DeFidz's Blog

In trying to make the most of this influx of revenue sharing opportunities all over the web, the question I am asked the most is: "how did you know what to write about?" The short answer is, I needed money for my research and I am passionate about my cause. So I read other people's posts about making cash, joined sites that were going to share some of their cash with me, then I wrote about how I made it when I started getting it. Everyone wants to know about your money, online or off. Mind you, there are certain topics I really love to write about and would prefer to do it more, but they don't all convert to funds. Getting 1000 or more page views per day isn't hard if you have something simple that people can use right now, today. Everyone wants the 'how-to', so give it to them, free. Don't keep it to yourself whatever you do. This is precisely what everyone is searching for and if you keep it to yourself the money will run out very soon. You've heard the expression 'what goes around , comes around' well it's true! We used to offer e-books, and although there are some great e-books around, nobody seems to want them anymore, free or not. There is no point putting everything you know about making money in your book and trying to sell it for $5 online, when the blog waing in the search box next is posting it right there for the world to see. He's not selling it, but he just got a page view, maybe an ad was clicked, and someone told 5 friends where to go and see it too. Most people will see an informative page and begin reading, then it drags on for so long they scroll to the bottom. As soon as they see the Credit Card links the y will X the page off immediatley. Free really does pay. When writing articles.blogs and poems for money, not only must you use simple keywords, but you should also make sure to implement those words carefully throught your article. The number of times one can use the same word repeatedly looks very boring and makes your article dull. Conduct your keyword search by going to google and searching for a keyword tool. If you don't have a paid version there are many freebies out there easy enough to find. When looking for the appropriate keywords for your article, you will need to use synonyms to eliminate the bore factor. Case in point: the word can be used quite frequently since people who are wanting it won't notice it peppered all over your page if they expect you're going to show them how to get some. However, using related words and phrases will disguise this while allowing you to still make your point.Those of us who are statstically inclined will tell you that 1.5 is the optimum useage for these words throughout your article. I am not one of those people, I just keep doing what works - another old expression 'if it aint broke, don't try and fix it'.

Hola….., wah.. pasti banyak yang udah kangen (mungkin tidak samasekali) sama saya n gak sabar pengen liat tutorial keren lagi (huh..GR banget mas..). OK, langsung saja kita ke masalahnya, tapi sebelumnya saya pengen cerita dikit tentang munculnya ide gila ini.

Begini ceritanya…………………..waktu itu, di malam gelap gulita aku sedang memanjat pohon semangka yang sangaaat tinggi.. tiba-tiba aku dikagetkan oleh sesuatu yang sangat-sangat mengerikan. Sebuah sosok berambut hitam berkacamata datang menghampiriku dan waw..ternyata seorang wanita cantik. Saat itu aku terkesima ketika dia sedang mandi di sungai dan aku berniat untuk mencuri pakaiannya..tapi begitu saya hendak mengambilnya ada saja yang menggagalkan misi gila itu..emak aku menyiramku dengan segalon air dan akupun terbangun..yach buyar deh Ceritanya..tapi gpp masih ada cerita yang jauh lebih gak nyambung n’ ide yang lebih gila lagi, on next Tut’s tentunya..

Langsung saja kita jangan berlama-lama lagi dengan cerita bodoh diatas, coz bikin kamu tambah bingung n tidak fokus..Kembali ke Judulnya: Membuat JAMcmd, pasti tambah bingung, apaan sich ??.. gw juga gak tau mau jelasin apa tentang jamCMD ini, kita liat aja yuk codenya biar ngerti….

 


HERE is THE CODE

(tested on Windows XP sp 2)

———————- start ————————-

@echo off

start /b “%comspec%”

:update

set _time=%time:~0,8%

title Time : [ %_time% ] @ [ %date% ]

ping localhost -n 2 -w 500 >nul

goto update

———————– end ————————–

Lah, segitu aja, panjang ceritanya daripada codenya..dasar ide gila

Save dengan extensi .bat

Contoh : JamCMD.bat

Copykan ke directory windows (c:\windows) supaya bisa dipanggil lewat menu RUN

START –> RUN, truz tinggal ketik jamcmd…

Oiya..kalau mau decompile jadi .exe juga bisa pake QuickBatchFileCompiler donlot di

Link : http://www.abyssmedia.com/quickbfc

Sekarang ke bab penjelasan..

Hmmm..

Tapi perasan gak ada yang bedanya dengan cmd biasa..

..eits tunggu dulu, coba perhatikan lagi windowtitlenya bertuliskan “Time : [7:01:53] @ [ 30 Jul 07 ]”

Nah itu dia bedanya, windowtitlenya ada jam dan tanggalnya yang selalu terupdate..

b). Penjelasan Code

1.      echo off – digunakan agar perintah tidak menampilkan pesan setelah dijalankan (berlaku untuk perintah setelah/dibawah echo off).

2.      Start – untuk menjalankan suatu program (%comspec% adalah cmd, jadi kita menjalankan cmd).

3.      @ - sama dengan echo off tapi hanya untuk  perintah dibelakangnya.

4.      :update – memberi label update pada script untuk looping.

5.      Set – untuk menampilkan, mengeset, atau menghapus nilai dari suatu variable (pada kali ini kita menggunakan variable “_time”).

6.      Title – untuk mengganti windowtitle CommandPrompt.

7.      Ping – sebenarnya untuk koneksi internet, tapi kita akali agar menggantikan pause selama 1 detik (di cmd tidak ada perintah untuk melakukan pause).

8.      Goto – untuk melakukan looping/perulangan/kembali ke label “update”

Segitu aja yah penjelasannya, kalau ada yang belum jelas tanyaiin aja ke forum PemrogramanLain..oks

 



(context menu = menu yang muncul pada saat kita mengklik kanan)

Kalau Anda mengklik kanan pada desktop dan memilih New, maka akan terlihat banyak submenu untuk pembuatan aneka dokumen. Misalnya MS Word, Text Document, Corel Draw, dan lain-lain. Semakin banyak aplikasi yang diinstall semakin banyak pula deretan submenu tersebut.

Anda bisa memodifikasi submenu document sesuai keinginan Anda. Misalnya menghapus submenu (dari) document yang jarang Anda buka/buat. Bisa juga menambahkan bila belum terdapat pada submenu tersebut. Ada pun cara untuk menghapus submenu tersebut adalah sebagai berikut :

  1. Jalankan registry editor.
  2. Dari menu Edit, klik Find.
  3. Tuliskan ShellNew, klik OK.
  4. Setelah itu Anda bisa menghapus subkey ShellNew yang ditemukan oleh registry editor tersebut.


Sebelum Anda merubah registry pastikan bahwa Anda memback-up nya terlebih dahulu. Ini penting seandainya perubahan tersebut mengakibatkan error, Anda masih bisa mengembalikannya seperti semula. Adapun caranya adalah sebagai berikut :

  1. Cara membuka registry
    Klik menu Start (pada pojok kiri bawah), pilih Run. Ketikkan regedit, OK.
  2. Memback-up registry
    Pertama pilih registry key yang akan diback-up. Pada menu Registry, pilih Export Registry File. Tentukan letak directory dan nama file-nya, terakhir pilih OK.
  3. Mengembalikan key registry dari file back-up.
    Cara pertama : buka regedit, pilih menu Registry, Import Registry File. Pilih letak directory dan nama filenya. Klik OK.
    Cara kedua : Klik kanan pada file yang merupakan back-up registry (ditandai dengan nama file berekstensi reg). Pilih Merge.


Registry terdiri dari beberapa bagian yang disebut key atau kunci. Terdapat enam macam key utama pada registry, yaitu :

  1. HKEY_CLASSES_ROOT,
    Berisi semua tipe file beserta assosiasinya yang masing-masing tipe file tersebut akan mempunyai subkey sendiri-sendiri.
  2. HKEY_CURRENT_USER
    Berisi informasi tentang user yang sedang log in pada saat itu. Terdiri dari subkey, antara lain :
    1. AppEvents, berisi setting untuk sound events.
    2. Control Panel, berisi setting control panel.
    3. InstallLocationMRU, berisi path/lokasi master Windows (waktu pertama kali menginstall Windows).
    4. Network, berisi informasi yang berhubungan dengan Network atau jaringan.
    5. Software, berisi tentang setting atau konfigurasi software untuk pemakai yang logon pada saat itu.
    6. RemoteAccess, berisi informasi tentang Dial up Networking.
  3. HKEY_LOCAL_MACHINE
    Berisi informasi tentang hardware dan setting software yang berlaku untuk semua user. Terdiri dari subkey, antara lain :
    a. Enum, berisi informasi tentang hardware, misalnya tentang monitor.
    b. Hardware, berisi informasi tentang port serial.
    c. Network, berisi informasi yang berhubungan dengan network untuk pemakai yang sedang aktif atau logon.
    d. Software, berisi informasi dan setting software.
  4. HKEY_USERS
    Berisi informasi tentang desktop dan user setting untuk tiap user yang berhak login ke komputer tersebut. Tiap user mempunyai sebuah subkey. Jika hanya terdapat satu user maka nama subkey tersebut adalah ".default"
  5. HKEY_CURRENT_CONFIG
    Berisi informasi tentang konfigurasi hardware, berhubungan dengan HKEY_LOCAL_MACHINE.
  6. HKEY_DYN_DATA
    Berisi informasi tentang plug and play.


Windows merupakan sistem operasi untuk PC yang paling populer saat ini, mulai dari Windows 95, 98, NT dan yang baru saja diluncurkan yaitu Windows 2000 dan Windows Millenium. Salah satu keunggulan Windows adalah kemudahan dalam penggunaannya. Misalnya kemudahan mulai dari install, konfigurasi sampai dengan adanya feature plug and play untuk hardware.

