Seminar #5

Date: 24-Mar-2011

Venue: Lecture Room 2, N28

Speaker: Mr. Nizam Kassim

This time seminar was very interesting. To be honest, I think this was the only seminar topic that I gave 100% or maybe more attention! I even jot down almost 7 pages! ;)

Perhaps because of the topic, or perhaps the speaker contributes to this excitement in listening from beginning till end..

The talk was given by Mr. Nizam Kassim, experienced guy from Cyber Security Malaysia (CSM). Topic was about security & hacking.

I guess he got so many things to share, so sometime he jumped from point to point.. so if my writing is behave like that.. it's not my fault ok, I just followed his point. ;)

Ok, he started his talk with password issue. How strong is our password? How many of us sharing the same id & password with many applications? He recommend us to use 'password checker' to check password strength. We may use online software by Microsoft. I would never forget what he said.."password is like underwear, do not show. do not share." ;)

many hacking tools could be used to gain others user id & password. Hacker could use key smart, wireless discovery & wireless sniffing. All this tools could provide hackers with user password in clear text.

 

He continued by talking following his slides, started with classification of hackers. Basically there are 3 types of hackers

 1. Black hat - Hacking for negative purpose

 2. White hat - Hacking for positive purpose

 3. Grey hat - Could hack for both positive/negative purpose depends which give advantage to the hacker

There are 2 types of hacker's skill set.

 1. Script kiddies - use free tools from internet --> have limitation

 2. Skilled groups - develop their own tools

How Hacker thinks?

 1. Reconnaissance--> 2. Scanning --> 3. Gaining Access --> 4. Maintaining Access --> 5. Clearing Tracks

 

Then he briefly explained on the following legendary Hackers. 

 1. Kevin Mitnick - expert in exploiting human

 2. Malicious hackers - could be anybody

 3. Reformed hackers - Dark Dante, Captain Crunch, Captain Zap

He said, to be a hacker, one should have DETERMINATION! goals, persistence.

Some hackers hack for good purpose... We may visit some of the website or search for..

- hacker for charity.org

Ethical hacker (security professional)

 - metasploit

 - Kevin Johnson

 - Will hack for sushi

 - Escobies

 - InGuardians

Hacking Principles

 - Technology weaknesses

 - Human weaknesses

Hackers sees vulnerabilities from 4 point of views

 - Platform

 - Applications

 - Human

 - Access

Hackers may stealing info from victim or launching attack platform.

He then talk about available trainings that recommended to be an ethical hackers.

He stressed about wireless security issues. Especially free wifi. He briefly explained on wifi network environment, possible attacks & most target application. He suggested all of us to purchase commercial anti virus instead using free software as it is only have limited features, thus less protection.

He continue his talk with malware revolutions, starts from stand alone virus -> worms -> Zombies/trojan -> targeted attacks.

Jumped to Human based attacks & the scenarios which categorized as follow

 1. Internet banking

 2. Credit card scamp

 3. Cyber scamp

Webcam could also turn on remotely, as such he recommended us to cover the webcam if not in use.

Before breaks, as summary, he recommended us to update knowledge about security issue and take action towards it to avoid being a victim.

After the breaks, he explained further details on Wireless frequency. The topics included    

 1. Wireless standard & organization

 2. Physical layer transmission technology

 3. RF Fundamentals

 4. Wireless Threats

 5. Wire vs wireless threats

 6. Wireless attacks

He also talk about wireless discovery, sniffing & mapping. He advised us if to become hacker, we must learn Linux.

As we are all now doing our mini project in wireless security, many of us familiar wit netstumber. He informed us that we could locate/map our location in netstumbler to google  earth using software named Knsgem. This software will translate location from netstumbler log to google earth location.

Due to limitation of time, he could not show us how its been done. We all very frustrated as we want more from him.. :( 2 hours seems flying away very fast.

Prof. Hannan informed us that we will organize another talk with Mr. Nizam in some other time before study week.. He will keep us informed on the confirmation date & time.

Until we meet again Mr. Nizam. Thanks a lot for all the knowledge shared. It's very interesting & valuable. Thanks again & see you again.. soon... ;)