The revolution in the ICT industry has do much good in how we handle business and even communicate. The computer, tablet and mobile phone have become a window to the globe if not the universe. In all this blessing, there is someone who has malicious intent to make sure that they internet is not as safe as anyone would want it to be. I am not talking about the online pervert who is geared towards corrupting morals. It is the hacker I am talking about here. With cloud computing becoming the trend in the ICT arena, the threat is even bigger.
There are many threat methods that hackers use to pose threats to internet users. Three major categories however are:
- Buggy programs.
- Unsafe programs.
- Misconfigured programs.
Buggy programs are the kind of programs that are designed and properly configured but have flaws in the implementation and coding aspects. This is what gives leeway for the hacker to remotely exploit your system. There are two ways to this; parsing errors and buffer overflows.
Buffer overflows are errors in programing where the program writer creates a buffer to store remote input data without checking on the length to see whether it fits well. A hacker can then send more data to the buffer which will include malicious executable data that gives the hacker access to your machine. Parsing errors on the other hand occur when the contents of remote input data aren’t properly checked. This happens when a web server allows a hacker to view html files that are not allowed to be viewed. Here, the hacker gets access to information like usernames and passwords which are then used maliciously.
These are the kind of programs that are generally unsafe for use in the internet due to their design. These are easily exploited by hackers as they either send the username and passwords unencrypted over the internet or use IP addresses of users for verification. This information is easily picked up, replayed and used for access by the hacker.
Misconfigured files are designed with safety in mind but they need the security features enabled or configured to be active. A good example is a program that allows you to export a file system in read-only mode which is safe but then you will have to configure to this option manually. In the event this is not done, the file system is exported in write-read mode that gives the hacker an occasion for a break in.
It is note-worthy that hacker target has shifted from network and company servers to personal computers. This is because, first; they contain user names and passwords use to access specific servers. Secondly, the PC is a good and available source of machine from where to launch a Distributed Denial of Service attack. More concern is also shifting to the client security by servers. This is because most staged on the server originate from loop holes that have been created by a client using a personal computer.