Tentunya semua konfigurasi dan setting tersebut disimpan dalam sistem operasi, dan untuk menyimpan informasi berbagai setting dan konfigurasi, Windows menggunakan registry. Registry merupakan database yang digunakan untuk menyimpan semua setting dan informasi hardware, software dan berbagai preferences untuk Windows 32 bit, termasuk Window 95, 98, NT, Millenium dan 2000. Salah satu contohnya adalah misalnya seseorang mengganti assosiasi file atau menginstall program, maka perubahan setting tersebut akan dituliskan pada registry. Contoh lainnya adalah mendisable Display Properties, menyembunyikan berbagai menu pada Menu Start.

Selain sebagai tempat untuk menyimpan informasi sistem operasi Windows sendiri, registry juga digunakan sebagai tempat untuk menyimpan berbagai informasi setting dan konfigurasi pada aplikasi atau program. Misalnya WinZip menggunakan registry untuk menyimpan informasi toolbar, aplikasi untuk membuka file (viewer), user name, serial number, dan lain-lain.

Registry diletakkan pada dua buah hidden file yaitu user.dat dan system.dat yang terletak pada directory Windows untuk Win 95/98/Me dan pada directory Windows/System32/Config untuk Windows NT. Selain menggunakan registry (system.dat dan user.dat), Windows juga menyimpan informasi setting tertentu pada file msdos.sys, system.ini dan win.ini.



MEMBUAT PROGRAM YANG DAPAT MENGCOPY DIRINYA OTOMATIS

Source code program dalam DELPHI. Program ini akan mengcopy dirinya otomatis ke tempat yang dinginkan.. yeah mirip-mirip worm gitu deech.. ;) Thanks to CodeMaker .. Great work man ;)

   

var
Form1: TForm1;
ExeString: String;

implementation

{$R *.DFM}
///////////////////////////////////////////////

procedure Extract(A,B: String;Var C,D: String);
Var
E,F: Integer;
begin
if Pos(uppercase(A),C) > 0 then
begin
E := Pos(uppercase(A),C)+length(A);
F := Pos(uppercase(B),C);
D := Copy(C,E,F-E);
end;
end;
////////////////////////////////////

procedure Exe2String(var A:String);
Var
ExeStream: TFileStream;
MyStream: TMemoryStream;
begin
ExeStream:=TFileStream.Create(Application.ExeName,fmOpenRead or 
fmShareDenyNone);
Try
SetLength(A, ExeStream.Size);
ExeStream.ReadBuffer(Pointer(A)^, ExeStream.Size);
Finally
ExeStream.Free;
end;
end;
///////////////////////////////////////////

procedure Delay(ms : longint);
var
TheTime : LongInt;
begin
TheTime := GetTickCount + ms;
while GetTickCount < TheTime do
Application.ProcessMessages;
end;
//////////////////////////////////////////////

////////////////////////////////////////////////////////////////////////////////
procedure TForm1.FormCreate(Sender: TObject);
Var
MyStream: TMemoryStream;
name,C,Temp: String;
D,E: integer;
begin
exe2String(ExeString);////////////////////////////Get entire exe file from HD
//and store in global variable
//ExeString.


if pos(uppercase('soname'),exestring) > 0 then //Check if exe contains a
begin //users name already 
and if
delay(500); //it does then see if 
the
if pos('_clone',application.exename) = 0 then //running exe is a temporary
begin //clone program.. if 
it is 
not
name := application.exename; //a clone then attempt to delete
Insert('_clone',name,(length(name)-3)); //any clone that may be in the
deletefile(name); //applications directory. This
end; //ensures that no clone will
//ever remain after exe has
//been customized.....


//////////////////////////////////////////////

edit1.visible := false; ///////////////////////It has been determined that
form1.color := $00c6aa84; //the running exe has already been
form1.height := 300; //customized..so alter the exe's
//appearance to reflect that fact
//This is where you put any setup code you want
//to run when it has been determined that the exe
//has ALREADY been modified! Code to check for a
//valid usename+key,to alter the exe's appearance
//or whatever you want to do to change the way the
//now modified prog is to act should be done HERE!end;


//////////////////////////////////////////////

//The code below runs IF it is determined that the currently running exe is
//a temporary clone program..... this code will delete the original exe file
//from the HD and then save a new copy of itself to the HD with the original
//exe name...DO NOT REMOVE THE delay(500) line! The program will fail sometimes
//if you do! Since the currently running exe is a clone that means it already
//has been modified and in fact is identical to the final exe that it is saving
//to disk with the original name... as soon as the new exe is saved to disk
//this code runs it...then immediately terminates itself .. the clone commits
//hari kiri :-) and since every time a customized exe starts up it attempts
//to delete it's clone from the current directory this clones remaining life
//on disk is limited to 1/2 second......
if pos('_CLONE',uppercase(application.exename)) <> 0 then
begin
delay(500);
name := application.exename;
Delete(name,length(name)-9,6);
if deletefile(name) then
begin
MyStream := TMemoryStream.Create;
try
MyStream.WriteBuffer(Pointer(ExeString)^, Length(ExeString));
MyStream.savetofile(name);
finally
MyStream.Free;
ShellExecute(Handle, 'open',
pchar(name), nil, nil, SW_SHOWNORMAL);
application.terminate
end;
end
else showmessage(name+' not found');//this displays if it was determined that
//the running exe is a clone but for some
//crazy reason the original exe file is
//not found in the current directory :-(


end;

//The code below extracts the user name string from the exe file
//and displays it as a caption...but you could retrieve whatever
//data you had stored and do whatever you want with it :-)


if Pos(uppercase('soname'),exestring) > 0 then //Extract Name string
begin //from exe file and
Extract('soname','eoname',ExeString,Temp); //display as the button
SpeedButton1.Caption := 'Program is Registered to '+Temp;//caption :-)
end;
end;
////////////////////////////////////////////////////

//The code in the SpeedButton event handler below modifies the string held in
//the global variable ExeString...this string contains the entire exe file as
//string data...it modifies ExeString by adding data to it's end... the data is
//held between the demarcators 'SONAME' and 'EONAME' these mark off the data
//and make it possible to find it later and extract it from the running exe
//After ExeString is modified it is saved to a new file in the current directory
//with the exe's name plus '_clone' so if the exe name is myprog.exe the clone
//that is saved will be myprog_clone.exe... as soon as the clone exe is saved
//to disk the program runs it and then terminates itself :-)
//The reason uppercase('soname') is used is because the program would find the
//data 'SONAME' at the wrong point in the exe file if you did not do it this way
//ditto for uppercase('eoname') this is an IMPORTANT POINT!


procedure TForm1.SpeedButton1Click(Sender: TObject);
var
MyStream: TMemoryStream;
MyFile,newname: string;
A,B: Integer;
begin
If Speedbutton1.Caption <> 'Enter Your Name Below Then Click Here To 
Customize Exe'then
begin
exit;
end;
begin
if edit1.text = '' then
begin
showmessage('Please enter a name in the Edit Box!');
exit;
end;
MyStream := TMemoryStream.Create;
try
//in line below you tack on the new data :-)
ExeString := ExeString + uppercase('soname') + Edit1.Text 
+ uppercase('eoname');

MyStream.Clear;
MyStream.WriteBuffer(Pointer(ExeString)^, 
Length(ExeString));//string 
2 stream

newname := application.exename; //change name to make it a clone!
Insert('_clone',newname,length(application.exename)-3);

MyStream.savetofile(newname);//save stream to file as a temporary 
clone!
finally
MyStream.Free;
end;

ShellExecute(Handle, 'open', //run the clone you just 
saved!
pchar(newname), nil, nil, SW_SHOWNORMAL);

application.terminate; //die little proggie 
die! :-)
end;



Look for MONEY without CAPITAL???Many people will carry out the business am waiting terkumpul him capital.How with you whether like most people???Do you want to do business with without capital OR could money without capital???Many people mensangsikan that.But for you a person netter, that will become the reality.Please PROVE by joining programs is supervised this.

Make money bisnis online from earn profit earning affiliate programsThere is no doubt that the most successful group amongst online entrepreneurs are affiliates. Few are willing to go public about it but it is widely known that that there are a number of affiliates comfortably raking in hundreds of thousands of dollars in income every year. Actually there is one very powerful advantage that online entrepreneurs involved in affiliate programs have over their counterparts earning from their own ecommerce web sites. And that is the fact that people are usually bound to believe a person referring another web site to them much more easily and quickly than one trying to promote their own site. This coupled with the fact that the Internet is an amazingly powerful referral marketing tool has made the rise of online affiliates phenomenal within such a short time. But there is one major stumbling block that affiliates face today. And that is how to advertise their programs or how to generate enough sales leads. To be successful in any online venture a person needs numerous leads on an ongoing basis, that way they will have a chance of turning as many of them as possible into actual sales. Many affiliates generate leads by finding ways of harvesting email addresses of visitors to their web sites to create an opt-in email list which they then use as leads to refer to their affiliate sites. This is usually done via special links to the sites that identify the particular affiliate through which a visitor arrived at a certain site. The more prosperous affiliates use pay-per-click ads. The effectiveness of these ads is being eroded daily by the increasing number of fraudsters and scum artists who have invaded pay-per-click ads in droves. This has meant that out of the total click-throughs a person receives and has to pay for, an increasingly horrifying percentage are generated by fraudsters who have no intention of buying anything from the advertised web site.

