What is on Your Mind?

hacker: n.

[originally, someone who makes furniture with an axe]

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

[...]

7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

Originally Posted by pludi

From the Jargon File:

Originally Posted by Neo

Update: Here is a link to Ed's book:

Counter Hack by Ed Skoudis

I am admittedly bias, since Ed and I worked together for around a year as a "team of four" security professionals traveling the world, making the world a safer place while drinking wine and eating cheese in between gigs

Originally Posted by Neo

making the world a safer place while drinking wine and eating cheese in between gigs

Editorial Reviews

Amazon.com Review

In defending your systems against intruders and other meddlers, a little knowledge can be used to make the bad guys--particularly the more casual among them--seek out softer targets. Counter Hack aims to provide its readers with enough knowledge to toughen their Unix and Microsoft Windows systems against attacks in general, and with specific knowledge of the more common sorts of attacks that can be carried out by relatively unskilled "script kiddies." The approach author Ed Skoudis has chosen is effective, in that his readers accumulate the knowledge they need and generally enjoy the process.

The best part of this book may be two chapters, one each for Windows and Unix, that explain the essential security terms, conventions, procedures, and behaviors of each operating system. This is the sort of information that readers need--a Unix person getting into Windows administration for the first time needs an introduction to the Microsoft security scheme, and vice versa. A third chapter explains TCP/IP with focus on security. With that groundwork in place, Skoudis explains how (with emphasis on tools) attackers look for vulnerabilities in systems, gain access, and maintain their access for periods of time without being discovered. You'll probably want to search online resources for more specific information--Skoudis refers to several--but this book by itself will provide you with the vocabulary and foundation knowledge you need to get the details you want. --David Wall

Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defenses. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes, and details a modus operandi that's typical of the bad guys.

Product Description

This informal, step-by-step guide will empower every network and system administrator to defend their network assets, whether or not they have security experience. It covers both Unix and Windows platforms, presenting in-depth descriptions of the inner workings of the most destructive hacker tools, and proven, step-by-step countermeasures. Skoudis begins by presenting the hacker's view of networks and their vulnerabilities, with especially detailed coverage of how hackers view the TCP/IP protocol suite. He introduces all five phases of hacking: reconnaissance (targeting of a network); scanning for network vulnerabilities; gaining access and exploiting the system; maintaining access; and preventing detection. Counter Hack presents in-depth descriptions of the most widespread and dangerous attack scenarios, and the most widely-used hacker tools, including war dialers, port scanners, firewall scanners, sniffers, session hijackers, and more. For all system administrators, network administrators, security specialists, and others directly involved in protecting network and computing infrastructure.