I'm just going to let my mind run on auto control for now. Please ignore the next few sentences.

I procrastinate a lot.  I think of something cool, but then I loose interest. When I do continue to have interest, it seems that somehow some unknown force causes it to fail.  And then, out of the blue comes another wacky yet interesting idea. But I can't follow through because the unknown force comes back.

StarCraft is pretty fun. I wish more people could realize that not all old games are bad. Most are better than recent games. 

I have a three drawers below my computer, all of which are full of assorted junk.  Along with my room, too. Full of crap. I've attempted to clean my room once, but it always goes back to its messy state. My dad insists I continue to clean it regularly, but it really doesn't help much.  It's like as if a tornado lived in my room.  It must be evil, since it only destroys my room and no other ones.  And ugly too, because it's jealous that it doesn't have a room for itself.  I wonder if it has any siblings.

I've always thought of life as an equilibrium.  For each talent or positive feature something has, there's always a negative side that contrasts it. Smart, mathematical people tend to be slightly unattractive (but isn't always the case),and nonacademic people tend to be athletic (but isn't always the case either). It just happens a lot, but not always.  But it's always equal. I believe in karma, because it happens to me a lot.  If I happen to choose to do an action I would usually regard as wrong, I'll most likely get paid back with an awful day, and vice versa. It reminds me of a game. Plus, I often achieve great things when I'm not consciously thinking about it.  For example, I was able to win a game of poker at Chris' birthday party (the party was fucking epic) and I never thought I would have won.  I never thought of winning, but I didn't doubt it either. It was like I had a blank mind.  This happens to me a lot, where my mind just goes on auto control and something goes right.  It's nice.  But I rarely go on auto, because I'm always thinking about stuff.


Since it's the Super Bowl and my dad wants me to play some board game with him and our guests at our house, I guess this is a good time to say farewell.


The Basics of Hacking and Viruses
THIS IS FOR EDUCATIONAL PURPOSES ONLY (although I know readers will ignore this)



In the hacking world, there are 3 groups of hackers, distinguishable by their nonexistent colored hats:
  • White Hat 
    • These are the "good guys" who help people out with their computer problems.

  • Grey Hat
    • A mixture of white and black, these hackers can either do both white and black hat hacking, or black hat hacking and then white hat hacking. For example, let's say a website has an exploit. The grey hat would use the exploit to hack into their website, but wouldn't cause any harm; only notify the admin that there is an exploit on their site.

  • Black Hat
    • The worst of them all, Black Hats hack to steal and steal to hack... if that makes any sense at all. They're the ones who could possibly steal your credit card info, crash your website, etc. You don't want to get on the bad side of these guys. 
Hacking can be ILLEGAL, but only if you break into unwanted areas, such as websites that are not yours, computers that are not yours, you get the point. It's like robbing; it's illegal only when you steal/break in from somebody else.


There are hundreds of different things to hack, and there are hundreds of ways to hack them. Here are the basics:
  • Exploiting/Injection - Using problems or holes/faults in the victim to gain access.
  • Flooding/DoS/DDoS - Using programs or multiple computers to send trillions of bytes to one location in an attempt to overload it.
  • Brute Forcing - Using programs to try to access protected areas by guessing the password from a list or by words in the alphabet thousands of times a second. 
  • Cracking -  Changing code inside the victim to gain access.
  • Phishing - Tricking victims into entering personal data about themselves.
  • RATing - Using programs called RATs to gain access to a victim's computer through a back door and control it.
 Exploiting/Injecting
 All exploiting and injecting I can think of is used on websites. To exploit, hackers use scripts that trick the website into thinking the hacker is admin, or doing something only an admin can do, going the hacker power over parts or all of the site.
Exploiting/injecting can be done with programming code such as PHP, SQL, Javascript, basically anything that can write a website can be used to exploit a site. Example seen at right (drawn by me, like those drawing skillz?)
















Flooding/DoS/DDoS
 DoS (Denial of Service) and DDoS (Distributed Denial of Service) are powerful attacks that can be dangerous when used correctly. What it is, is basically the hacker sends trillions of billions of data to one location in an attempt to slow or shut the victim down. the victim can be a website, computer, or anything that has an IP address.
The difference between DoS and DDoS attacks is DoS attacks are by one person, whereas DDoS attacks are Distributed, as in across many computers. In DDoS attacks the hacker usually has control over all the victim's computers, nicknamed "Zombies". The Zombie are controlled by the hacker, the "Leader". The Leader sends commands to all the Zombies to ping, or send data to, one location. DDoS attacks are MUCH stronger than DoS simply because there are so many more attackers.