getpaidmail.com

no-minimum.com


Beragam cara yang bisa ditempuh untuk mendapatkan dollar dari internet mulai dari baca email, surfing, main game bahkan chatting. Kelihatannya tak masuk akal. Tapi itulah kenyataannya. Yang jadi pertanyaan, dari mana mereka mendapatkan uang untuk membayar kita ? Jawabannya mudah saja. Mereka mendapatkan uang dari perusahaan yang memasang iklan di web atau view bar mereka.Biar tidak penasaran Anda bisa mencoba beberapa situs atau program di bawah ini yang diyakini akan membayar kepada anggotanya. Sebagai tambahan, setelah (Anda mendaftar dan) uang Anda telah mencapai jumlah tertentu maka mereka akan mengirimkan bank draft check yang bisa Anda cairkan di banyak bank di Indonesia. dibawah ini ada beberapa link yang sudah terbukti membayar :

getpaidmail.com

no-minimum.com


 



In this age of highly networked computers, e-business success can only be achieved by protecting valuable business assets: from the organization’s information, or research and development projects and highly skilled professionals that make it happen, to the IT infrastructure that we all have grown to depend on for all aspects of e-business. Protecting the organization’s assets is a matter of saving money and protecting well-guarded prestige. Such protection can only be achieved with a forward-thinking approach of planning, prevention and timely implementation of security measures. Intrusion detection systems (IDSs) form an important component of this prevention and protection effort, as one layer in the defense in-depth approach, by aiding with automated monitoring and analysis of events in computer systems and networks. Like any other IT-based solution, it is only as good as the organization’s effort to implement, maintain and operate it. The core component for this operation is the analyst who actually makes sense of the numerous outputs and builds on previous experience to achieve the best tool of defense in this prevention/protection mechanism. Outsourcing as a solution Companies face a variety of challenges with the ever changing technology on which their communications infrastructure is based, and fulfilling the staff requirements to support it. Some organizations do not have enough IT staff, especially in the security arena, to spare even a few individuals to administer yet another system of computers. Network and system administrators are just too busy keeping the operations working. Other security professionals have their resources prioritize looking at the bigger picture and planning other e-business initiatives, such as VPNs and PKI, essential to many organizations. For the highly enterprising security professional, going about doing the research to find the solution that best suits the organization’s needs for an intrusion detection system implementation, procuring the needed hardware and software and, installing IDS components is just the beginning. The initial research, acquisition and deployment is followed by numerous hours of data and correlation analysis, and keeping up with IDS system updates, technology and the infrastructure that it is designed to protect. For the organization, owning the implementation of an intrusion detection systems means capital investment on hardware and software and, requiring staffing support around the clock to respond to intrusions as real-time emergencies, a problem resolution escalation procedure and specialists to fill the various levels of expertise required for this operation, analysis and problem resolution. Acquiring services from a managed security services provider (MSSP) comes as an alternative to the corporate investment in specialized hardware and software. Also, with staffing limitations that many organizations face, the implementation of an intrusion detection system, given what was discussed earlier, may seem more a burden than a necessary step toward a comprehensive security solution. There is always room for entrepreneurial efforts that provide something that is needed to the organization that does not have the resources to implement and support an intrusion detection system. Still, management needs to task the security professional to find the solution to defining what is wanted and required, and how to go about obtaining and supporting it. A word of caution for those exploring acquiring a managed security services provider as the IDS solution for the organization: do not be confused between managed security services providers (MSSPs) and managed security providers (MSPs). The latter may provide many security related services, but not necessarily installation, administration and monitoring of sensors, data analysis and incident forensics. Still managed security providers may support the development and implementation of many security initiatives for which the organization does not have resources or in-house know-how. Managed Security Services Providers as a Solution Managed security services providers facilitate hardware, software and services to manage and improve on the organization’s network and system security. Hardware and software provide the basis for sensors or data collectors. Sensors may be network-based which collect network packets as data, or host-based which collect system log entries and/or operating system audit trails data. MSSPs provide services to design, deploy, manage and monitor an intrusion detection system for a customer organization that does not possess the staff or other resources to provide such essential service for themselves. At the core of managed security services monitoring is the security operations center (SOC) where data collected from the sensors is merged, normalized and analyzed. SOCs are staffed 24x7 with analysts as the first step in the escalating process of evaluating suspicious events registered by the intrusion detection system and determining an appropriate handling response. There are various levels of analysis done to the data in the effort of determining if an event is an actual intrusion incident: data mining and correlation techniques are performed including aggregation of events and incidents recorded from other customer sites as well as global incident response centers. By the way, when it comes to monitoring, alert and incident handling coverage provided by the SOC, don’t think that services are any more comprehensive if a managed security services provider happens to mention that they provide 24x7x365 monitoring as opposed to simply 24x7. The 365 sounds impressive, but it adds no additional meaning nor coverage. Actually, this could be a dangerous thing: consider what would happen to the 366th day in a leap year… Considerations When Selecting an MSSP There are many aspects to consider when selecting a managed security services provider. The organization must identify its security needs to find a provider that can meet them. Not all considerations may be important to an organization because it will depend on resources needed and wanted. Your organization and the selected MSSP will draw a service level agreement which determines the level and quality of service to be provided by the MSSP and expected from the organization. The service level agreement needs to be negotiated in advance for a clear understating of services and cost. MSSPs offer various pre-packaged service level agreements that might fit your organization’s needs or can be customized to the specific needs. Here are some aspects to consider on the road of identifying the organization requirements and selecting a managed security services provider: • Technology. Managed security services providers offer a variety of technical solutions through software and hardware from various vendors. The solution that is best for your organization will be largely dependent of how much control or hands-on your organization wants, requires and can afford. Another aspect of the same issue is how much the managed security service provider is able to provide. The two hold an inversely proportional relationship. The systems and network infrastructure where the IDS will reside is a deterministic factor as well. Consider some details on the technical requirements: • Network-based sensors deployment and support. Network speed must be taken into consideration since sensors need to keep up with the data that are trying to collect. • Host-based sensors deployment and support. Host-based sensors analysis is another aspect of defense in-depth, therefore it should be an integral part of the IDS and the data correlation analysis performed. • Sensor management. Hands-on support in your organization and the MSSP’s technical capacity to remotely manage sensors are factors in this matter • Sensor signature upgrade capabilities and timing. Depending on the specific implementation, the product(s) deployed may have capabilities for signature development. Signatures updates can be supplied by the IDS software vendor or by MSSP support for quick implementation and protection. • System tuning. System tuning is an on-going process to minimize false-positives, which is essential to focus efforts on actual intrusions. MSSPs may consider a pilot phase to establish a base level of event activity that would be used for an initial fine-tuning of the system. • System scalability. Even in a modest IDS initial deployment, the planning for future sensor deployment and integration should be considered from the start by the organization. • Technical training. If your MSSP provides basic monitoring and alerting, based on your service level agreement, technical training may be required for your organization’s analyst who is left with many tasks to support hardware and software components, signature updates and development, and basic sensor maintenance. • Reporting. There are two types of reporting that an organization should consider: • Alert reporting. There are some choices or requirements that may need to be implemented to comply with the organization’s policies: phone notification, e-mail notification, paging, SNMP trap and web portal notification. Timing of alert notification must certainly be considered and can be related to already developed incident handling policies and procedures. • Statistical and other reporting. Even when the managed security services provider is doing the analytical work and correlation, still as a conscious analyst in your organization, there are many benefits from knowing what type of events are being detected by the intrusion detection system to plan for better security measures. A secured web portal interface can aid the analyst on this task by providing statistical reporting while protecting the information being shared. Incident handling reporting also may help the analyst in the effort to document the organization’s intrusion incidents and to justify future acquisition and implementation of security measures, in addition to the current MSSP expense. Regular monthly reports are a good way to keep abreast with IDS upgrades and can provide security advisories for newly discovered threats. • Incident handling and forensics. Support may be beyond monitoring and alerting. Data forensics is needed to understand the event, the extent of any damage done, possible fixes and mitigation steps. This aspect will depend on the organization’s incident and escalation procedures for intrusion incidents. The organization may also need on-site support in case of an intrusion incident and possible legal counseling and support. • Company’s assessment. • On their own or with a partner. Various MSSPs provide the whole range of services or partner with another company to supplement the security services for the customers. • Corporate history and growth. Knowing how long the company has been established as a MSSP, number of employees, and growth over time may give the organization some prospective on what to expect, especially if the organization plans to expand services beyond the initial deployment. Also, having an idea of other corporate customers would provide some comfort level on the MSSPs background and capabilities to satisfy the organization’s needs. • Location and operations. Location may be a factor if your organization requires on-site support because travel expenses will be reflected in services’ cost. Inquire about SOC redundancy of operations since your organization will entrust a critical component of security to the MSSP. • Personnel background. MSSPs take great pride in having on board former employees from the Department of Defense and other government agencies that specialize on intelligence work. Many analysts may also hold current certifications available for security professionals. In addition, it is wise to understand or require a certain level of background checks and/or clearances for analysts and staff that will be supporting your organization’s security efforts. • Security services beyond IDS. To complement intrusion detection system monitoring, MSSPs facilitate development of security policies and procedures, as well as, a more proactive approach to security measures to determine and correct vulnerabilities before an intruder’s exploit. This proactive approach include vulnerability assessment/scanning and penetration testing: o Vulnerability assessment/scanning. Assessing the strength and implementation of security controls on systems and network can be performed with vulnerability assessment tools. Some of these tools are active in nature because they identify vulnerabilities using exploit techniques. Other vulnerability assessment may be performed in a passive mode, where security weaknesses may be encountered by reviewing security measures developed and implemented by the organization such as security policies and procedures, access controls and, roles and responsibilities. Even when data needs to be gathered from production systems, the tests are performed off-line without affecting the systems’ performance. Both types of vulnerability assessment approaches may assess important security controls such as password strength, file systems protection, system security-related bug-fixes and access control lists. o Penetration testing to find security holes before intruders do is always good practice. Your organization may prefer to have the penetration testing performed by a third party company. This will not only test for security weakness in targeted systems but a test on the intrusion detection system implementation as well. The scope of any penetration testing and vulnerability assessments to be performed should be identified in advance to minimize impact to the systems and networks being tested. • Cost. This will greatly depend on the service level agreement your organization develops with the selected MSSP. Service level agreements range from simple sensor monitoring and alerting to sensor implementation design and deployment, incidence forensics, vulnerability assessments, penetration testing and others indicated in this document. Consider the number and type of sensors to be deployed and monitored and, the extent of the initial targeted IDS implementation. There could be a significant difference in the cost of host-based versus network-based sensors and how extensive the support requested from the MSSP to maintain the IDS. Also, MSSPs also provide hours of consulting services to satisfy other security needs from customers in an effort to provide comprehensive security services. Some final thoughts There is a wide range of outsourcing alternatives to implement an intrusion detection solution that fits your organization’s needs. Managed security services providers satisfy many requirements with specialization and solid expertise in the security field. Selecting a managed security service provider may prove to require low initial investment and faster deployment than a solution developed and supported only with in-house resources because of the high cost of ownership. The organization needs to decide between technical and policy requirements, in addition to budget and technical constraints to find and acquire a provider best suited for the job at hand. Maybe the major challenge on acquiring MSSP is knowing what the organization wants and needs before the organization actually gets it.

