networks (intranets).
It's what assigns numerical addresses to computers (ie: local is 127.0.0.0 echo) and
translates names to it's numerical address (ie: google.com to 196.123.12.30*)

Q: What is TCP?

A: Transmission Control Protocol. It control the transmission of your computer to others on
any type of network. It also takes care to re-transmit lost connections. Basically your
connection

Q: What is ISP?

A: Internet Service Provider. Basically, the people you pay your internet bill to. AOL, Prodigy,
Sympatico, and countless others are isps.

Q: What's a firewall?

A: A firewall is basically a gate keeper for your computer and it's communication ports. See your
computer uses virtual (as in not physical) ports to communicate with the outside world. Common
ports are 80 for internet surfing and 25 for e-mail. Firewalls know the common use for these ports
and when something fishy comes around, the guard will investigate the information and decide wether
it's authorized or not to access your computer. It's the first line of defence against hackers.

Q: What's a honeypot?

A: A honeypot is a program that monitors hackers activity on a certain computer. Like it's name, it
gets hackers stuck in a trap. It'll record the unauthorized activities of the hacker and place it
somewhere for the user to analyze later. This is a tool used to profile a hacker and report him to
the authorities.

Q: What's a port?

A: A port is a communication service on a computer. Typical ones are 80 for internet and 25 for
e-mail. A program uses this port to connect to another computer to run it's service. (like retreiving
e-mail from the server)

Q: What's a good password?

A: A good password is one that's long (more then 8), using many different characters
(alpha-numeric ie:3eDEs23), and that's not a dictionary word (ie: transport). The longer the
password, the harder to guess and brute-force attack. The more variation in characters the
better too. Using numbers and letters (with caps) and even symbols (&$@) are best.
Using non-dictionary words is best due to brute force using dictionary databases (some even
substitute letters for numbers as combos ie: c0mpu73r5) So something like this:
3hD&y43-3eSd would be best.

Q: What about Linux?

A: What about it? It's another OS for computers instead of Windows or MacOS. It's not user friendly
for those used to Windows or MacOS but is comparable to DOS. It's primarily good to use for
those interested in the networking and domain hosting sector. Home users can use it, but
switching from the other two is difficult. The upside for this OS is that it's free, as well as a good
portion of commercial software (WordPerfect, Gimp, Acrobat) So what should you do? Try it if
your up to the challenge. But remember that it is a challenge at first. Read up on tutorials and
join some online chat boards for guidance.

Q: Do I need to switch over to Linux to be a Computer Savvy or Hacker?

A: No. In the older days, yes. Because most networks ran off Unix/Linux, as well as most websites.
Now, it's a battle between Linux and Windows NT/2000. Is it more secure, many will argue so, but it's
got it's pros and cons. Just search the net for comparisons of the two. Nowadays, you can stick to
the Windows options of NT and 2000. They're more secure now then before, and are more widely used
then in the past. Linux is favored because of open-source, cost, and customizability.

Q: Am I safe?

A: Depends. What do you have protecting yourself and what are you protecting? A personal home user
whould be fine with a firewall (either software or hardware) and an antivirus. A small business needs to
implement hardware security as well as a loging system of network activity. Even then, with all this,
there are no guarantees. Your as safe as your intelligence. Use a weak password and you could be
victim. Employees leak out vulnerable information or install software on computers, you see....
Security measures are only as good as the settings and as the users behind it.

Q: Is my website secure?

A: It all depends on who hosts it and what kind of scripts (if any) and user inputs you allow.
Companies like geocities and freeservers try to keep their servers as secure as possible. If
it's a local commercial provider, the security range from poor to secure. Inquire what kind
of security protocols are in place to protect their server. As for scripts, some pre-written
scripts may leave vulnerabilities on your site, giving full access to your website and it's files.
Also, allowing users to input text on your site could cause a problem. If users can input
programming tags like html of javascript, the executed code could be malicious.

Q: What do I do if I got hacked?

A: Profile. And what I mean by this is gather as much information as possible about the
attack and the attacker. Note down everything that the attacker did, how he did it, and so.
Also, if possible, note his IP address (found in firewall logs, network logs). Once you've
gathered all this information, report it to the proper authorities. (ie: police, isp providers)
A good tutorial about profiling can be found here
http://www.antionline.com/hacker-profiling/?s=

Q: What kind of jobs are out on the market for computers?

A: Lots. I mean, it can range from webside designer, network administrator, network mapper,
programmer, tester, repairs, IT, etc. It goes on. There are so many departments to it, that they it
would be too long to enumerate. Just do a search at a college site or university to see what
they offer.

-------------

Like I said, any assistance is welcome....

Thanks