Example drawing of control at left, and example DoS program at right (the creator of that program mistakenly typed DDoS at the title instead of DoS since it can't control zombie computers).














Brute Forcing
Brute Forcing is slow, ineffective, and easily detected by a victim. A hacker would most likely use this as their last resort to attack a victim.
It's so ineffective because it needs to use either a dictionary (giant list of words in a text document), or guess random letters/numbers. Rarely do you ever see someone get brute forced, because they get caught so easily. The brute forcer tries to guess THOUSANDS of passwords per second, so of course the victim would know the hacker is trying to brute force because they look at the logs and see that someone tried to log in thousands of times.
















Cracking
Used mostly on programs, cracking can be either patches (modifications to a program that can be downloaded and installed) or manual code changing (often with hex editors). hex (Hexadecimal) is a number system that counts by 16 values, in contrast to the decimal system that counts by 10 values (0-10), and  uses the alphabetic letters A-F to represent the 6 values past 9. For example, counting in hex would be:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0A, 0B, 0C, 0D, 0E, 0F, 10.


All computer files are able to be edited in a hex editor, and when in hex, the file contains such code like:

48 65 6C 6C 6F 2C 20 79 6F 75 72 20 61 72 65 20 72 65 61 64 69 6E 67 20 74 68 69 73 20 74 65 78 74 20 6F 6E 20 4F 63 74 6F 70 69 27 73 20 62 6C 6F 67 2E
(That text said "Hello, your are reading this text on Octopi's blog.") Most files can be edited in hex and able to be executed again, but some cannot. I'm not very knowledgeable about hex editing, but it requires a lot of knowledge on how to do it.

However, there are many patches of programs that can be downloaded off of the internet such as Photoshop, Vegas Pro, Call of Duty, etc. Most of them are ILLEGAL because it's allowing people to use programs for free that should be paid for. Plus, most of cracks of programs are disguised as viruses or RATs (see the section on RATs below), so make sure that if you decide to use a crack, download from a reliable location. ThePirateBay.org is a torrent site that provides pretty clean cracks.

Phishing
 Phishing, like it's name suggests, "hooks" victims like a fish to give the hacker their personal information. The victim gets tricked into thinking it's the legitimate website, but it's actually the hacker's website. When they attempt to log in, the website sends those credentials to the hacker.
Most phishing attacks are done by the hacker mass emailing thousands of random emails a fake website account email. Almost everyone who has an email gets spam, and I'm sure you've gotten one of those emails that say, "Your bank account has had suspicious activity! Log on here: http://www.hackersite.com/bankofamerica". That is a phishing attempt.

It's pretty easy to tell if an email is a phishing attempt, by following these rules:

  • If the email has spelling/grammatical errors, it may be an attempt.
  • If the URL of the website the email sends you is fraudulent, then it's definitely a phishing attempt.
    • To tell if a URL is fake, make sure that the domain is real.
      • Real: http://login.wellsfargo.com/
      • Fake: http://wellsfargologin.qibgh3.com/
      • ALWAYS check the subdomain and domain before visiting a suspicious link.
    • For example, if you get an email from Wells Fargo, make sure the DOMAIN is Wells Fargo, not something else. 
  • A email without images that tries to get you to log into a website is usually the case of a phishing attempt. However, hackers are getting smarter and disguising their emails with images that make the email appear real. But remember, ALWAYS check the URL.
At right: Fake email attempting to lure the victim into logging on to a fake eBay website. Notice how the hacker puts the image at the top to make it appear real.
 

    RATing
    This type of hacking is my favorite :D RATs are programs that install trojans on victims computers, giving the hacker access to them. Once they get access, they can do basically whatever they want, whether it's harassing them, changing their background, watching their screen, or even wiping their hard drive.
     Most RATs are easy to detect because they're used so often, but hackers now use crypters to stop anti-virus programs from detecting that it's a hacking program.  For example, scanning an infected file would come up in a result like this:

    File server.exe received on 2010.01.18 07:16:13 (UTC)
    AntivirusVersionLast UpdateResult
    a-squared4.5.0.502010.01.18Riskware.Win32.DelfInject!IK
    AhnLab-V35.0.0.22010.01.16-
    AntiVir7.9.1.1422010.01.17TR/Spy.Gen
    Antiy-AVL2.0.3.72010.01.12-
    Authentium5.2.0.52010.01.16W32/Downloader.C.gen!Eldorado
    Avast4.8.1351.02010.01.17Win32:Buzus-IV
    AVG9.0.0.7302010.01.17Generic15.AZNC
    BitDefender7.22010.01.18Generic.Malware.SPV!PkWk!.92DC6447
    CAT-QuickHeal10.002010.01.18Trojan.Mepaow.jty
    ClamAV0.94.12010.01.17Trojan.Killav-109
    Comodo36212010.01.18Heur.Packed.Unknown
    DrWeb5.0.1.122222010.01.18Trojan.Apocalyps.1
    eSafe7.0.17.02010.01.17-
    eTrust-Vet35.2.72432010.01.18Win32/Dowque.AXR
    F-Prot4.5.1.852010.01.17W32/Downloader.C.gen!Eldorado
    F-Secure9.0.15370.02010.01.18-
    Fortinet4.0.14.02010.01.18-
    GData192010.01.17Generic.Malware.SPV!PkWk!.92DC6447
    IkarusT3.1.1.80.02010.01.18VirTool.Win32.DelfInject
    Jiangmin13.0.9002010.01.18Trojan/Mepaow.gv
    K7AntiVirus7.10.9492010.01.16-
    Kaspersky7.0.0.1252010.01.18-
    McAfee58642010.01.17BackDoor-EIL
    McAfee+Artemis58642010.01.17BackDoor-EIL
    McAfee-GW-Edition6.8.52010.01.17Trojan.Spy.Gen
    Microsoft1.53022010.01.18VirTool:Win32/DelfInject.gen!L
    NOD3247812010.01.18a variant of Win32/Lypserat.A
    Norman6.04.032010.01.17-
    nProtect2009.1.8.02010.01.18Trojan/W32.Mepaow.73216.G
    Panda10.0.2.22010.01.17Suspicious file
    PCTools7.0.3.52010.01.18Trojan.IRCBot
    Prevx3.02010.01.18Medium Risk Malware
    Rising22.31.00.032010.01.18Backdoor.Win32.Undef.fcl
    Sophos4.49.02010.01.18Mal/Behav-010
    Sunbelt3.2.1858.22010.01.17RiskTool.Win32.ProcessPatcher.Nor!cobra (v)
    Symantec20091.2.0.412010.01.18W32.IRCBot.Gen
    TheHacker6.5.0.6.1542010.01.18-
    TrendMicro9.120.0.10042010.01.18PAK_Generic.001
    VBA323.12.12.12010.01.17Trojan.Win32.Mepaow.jrk
    ViRobot2010.1.18.21412010.01.18-
    VirusBuster5.0.21.02010.01.17-


    Whereas a crypted RAT would return results like this:
    File Keygen.exe received on 2010.02.03 07:09:18 (UTC)
    AntivirusVersionLast UpdateResult
    a-squared4.5.0.502010.02.03-
    AhnLab-V35.0.0.22010.02.03-
    AntiVir7.9.1.1562010.02.02-
    Antiy-AVL2.0.3.72010.02.02-
    Authentium5.2.0.52010.02.03-
    Avast4.8.1351.02010.02.02-
    AVG9.0.0.7302010.02.02Dropper.Small.CGH
    BitDefender7.22010.02.03-
    CAT-QuickHeal10.002010.02.03-
    ClamAV0.96.0.0-git2010.02.03-
    Comodo38022010.02.03-
    DrWeb5.0.1.122222010.02.03-
    eSafe7.0.17.02010.02.02-
    eTrust-Vet35.2.72782010.02.03-
    F-Prot4.5.1.852010.02.01-
    F-Secure9.0.15370.02010.02.03-
    Fortinet4.0.14.02010.02.03-
    GData192010.02.03-
    IkarusT3.1.1.80.02010.02.03-
    K7AntiVirus7.10.9632010.02.02-
    Kaspersky7.0.0.1252010.02.03-
    McAfee58802010.02.02-
    McAfee+Artemis58802010.02.02-
    McAfee-GW-Edition6.8.52010.02.02-
    Microsoft1.54062010.02.03-
    NOD3248302010.02.03a variant of MSIL/TrojanDropper.Agent.T
    Norman6.04.032010.02.02-
    nProtect2009.1.8.02010.02.03-
    Panda10.0.2.22010.02.02-
    PCTools7.0.3.52010.02.03Trojan.Generic
    Prevx3.02010.02.03-
    Rising22.33.02.032010.02.03-
    Sophos4.50.02010.02.03-
    Sunbelt3.2.1858.22010.02.03-
    TheHacker6.5.1.0.1772010.02.03-
    TrendMicro9.120.0.10042010.02.03-
    VBA323.12.12.12010.02.02-
    ViRobot2010.2.3.21692010.02.03-
    VirusBuster5.0.21.02010.02.02-
    As you can see, it can be dangerous when crypted files are sent out to the public. That's why its always good to have an anti-virus on your computer (I recommend AVG), because you don't always know when there's a virus on your computer.

    Here's a few screenies of different RATs.
    top