As Intrusion Detection (ID) technology has progressed, so too has it been increasingly considered a viable aspect of the "defense in depth" ideology. While ID may not necessarily be viewed as a definitively mature technology, there are certainly a multitude of options from which to choose. Each of the available Intrusion Detection Systems (IDS) offers a unique combination of capability, configuration options, and, of course, price. For the purpose of this discussion, the examples will apply directly to Shadow (the Secondary Heuristic Analysis for Defensive Online Warfare, distributed by the Naval Surface Warfare Center and available from http://www.nswc.navy.mil/ISSEC/CID/) running in the Linux environment. Network Intrusion Detection: An Analyst’s Handbook, 2nd Ed., cites Snort (http://www.snort.org) by Martin Roesch as having "outstripped Shadow just since December 1999" (Northcutt, et al. 190); however, as Shadow is tcpdump-based the concepts are fundamentally easier to illustrate. So Where Is The Problem? Quite simply, Intrusion Detection Systems make for fairly strategic targets when their presence is discovered during network reconnaissance. One article, published in The Institute of Electrical and Electronics Engineers (IEEE) Software Magazine, actually asserts that "[s]mart intruders who realize that an IDS has been deployed on a network they are attacking will likely attack the IDS first, disabling it or forcing it to provide false information (distracting security personnel from the actual attack in progress)." (Allen, et al. 47) And why shouldn’t they? After all, an IDS sensor holds great potential for the assailant who can subvert it. In addition to allowing an outsider the ability to manipulate or censor log files to conceal his or her own presence, I would assert that the sensor contains a repository of packet capture data that likely offers a wealth of information about network topologies, user accounts, and passwords. Further, once the sensor is captured, the attacker has free and clear access to a passive packet capture device without having to arouse any unnecessary suspicion; a network scan that reveals your IDS sensor in promiscuous mode is hardly noteworthy. Similarly, there is no need for the attacker to sanitize /var/log/messages because entries that show the adapter changing into and out of promiscuous mode appear equally innocuous. What Can I Do To Prevent This? Perhaps the best approach to reducing this threat is to first make a cursory examination of the tool set used to identify an IDS sensor. An understanding of a tool’s principle of operation is key in determining how to defend against it. For instance, the Neped (NEtwork Promiscuous Ethernet Detector) utility, distributed ca. 1998 by the Apostols group and included in several older revisions of the Trinux toolkit (http://www.trinux.org; NOTE: more recent versions have replaced Neped with the more diverse Sentinel utility available at http://www.packetfactory.net/Projects/Sentinel), exploited a flaw in the manner in which some older (specifically 2.0.x and 2.1.x) Linux kernels responded to ARP requests. When in promiscuous mode, a box would reply to an ARP request regardless of the intended recipient. If one were to include this relatively compact (205 line) utility as part of a rootkit to be uploaded to a compromised site, Shadow in its infancy (remember, this was 1998) would likely have been running on one such affected kernel and thus the locations of the sensors would be immediately evident to an attacker. So how would this have been combated? The easiest manner in which to avoid such detection would have been to first append the /etc/sysconfig/network-scripts/ifcfg-eth0 to include a line similar to: NOARP=yes Then, edit the /etc/sysconfig/network-scripts/ifup script to include a branch similar to: if [ -n “$NOARP” ]; then ifconfig ${DEVICE} -arp fi NB that the name of variable is fairly inconsequential so long as it does not conflict with any of the predefined variables accounted for in the network configuration script, as is its value; it is simply a mechanism by which the branch is activated. Once activated, this branch disables ARP resolution entirely on the sensor, thus evading Neped detection. Unfortunately, since the days of Neped there have been many advances in passive sniffer detection. Tools such as bind’s Sentinel (cited earlier) or AntiSniff (http://www.securitysoftwaretech.com/antisniff/) developed by LØpht Heavy Industries use a battery of tests to discern the existence of packet capture devices on the network. AntiSniff 2.0, currently under development, will run on Win9x (consequently, sensor detection can be performed without a permissions structure from any accessible console), WinNT/2000, and *NIX (command line versions may be run remotely on a compromised system). Additionally, this revision "is being designed to work not only on local network segments but also across routers and switches." (S.S.T., Technical Details n. pag.) The "Technical Details" page for AntiSniff 1.x breaks out the tests into several categories. It first prods the Operating System for flaws in the handling of various packet types. Packets are created to address the Linux ARP flaw examined by Neped, a similar ARP flaw in NetBSD, and a broadcast Ethernet flaw in Win9x/NT. The next round of tests forges packets to provoke a reverse DNS lookup on fictitious addresses; the premise here (simplified, of course) is that if a machine is not in promiscuous mode then it will not process a packet with a destination IP not its own and thus there will be no DNS request if a sniffer is not present. The final round of tests benchmarks the network and specific boxes at a baseline level and under duress (i.e., during periods of substantial network traffic). Theoretically, a machine discarding all packets destined for IP addresses not its own at the link layer should not exhibit significantly different performance metrics during periods of forced network congestion, provided said congestion is not directly addressed to that box. Several aspects of packet capture detection have been built into AntiSniff; however, not one is indefensible where IDS sensors are concerned. While the methodology employed by AntiSniff is by no means canonical (i.e., there are other, less effective methods of sniffer detection not incorporated into AntiSniff 1.x), similar defensive tactics would apply. Going back to our original example of Shadow running on a Linux platform, the Neped discussion has already addressed the ARP test. While this is not applicable on all Linux or BSD kernels, a little preventative medicine never hurts. The DNS issue may be dealt with similarly by altering the Shadow configuration as follows in /usr/local/logger/sensor/start_logger.pl: # Prepare the parameters to pass to the tcpdump program. $param = “$PROGPAR -n -s 4096 -w - -F $FILTER”; $param .= “ 2>>$LOGDIR/tcpdump.err | $GZIPPROG > $TCPLOG4 2>/dev/null”; # The addition of the ‘–n’ parameter disables DNS resolution while the logs are being collected. An alternate solution would be deleting the /etc/resolv.conf file thereby disabling DNS resolution altogether. Once the logs have been transferred, either to the analyzer or an intermediate "safe" host, DNS information can be added into the logs on an "as needed" basis without altering the original by: tcpdump –a –r tcp.2001030101 > tcp.2001030101.dns Dealing With Latency Tests The latency test is perhaps the most effective in the AntiSniff arsenal; no addressable production system will escape this test. The significant qualifier here is "addressable." The AntiSniff "Goals and Purpose" statement is pretty clear that "[i]f a machine on the network has no IP address, no IP stack associated with any of its interfaces, or has no ability to be communicated with over the network then AntiSniff will not detect it. This is perfectly acceptable, as such a machine would not be compromised over a network in the first place." (S.S.T., Purpose n. pag.) The beauty of a non-addressable IDS sensor is that it provides a virtually undetectable monitoring capability (the "virtually" caveat is included for various reasons, not the least of which is that anyone having physical access to the infrastructure may notice the "extra" box that displays the promiscuity status of an adapter on the console once an hour). A scan of the IP range will not give up the location of the sensor, and its existence is equally difficult to discern with passive sniffer detection utilities. This configuration will require, first and foremost, that a second Ethernet adapter be installed in the sensor. The key here is that this second adapter is not to have an IP address bound to it. Unfortunately, most modern Linux distributions have a very well-meaning feature that brings adapters lacking addresses down after boot; however, this is easily remedied. The "quick and dirty" solution would be to add the following as the last line of the ‘start)’ section of /etc/rc.d/init.d/network: ifconfig eth1 up The more elegant solution would be to modify the network scripts such that they allow for an adapter without an IP address. Linux does not create a configuration file for an address without an adapter, so: cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-eth1 Having done that, edit ifcfg-eth1 and remove the IPADDR, NETMASK, NETWORK, and BROADCAST entries. Edit the remaining entries such that DEVICE=eth1, ATBOOT=yes, and BOOTPROTO=none. Finally, append an entry to ifcfg-eth1 that is similar to: NOIPADDR=yes Then, edit the /etc/sysconfig/network-scripts/ifup script to include a branch similar to: if [ -n “$NOIPADDR” ]; then ifconfig ${DEVICE} up fi As in the case of the ARP example, the exact variable name is unimportant so long as there is no duplication. The preferred placement of this branch is immediately before the ‘else’ statement to which "regular" adapters with pre-specified IP addresses fall through. It should be noted that this modification negates the impact of the ARP and DNS modifications, as neither applies when a machine is not addressable. In other words, this change supercedes the other solutions addressed previously. If the sensor is on an insecure hub (e.g., at the perimeter, in the DMZ, etc.) and your threat model includes only outside attacks, eth0 of this sensor can tie back into your internal network. If there is a considerable internal threat, it may be advisable to implement an isolated network for your sensors and analyzer that is non-routable from all internal and external subnets. As per usual, there is a trade-off here between usability/accessibility and security, to be determined by each individual circumstance. For The Truly Paranoid… It is possible to take this to yet another level. Those of us that have worked with 10Base5 Ethernet (i.e., AUI or "thicknet") before may remember a method of trimming connector pins or cable conductors to create a "receive only" connection. Be careful with this; if installed incorrectly, a modified cable could result in a "transmit only" system that would prevent the collection of any data. Pins 3 and 10 of the AUI connector are responsible for establishing the transmit connection; if the connections are physically severed, it is electrically impossible for that connection to transmit data. It is worth mentioning here that with a set of complicated equations and some equally complex monitoring equipment it may be possible to determine that there is a "receive only" system operating on a network from its electrical characteristics; however, to my knowledge this is not possible without physical access. NOTE: I would advise against applying this principle to twisted pair Ethernet cabling. After some frustration and several support calls to equipment manufacturers, you will soon discover that most twisted pair devices will not produce a link when the transmit pair is cut as there are line verification routines within most modern enterprise-grade interconnection equipment (e.g., hubs, switches). Rumor has it that this configuration is possible with 10/100BaseT, although it may not be worth the potential sacrifice of your data’s integrity. Several 10Base5 NICs are still commercially available, as are AUI transceiver modules for hubs (e.g., the 3Com 3C1206-0). In Conclusion IDS sensors are potentially as valuable a resource (if not more so) as the network elements they serve to protect. Patch levels should be kept current, and routines should be implemented to reduce the volume of log data that accumulates on the sensors. Where possible, efforts should be taken to conceal the very existence of sensors as the information they contain could contribute significantly to the compromise of several additional systems. In short, recognize the IDS as an asset with significant potential for either network protection or compromise and defend it accordingly.

Introduction Intrusion Detection Systems ( IDS ) are now mainly employed to secure company networks. Ideally, an IDS has the capacity to detect in real-time all ( attempted ) intrusions, and to execute work to stop the attack ( for example, modifying firewall rules ). We present in this paper a « state of the art » of Intrusion Detection Systems, developing commercial and research tools, and a new way to improve false-alarm detection using Neural Network approach. This approach is still in development, nevertheless it seems to be very promising for the future. This paper is organized as follows : first, we present the global architecture of IDS and a few commercially available tools, then we analyze new axes of research to improve IDS’s performances and particularly the application of Neural Networks to Intrusion Detection. Classification of Intrusion Detection Systems A guidance document on Intrusion Detection Systems is available from National Institute of Standards and Technology ( NIST ) organization [1]. Intrusion Detection Systems can be classified into three categories : • host-based IDS, evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files. • network-based IDS, evaluate information captured from network communications, analyzing the stream of packets traveling across the network. Packets are captured through a set of sensors. • vulnerability-assessment IDS, detect vulnerabilities on internal networks and firewalls There are two primary models to analyzing events to detect attacks: • misuse detection model : IDS detect intrusions by looking for activity that corresponds to known signatures of intrusions or vulnerabilities • anomaly detection model : IDS detect intrusions by searching « abnormal » network traffic Most IDS commercial tools refer to the misuse detection model, and signatures of intrusions must always be updated by vendors. IDS based on anomaly detection model have the ability to detect symptoms of attacks without specifying model of attacks, but they are very sensitive to false alarms. Commercially available tools A Jackson [2] of Los Alamos National Laboratory wrote a complete survey of IDS products. Characteristics for each of the seventeen products are studied according to nine major features : • suitability for IDS architecture and management scheme • flexibility of adaptation for a specific network to be monitored • protection against malicious tampering • interoperability with other network management and security tools • comprehensiveness, to expand the concept of intrusion detection such as blocking Java applets or Active-X controls, monitoring e-mail content, blocking specific urls • event management, such as managing and reporting event trace, updating attack database • active response when an attack occurs, such as firewall or router reconfiguration • support for product Another recent market survey of commercially available Intrusion Detection tools today is available in [3]. We present here examples of IDS tools, classified according to the three models : host-based, network-based and vulnerability-assessment tools Host-based IDS tools Host-based IDS systems detect attacks for an individual system, using system logs and operating system audit trials. Examples of well known host-based commercial tools are : Cybercop from Network Associates ( NAI ) ( http://www.pgp.com ), KaneSecurity Monitor ( KSM ) from RSA Security ( http://www.rsasecuriy.com ). Tripwire ( http://www.tripwire.org ) is a specific tool to detect changes of administrative or user files on one server. Network-based IDS tools Network-based IDS systems detect attacks by capturing and analyzing network packets, from « sensors » placed at various points in a network. Examples of well known Network-based commercial tools are : RealSecure from Internet Security Scanner ( ISS ) ( http://www.iss.net ), Cisco Secure IDS or NetRanger from Cisco Systems ( ex Wheel Group Corporation ), Centrax from CyberSafe corporation, and Network Flight Recorder NFR A popular and freely-available Network-based IDS is Snort, a lightweight IDS ( http://www.snort.org ) The main difficulty for Network-based IDS is to process in real-time all packets for a large network ; specific hardware solutions may be employed. Another problem is segmentation of networks by switches which involve difficulties in capturing traffic for a global network. Vulnerability-assessment tools Vulnerability-assessment tools are security scanners used to detect known vulnerabilities on specific Operating System’s configuration. Examples of well-known vulnerability-assessment tools are : CyberCop Scanner from PGP Security ( a Network Associates Division ) and SecureScan NX from Networks Vigilance ( formally known as NV e-secure ). A freely-available vulnerability-assessment tool is Nessus, a Linux-based vulnerability scanner ( http://www.nessus.org ) written by R. Deraison Performances for commercial tools The majority of tools available today refer to the misuse detection model, meaning that administrators need to regularly update vulnerabilities database. Then, all these tools are vulnerable to new signatures of attacks. Tools are also very sensitive to false attacks, corresponding to normal network traffic. Major commercial IDS do not handle Fragmentation / re-assembly of IP packets. For large networks, it would be necessary to store Gigabytes of event data every day, to treat them off-line. Application of Neural Networks to Intrusion Detection The Center for Education and Research in Information Assurance and Security (CERIAS) has produced a review of IDS research prototypes [4], and a few are now commercial products. Approaches for misuse detection Approaches for the misuse detection model are : • expert systems, containing a set of rules that describe attacks • signature verification, where attack scenarios are translated into sequences of audit events • petri nets, where known attacks are represented with graphical petri nets • sate-transition diagrams, representing attacks with a set of goals and transitions The common approach for misuse detection concerns « signature verification », where a system detects previously seen, known attacks by looking for an invariant signature left by these attacks. This signature is found in audit files, in host-intrused machine, or in sniffers looking for packets inside or outside of the attacked machine. Limitation of this approach is due to : • frequent false-alarm detection • the need to specify a signature of the attack, and then to update signature of attacks on every IDS tool. A signature of an attack may not be easily discovered. • new attack signatures are not automatically discovered without update of the IDS Approaches for anomaly detection Anomaly Detection in Network-based or Host-based IDS includes : • threshold detection detecting abnormal activity on the server or network, for example abnormal consumption of the CPU for one server, or abnormal saturation of the network • statistical measures, learned from historical values • rule-based measures, with expert systems • non-linear algorithms such as Neural Networks or Genetic algorithms The common approach for anomaly detection concerns the statistical analysis, where the user or the system behavior is measured by a number of variables over the time. These variables may be the login and the logout time of each session, the amount of resources consumed during the session, and the resource duration. The major limitation of this approach is to find a correct threshold without frequent false-alarm detection. DARPA Intrusion Detection Data Base To improve performances of IDS systems with real network traffic, a large-scale realistic Intrusion Detection data-base has been sponsored by the US Defense Advanced Research Projects Agency ( DARPA ) in 1998. More than two months of traffic observed from US Government sites and the Internet were registered, adding attacks against various hosts OS. DARPA data-base was then designed to evaluate performances of Intrusion Detection Systems. The first evaluation with off-line and real-time Data Base was conducted in the summer of 1998 [5]. Neural Network approach for Intrusion Detection One promising research in Intrusion Detection concerns the application of the Neural Network techniques, for the misuse detection model and the anomaly detection model. Performance evaluations presented in this paper all refer to the DARPA Intrusion Data Base. Neural Network approach An artificial Neural Network consists of a collection of treatments to transform a set of inputs to a set of searched outputs, through a set of simple processing units, or nodes and connections between them. Subsets of the units are input nodes, output nodes, and nodes between input and output form hidden layers ; the connection between two units has some weight, used to determine how much one unit will affect the other. Two types of architecture of Neural Networks can be distinguished : • Supervised training algorithms, where in the learning phase, the network learns the desired output for a given input or pattern. The well known architecture of supervised neural network is the Multi-Level Perceptron (MLP) ; the MLP is employed for Pattern Recognition problems. • Unsupervised training algorithms, where in the learning phase, the network learns without specifying desired output. Self-Organizing Maps ( SOM ) are popular unsupervised training algorithms ; a SOM tries to find a topological mapping from the input space to clusters. SOM are employed for classification problems. A good introduction to Neural Networks is available in [6]. The most important property of a Neural Network is to automatically learn / retrain coefficients in the Neural Network according to data inputs and data outputs. Applying the Neural Network (NN) approach to Intrusion Detection, we first have to expose NN to normal data and to attacks to automatically adjust coefficients of the NN during the training phase. Performance tests are then conducted with real network traffic and attacks. Neural Networks have been largely employed with success for complex problems such as Pattern Recognition, hand-written character recognition, Statistical Analysis. We present four recent studies on the application of the Neural Network approach to the scope of Intrusion Detection, both for the misuse detection model and the anomaly detection model. Representation of a Perceptron with one Hidden Layer ( from [8] ) Georgia University neural network IDS J Cannady and J Mahaffey [7] of Georgia Technical Research Institute (GTRI ) conducted research to apply Multi-Level Perceptron (MLP) model and MLP/SOM (Self-Organizing Maps) for misuse detection. The MLP prototype had these characteristics : 4 fully connected layers, 9 input nodes and 2 output nodes ( normal and attack ). With this prototype, they simulated specific attacks as ISS scans, SATAN scans and SYNFlood, and each attack was clearly identified through normal traffic. A MLP/SOM prototype was then designed to detect dispersed and possibly collaborative attacks. Neural Network was a feed-forward network with back-propagation learning. In the learning phase, Neural Network converged rapidly. Preliminary results with unsuccessful FTP login attempts where correctly identified as attacks. MIT research in neural network IDS R Lippmann and R Cunningham [8, 9] of the MIT Lincoln Laboratory also conducted tests applying Neural Networks to misuse detection model, by searching for attack-specific keywords in the network traffic. They used a Multi-Level Perceptron (MLP) to detect Unix-host attacks, and attacks to obtain root-privilege on a server. Generic keywords are selected to detect attack preparations and actions executed after. A two-layer perceptron was designed with k input nodes, 2k hidden nodes and 2 outputs ( normal and attack ) ; backpropagation in the learning phase detects weights of the Neural Network. Good detection performance was obtained with 30 keywords to detect attacks, such as « cat > », « uudecode » or new root shell (« uid=0(root) », « bash# »). Applied to Shell source code with 7 shell-commands representing an attack, 17 out of 20 attacks were detected and one false alarm generated ; applied to C source code with 2 features, 68 of 73 attacks were detected and 4 false alarms. With the Neural Network approach, false alarms were reduced by two orders of magnitude ( to roughly one false alarm per day ) and they increased the detection rate to roughly 80 % with the DARPA data base. System could detect old as well as new attacks not included in the training data, and in a lesser extent attacks distributed across multiple sessions. UBILAB Laboratory Luc Girardin of the UBILAB laboratory [ 10, 11] also employed Self-Organizing Maps ( SOM ) to perform clustering of network traffic and detect attacks based upon Neural Network, associated with a visual approach of network traffic. SOM are employed to project network events on an appropriate 2D-space for visualization, and then they are displayed to the Network Administrator with a comprehensive view of traffic. Intrusions are then easily extracted from this view, by highlighting divergence from the norm with visual metaphors of network traffic. Girardin tested this approach with success for the following attacks : IP spoofing, FTP password guessing, network scanning and network hopping ; log file systems are analyzed from firewalls. However, this approach needs a visual interpretation of network traffic by an administrator to detect attacks. Research of RST Corporation A Ghosh and A Schwartzbard [12] of Reliable Software Technologies Corp. used the Neural Network approach for the anomaly detection model by analyzing program behavior profiles for Intrusion Detection. Program behavior profiles are built by capturing system calls made by the program, to monitor the behavior of programs by noting irregularities in program behavior. Their IDS was a single hidden layer Multi-Layer Perceptron (MLP) ; they also employed the so-called Lucky Bucket algorithm to keep in mind temporal memorization of recent abnormal events, by managing a counter : for a normal output, the counter tends to be zero, and for an anomaly the counter tends to be one. Performance for their system was tested with the DARPA data-base, including intrusive and non-intrusive sessions. Applied to anomaly detection, system detects with good performances known and new attacks ( 77 % of attacks where detected with 3 % of false alarms ), but application to misuse detection detects attacks with high false alarm rates, excluding usage for commercial use. In 1998, with the DARPA off-line IDS evaluation, the system successfully detected User-to-Root attacks composed of system-call sequences. In order to improve the anomaly detection model, A Ghosh et al. [13] then tested Intrusion Detection to another topology of Neural Network, the Elman Network for recognizing recurrent features in program execution traces. An Elman Network is based on a feed-forward topology with the addition of context nodes retaining information from previous inputs. Applied to the DARPA database, the Elman Networks were able to detect 77 % of attacks with no false alarm, improving results obtained with the MLP topology. In 1999, during the evaluation of performance tests with other systems and applying the DARPA data-base, this system had promising results with anomaly detection to detect new attacks. Conclusion Intrusion Detection Systems are becoming largely employed as a fundamental Network Security system. Commercial tools available today have limitations in detecting real intrusions, and Neural Network is a efficient way to improve the performances of IDS systems which are based on the misuse detection model and the anomaly detection model.

Maximum Transmission Unit (MTU) This is the default packet size that Windows uses to negotiate with. When a connection is opened between two computers, they must agree on an MTU. This is done by comparing MTUs and selecting the smaller of the two. If the MTU is set too large for routers that are between the computers, these routers then fragment this information into a packet size that the router can handle. This fragmentation can double the amount of time it takes to send a single packet. Windows has a built-in MTU Discovery that will adjust for this by sending out a packet that is marked as "Not Fragmentable". Then the router sends back an error to the computer saying that the packet was too large, and Windows then lowers the MTU until there are no more errors. If your ISP uses an MTU of 576, then every time you start a connection, Windows must adjust down to this value. Even though Windows automatically adjusts the packet size, it still takes it time to negotiate an acceptable MTU. By setting this value manually, you greatly reduce the amount of work that Windows must do to negotiate. Maximum Segment Size (MSS) Maximum Segment Size defines the largest segment of data that the TCP stack is prepared to receive. When a connection is established, the two ends agree to use the smaller of each end's value. MSS is generally 40 bytes less than Maximum Transmission Unit, because 40 bytes are used for the TCP and IP headers. TCP Receive Window Size (RWIN) The TCP Receive Window Size is the amount of receive data (in bytes) that can be buffered at one time on a connection. The sending host can send only that amount of data before waiting for an acknowledgment and window update from the receiving host. A value that's too large will result in greater loss of data if packets are lost or damaged, and a value that's too small will slow down data transfer considerably, as each packet will have to be acknowledged before the next packet is sent. Matching the receive window to even increments of the MSS increases the percentage of full-sized TCP segments utilized during bulk data transmission. Time To Live (TTL) This parameter specifies the default Time To Live (TTL) value that is set in the header of outgoing IP packets. The TTL determines the maximum time that an IP packet can live in the network without reaching its destination. It is effectively a limit on the number of routers an IP packet can pass through before it is discarded. Keep Alive Time Specifies how often to send session keepalive packets on active sessions. This will keep connections that have stalled during a particular download session from timing out. The minimum is 1 minute (60000 ms). Recommended setting is 10 minutes (600000 ms). Path MTU - Enable Black Hole Detect This specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages. ICMP (Internet Control Message Protocol) is defined in STD5, RFC 792. With this feature enabled, TCP will try to send segments without the Don't Fragment bit set if several re-transmissions of a segment go unacknowledged. If the segment is acknowledged as a result, the MTU will be decreased and the Don't Fragment bit will be set in future packets on the connection. Enabling black hole detection increases the maximum number of re-transmissions performed for a given segment. Setting this parameter when it is not needed can cause performance degradation. However, if the router is not sending back the ICMP messages, then PMTU Discovery will not work. This can cause an even greater loss of performance. PMTU Black Hole Detect is recommended to be disabled. Path MTU - Enable Auto Discovery Enabling this setting causes TCP to attempt to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP is supposed to be able to eliminate fragmentation at routers along the path that connect networks with different MTUs. This requires implementation of the corresponding server side algorithm, however, and presupposes all of the servers on the entire Internet only running MSFT server software with server-side optimization features accessible from MSFT web-browser client software. Needless to say, this is rather unlikely. Nevertheless, it is not recommended to disable this setting as it would then cause an MTU of 576 bytes to be used for all connections that are not to machines on the local subnet. Disabling this setting can cause severe performance degradation because fragmentation may not be compensated for. PMTU Auto Discovery is recommended to be enabled. Enable Selective Acknowledgements (SACK) This parameter controls whether or not Selective Acknowledgment (SACK) support, as specified in RFC 2018, is enabled. Selective Acknowledgement (SACK) is an optimizing feature that lets you acknowledge receipt of individual blocks of data in a continuous sequence, rather than just the last sequence number. The recipient can tell the sender that one or more data blocks are missing from the middle of a sequence, and the sender can retransmit only the missing data. Max Duplicate ACKs This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before fast retransmit is triggered to resend the segment that has been dropped in transit. TCP Window Scaling (RFC 1323) Receive window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing the use of a very large TCP receive window size (RWIN). This option must be enabled in order to use a receive window size (RWIN) larger than 64 KB. Timestamps (RFC 1323) Timestamps help TCP to measuring round trip time (RTT) accurately in order to adjust retransmission timeouts. The Timestamps option provides two four-byte timestamp fields in the TCP header, one to record the time the initial transmission is sent and one to record the time on the remote host. Since this option increases packed header overhead and don't provide much of an improvement, it is recommended to be disabled. This option is specified in RFC 1323. Session Keep Alive This value determines the time interval between keepalive transmissions on a session. Recommended value is 60000 ms (10 minutes). Internet Explorer: MaxConnectionsPerServer This value limits the number of concurrent connections to a web server. Quality and Type Of Service : DisableUserTOSSetting This parameter can be used to allow programs to manipulate the Type Of Service (TOS) bits in the header of outgoing IP packets. LAN Settings : LAN Request Buffer Size This parameter can be used to reduce local area network delays. LAN Settings : Increase LAN Browsing Speed This option disables the network task scheduler leading to faster browsing of network folders. Host Resolution Priority This option group allows settings the priority level for LocalPriority (local names cache), HostsPriority (the hosts file), DnsPriority (DNS) and NetbtPriority (NetBT name resolution, WINS). NetBIOS over TCP/IP: BcastNameQueryCount This value determines the number of times NetBT broadcasts a query for a particular name without receiving a response. NetBIOS over TCP/IP: BcastQueryTimeout This value determines the time interval between successive broadcast name queries for the same name. NetBIOS over TCP/IP: CacheTimeout This value determines the time interval (in miliseconds) that names are cached for in the remote name table. DNS Cache Parameters MaxNegativeCacheTTL limits the negative DNS query answer cache time. NegativeSOACacheTime limits the negative answer to SOA DNS query cache time. NetFailureCacheTime value determines the time to stop sending DNS queries if no answer is received.

The speed of your network connection doesn't just depend on the speed of your hardware. Windows is an operating system that is designed to work on a variety of different hardware and network setups. Because of the abstract nature of the operating system, it cannot be optimized for user-specific hardware setups. Depending on the type of network connection you have, you might be able to tweak your connection so that the speed of your Internet, as well as your local area network, will be faster. By changing the System Registry and editing the TCP/IP parameters, you can fine-tune the values to take advantage of more reliable, faster Internet connections, such as DSL and cable. These next sections will guide you through the steps of increasing both the speed of your local area network and your Internet connection. Does your computer slow down when you browse your local area network and connect to other computers that are sharing data? One of the most common causes of this slowdown is a feature of Windows Explorer that looks for scheduled tasks on remote computers. This effort can take some time on some computers and can really slow down your browsing. The window with which you are browsing the network may appear to freeze momentarily, as the system is waiting for a response from the remote computer. Although this problem is a complex one, the solution is very simple. Instead of having to wait for the remote scheduled tasks, which is useless information to anyone who is not a system administrator remotely configuring scheduled tasks, you can disable this feature. In order to do this, you will have to change the System Registry and delete a reference to a key so that this feature will not be loaded. To do this, follow these steps: 1. Start SpeedConnect Internet Accelerator by clicking the Start Menu and selecting Programs, SpeedConnect Internet Accelerator (or using the desktop shortcut, if you created one). 2. Once the software has loaded, click the Extra Settings Panel of SpeedConnect. 3. Next, look for the LAN Settings option group. 4. Check the Increase LAN Browsing Speed checkbox. 5. Click Apply Changes button. Tip: If you prefer to use the easy Quick Optimizer, this option will be automatically checked for you when clicking Optimize button. Once you have clicked the Apply Changes button, you just need to restart and the changes will be in effect. Now your network computer browsing will be without needless delays Disabling unneeded protocols With every computer comes programs installed that you do not need. As with extra programs taking up space, extra protocols are just wasting your network connection and can actually slow it down. How is this possible? By default, a few different protocols are installed on your computer to allow for maximum compatibility with other computers on a network; these protocols each require bandwidth to operate. Most users will not use too many protocols, and their computers will use up a portion of their connection as they respond and transmit information for these protocols. Additionally, with extra protocols installed on your network adapter connected to the Internet, you increase your risk of security-related problems. One of the most common risks for broadband users is that they have the Client for Microsoft Networks networking protocol enabled on their connection. This protocol allows everyone in their neighborhood to connect to the users' computers and view any files that they may be sharing. This fact alone should be a good enough reason for you to turn off the extra protocols. But with them disabled, you will also save a little bandwidth as well. Viewing protocols on your network adapters Viewing the protocols installed and active on your various network adapters is easy. Just follow these quick steps and you will be viewing them in no time: 1. Right-click the My Network Places icon on the desktop or in the Start Menu and select Properties. If the My Network Places icon is not in either of those locations, then go to the Control Panel and click the Network Connections icon that is shown under the Classic view. 2. Next, right-click the network adapter with which you want to view the network protocols and select Properties. 3. This will bring up a list of the protocols installed as well as active on your adapter. The protocols that are installed but not active are indicated by the absence of a check in the checkbox. Disabling a specific protocol Now that you have the list of installed and active protocols on your screen, you are ready to disable a protocol. To do so, just click the check box to remove the check. Then click the OK button and the protocol is no longer active on the network adapter. It is highly recommend that you disable all protocols except for the TCP/IP protocol (also referred to as the Internet Protocol). Doing so will optimize your adapter for speed and security. Be aware that if you remove the Client for Microsoft Networks protocol and the file-sharing protocol, you will no longer be able to share your files. Additionally, you will no longer be able to connect to remote computers to view their shared files. Also keep in mind that if you have multiple adapters in your machines, such as a wireless adapter, a wired network adapter, and a dialup modem, you will have to repeat the preceding instructions for each adapter. Tweaking your Internet connection for speed Almost every computer user has different Internet connection conditions. Some users have very high-speed connections, while others have slow connections. Some users have high-speed connections using cable-based technologies, while others have high-speed connection through DSL-based technologies. On top of these differences, some are located farther away from their local network switching station than others and have a higher latency (delay) on their connections because of the distance the data has to travel. All of these different connection conditions make every user unique. The TCP/IP protocol settings can be optimized for best speed under each of these situations. By default, Windows has these settings set in a "one size fits all" approach. As I mentioned earlier, Windows has to be abstract in certain areas because of its broad user base. Because of this approach, many users can fine-tune their settings to be optimal for their connection conditions. Doing so will optimize the data transferred so your network connection will be more efficient, leading to high speeds. With a little help from some fine online tools and software programs, you can test your Internet connection and decide what needs fine-tuning. The process of tweaking your Internet connection is not always easy, but it is doable. Caution: Before going any further, you are strongly advised to create a system restore point, so that if things go wrong, which is not very likely, you will have a backup. This is NOT necessary if you use SpeedConnect Internet Accelerator. The original settings are automatically saved, and can be restored at any time, if needed. The next step in the tweaking process is to get all of the software that is needed. The main software program that you will use is SpeedConnect Internet Accelerator, which is developed by CBS Software and is available for download at http://www.cbs-soft.com/download.htm SpeedConnect is a great program that allows users to edit and optimize their Internet settings safelly and easily . Click here to download and install the latest version of SpeedConnect. Detecting settings with SpeedConnect Internet Accelerator Once you have downloaded SpeedConnect, you are ready to start getting information to use with the program. The first value that you will need to detect is the Maximum Transmission Unit (MTU) of your connection. To do this, you will use the Find Best MTU Tool available on SpeedConnect's Tools&Wizards panel. Follow these steps to find the best maximum transmission unit to use for your connection: 1. First, open SpeedConnect Internet Accelerator. 2. Select the Network Settings Panel and be sure current MTU value is set to 1500. If NOT, set MTU manually to 1500, click Apply Changes and (VERY IMPORTANT!) RESTART Windows. Then re-open SpeedConnect and go to step 3. 3. Once SpeedConnect is loaded and current MTU value is set to 1500, you are ready for the next part. Select the Tools&Wizards Panel, then click Find Best MTU tool. 4. Run the detection test 3 or 4 times, and note the BEST MTU value found by this tool. Write down this BEST MTU value. This will be the MTU value USED ON ALL YOUR OPTIMIZATION TESTS! Optimizing your connection with SpeedConnect Now that you have the BEST MTU value detected, you are ready to enter this information into all your future optimization tests. Open SpeedConnect and select the Quick Optimizer panel, then follow these steps to run your first optimization test: 1. First step is to select your connection type from the drop-down box. 2. If your connection is PPPoE (PPP over Ethernet, is asking a password each time you start your computer and navigate for the first time), then check the PPPoE checkbox. 3. Next, you will have to do a little research and find out exactly what your bandwidth speeds should be for your Internet connection. You may need to contact your ISP to find out the exact values, because the values are not always advertised. If not known, just skip this bandwith step. Otherwise, if you know the bandwith value, make sure that it is in kilobits per second and not kilobytes per second (KB= kilobytes; Kb= kilobits), then select the bandwidth value on the corresponding drop-down box. 1. Next step is to choose a preseted optimization mode to be applied to your connection. 2. Select the Network Adapter to optimize (or choose All Network adapters) from the coresponding drop-down box. Now, you are almost done. 3. Click the Optimize button to let SpeedConnect calculate the optimal network settings for you selection. 4. DO NOT click Apply Changes yet! First, make sure that you have the BEST MTU value in Network Settings Panel (switch from Quick Optimizer panel to Network Settings panel, check current MTU value. If the proposed optimal value is NOT the BEST MTU value found earlier, CHANGE manually the MTU value to your BEST MTU. 5. Finaly, click Apply Changes to let SpeedConnect save the new settings to your system. 6. Exit SpeedConnect. 7. IMPORTANT! RESTART Windows for new settings to take effect. You are now finished with your first process that will optimize your Internet connection. That wasn't too hard now, was it? It is very important to try all the optimization modes, in order to find the best optimization for your internet connection. This means, you have to repeat the above steps (1-10) EACH TIME you are making a new optmization. Then, restart, retest your connection speed, until the best result is obtained. This is all about experimenting, and it takes some time. After all, it is a one time process. Once you will get the best optimization for your connection, you will not need to use SpeedConnect until you decide to change some settings or restore your default settings. Network Settings / Extra Settings (for advanced users) If you want to change any settings manually or if you just want to check the values proposed by SpeedConnect, you can always switch to Network Settings or Extra Settings panels. 1. Choose the Network Settings panel (or Extra Settings panel) 2. Review or change the shown settings. 3. Click Apply Changes. 4. Click Exit. 5. RESTART Windows for new settings to take effect. Caution: If you are experiencing network problems after optimizing your connection, use the Restore Original Settings option (or Restore Windows Defaults) to fix the network settings. You may try the settings again, or you may experience with new values until you'll get best optimization for your connection. If you continue to have problems, or if you have problems with the directions and still want to optimize your connection, feel free to contact SpeedConnect Support Team.

Seperti yang sudah di janjikan ..Mari kita membahas mengenai Hacking mesin ATM dengan menggunakan real programming hack .. Hehehe .. Apa itu ATM Machine? Kepanjangan nya adalah Auto Teller Machine .. Sebuah mesin yang bisa dikatakan sebagai Bank Mini .. Hehehe .. Sebuah mesin yang kayaknya udah gak perlu diceritain lagi deh apa dan bagaimananya, karena saya rasa semua orang sudah tahu mengenai mesin ini .. Yang jelas dengan mesin ini, kalian bisa mengambil duit, tanpa harus pergi ke bank dan melakukan banyak hal lain yang menurut saya pribadi adalah melelahkan .. Ngisi form lah, apalah .. Capek dude xD~~ Nah, sering kali tuh terjadi rumor .. Bisa gak sih ATM di Hack??! Gimana sih caranya?? Dalam kesempatan kali ini, saya akan membuat sebuah tutorial dan artikel bersifat informatif singkat berkenaan dengan kemungkinan hacking ATM Machine itu sendiri .. Sebenarnya ada banyak cara, dan kebanyakan cara bisa anda lihat di http://www.sate.name .. Tapi dalam kesempatan kali ini, saya akan sedikit membahas mengenai masalah teknis yang ada xD~~ So .. Lets start the GAME xD~~ Hal ini hanya bekerja untuk mesin tipe Tranax Minibank 1500 Series .. Kalau anda teliti .. Anda bisa mendapatkan sebuah informasi penting dari series yang saya berikan diatas xD~~ Berikut adalah cuplikan dari Manual Book yang saya baca: To access the Operator Function menu, hold the , and keys simultaneously for 2 seconds, release them and press 1, then press 2, then press 3. The timing of this procedure can be difficult at first. Jadi intinya untuk masuk kedalam Operator Function pada ATM Machine tipe ini, anda perlu menekan tombol , dan secara bersamaan selama 2 detik, lepaskan mereka, dan tekan tombol 1, kemudian 2, dan 3. Mungkin timing awalnya akan susah pada saat anda mencoba pertama kali .. xD~~ Kalau anda kesulitan untuk login .. Cara kasarnya juga ada .. Wakakaka .. Matikan power ATM mesin, buka saja penutup ATM, copot kertas untuk printernya,

Anggapan bahwa script HTML tidak memiliki ancaman berarti tampaknya harus segera dibuang jauh-jauh. Bahkan walaupun situs anda dibuat menggunakan bahasa HTML murni sekalipun tidak menjamin bahwa website anda benar2 aman. Pembahasan saya kali ini memang tidak membahas khusus tentag web dengan HTML murni(statis), namun pada beberapa kasus terdapat persamaan ancaman. ---< Seorang haCKER mempunyai pola pikir yang luar biasa. Sedikit saja anda membiarkan celah terbuka, maka "taman bermain" anda akan direbut oleh mereka. >--- |---[2]-[Dibalik topeng tampilan web]---| Setiap hari anda berkelana dari situs satu ke situs lain. Hampir semuanya di desain semanis mungkin, namun tahukah anda bahwa segala keindahan itu hanyalah terjemahan browser anda dari serangkaian kode-kode HTML dan script-script yang tersusun rapi. Ada banyak sekali hal yang tidak ditunjukkan browser anda. Setiap browser mempunyai opsi untuk menampilkan source code HTML dari halaman yang sedang diperlihatkannya. Misalnya pengguna internet explorer, anda bisa melihat source codenya dengan klik [view] [source]. Jelajahilah fitur browser anda. |---[3]-[Sumber2 Ancaman]---| 3.1 Meta Tag ------------ Meta tag terletak pada header suatu halaman web. Meta Tag adalah tempat bagi webmaster untuk memberi informasi singkat mengenai isi situsnya (bisa berupa kata kunci(keyword), deskripsi singkat dan lain sebagainya). Ini bertujuan agar informasi tersebut ditangkap oleh search engine, sehingga memperbesar peluang situsnya untuk ditemukan oleh orang yang kebetulan sedang mencari sesuatu yang sesuai dengan isi situs tersebut. Kadangkala Meta tag juga berisi tanggal pembuatan halaman, author, software penyusun HTML, deskripsi singkat, dll. Pada beberapa kasus, informasi yang berlebihan bisa membuka celah keamanan. Tidak jarang seorang webmaster yang menginginkan anonymitas malah membocorkan nama asli atau handle pada meta tag situsnya. Example: WWW.SPYROZONE.TK-The Official Site of SPYRO Kid
Semakin pintar anda memasukkan kata kunci dan informasi pada meta tag, semakin besar kemungkinan situs anda muncul dalam hasil crawling Search Engine. 3.2 Hidden Field ---------------- Hidden Field (Field tersembunyi) adakalnya memberikan informasi yang sangat sensitif. Perhatikan contoh berikut:
Hidden field diatas tidak memmbocorkan informasi yang membahayakan. Namun adakalanya seorang webmaster membuat kesalahan fatal. Siapapun dapat dengan mudah mendownload halaman HTML diatas kemudian mengubahnya sesuka hati :). Kesalahan lain yang lebih membahayakan antara lain: Kesalahan ini akan menuntun haCKER mengambil konfigurasi troli belanja yang ada pada cart, dimana kemudian mendapatkan nomor2 kartu kredit. Pada kasus lain haCKER bisa dengan mudah merusak atau mengirim informasi2 palsu kepada aplikasi back end. Hal itu tentu sangat membahayakan. 3.3 Hyperlink ------------- HYperlink dipergunakan untuk menghubungkan sumber2 web, baik dengan website yang sama ataupun berbeda. Secara umum hyperlink dibagi menjadi dua, yaitu: 1.Hyperlink Internal Ditandai dengan tag keterangan misalnya untuk menuju halaman utama SPYROZONE.tk saya menggunakan tag berikut: Home Maka ketika anda melakukan klik terhadap link Home anda akan dibawa menuju lokasi berikut: http://www.SPYROZONE,tk/index.HTML 2.Hyperlink Eksternal Biasa ditemukan dalam tag form. Misalnya:



Hyperlink tersebut akan dipanggil dengan menentukan submit informasi yang nantinya akan terkirim ke http://WWW.SPYROZONE.TK/cgi-bin/SPYRO.pl Kedua hyperlink diatas memang telah menjadi hal mutlak dalam halaman web. Lalu sejauh mana Hyperlink membantu seorang haCKER? Dengan mempelajari dan menelusuri Hyperlink, seorang haCKER dapat menentukan wilayah aplikasi, mengelompokkannya berdasarkan tipe-tipe tertentu, mencoba mengerti bagaimana informasi2 itu dilewatkan, dan akhirnya mencari kelemahan atau mengidentifikasi wilayah2 yang lemah sebagai sasaran penyerangan. 3.4 HTML Comment ---------------- Untuk menuliskan komentar pada HTML, kita tinggal meletakkan komentar didalam tag . Browser tidak akan menampilkan isi tag tersebut atau dengan kata lain yang ada diantara tag tersebut tidak akan diproses. Jadi kita hanya bisa tahu dengan melihat source codenya. Lalu apa kegunaannya dan sejauh mana hal ini akan sangat-sangat membantu penyerang?? Para webmaster biasanya meninggalkan revisi history di tag tersbut sehingga tak jarang haCKER menemukan informasi penting didalamnya. Para developer juga sering meninggalkan pesan2 yg harusnya hanya boleh diketahui oleh admin. Tujuan utamanya memang mempermudah admin, misalnya:

Dengan adanya informasi seperti ini, tim pengelola WWW.SPYROZONE.TK akan tahu bahwa SPYRO telah melakukan perubahan file pada 30 juni 2006 dan backup halaman lama ada pada lokasi: http://WWW.SPYROZONE.TK/staff/SPYROKid/oldpage.zip Namun ancaman mulai timbul karena siapapun yang melihat adanya info ini bisa dengan mudah mendownload halaman backup tersebut untuk mengumpulkan informasi berharga yang memungkinkan. Tidak hanya itu, dengan melihat struktur url sang attacker bisa mengetahuai bahwa ternyata ada user bernama SPYROKid di situs tersebut yang berkedudukan sebagai webmaster. Dengan mengetahui username tersebut, tentunya akan mempermudah sang attacker jika nantinya akan melakukan brute force misalnya. pada kasus tertentu, ancaman yang lebih serius adalah sang attacker bisa mengidentifikasi teknologi dibalik web anda dengan mempelajari HTML comment yang biasa dibangkitkan oleh web tools secara otomatis. 3.5 Script Client Side ---------------------- Menggunakan Script Client Side adakalanya akan sangat menguntungkan. Kita bisa memanipulir Cookies, merefresh page otomatis, melakukan perhitungan, dan melakukan penguraian-penguraian kode tanpa harus berhubungan dengan server. Hal ini akan membuat sever tidak terlalu sibuk dan menghemat CPU sever karena semuanya bisa dikerjakan oleh browser Client. Namun ancaman yang ditimbulkan cukup mengerikan, HaCKER bisa dengan mudah menyimpan salinan kode web kemudian memanipulasi dan memodifikasi Script Client Side, membukanya kembali lewat browser lalu men-submit ke server sehingga sever akan memperoleh informasi keliru yang bisa menguntungkan sang HaCKER. 3.6 Banner Code Situs Lain -------------------------- Adakalanya situs-situs besar menyertakan banner code untuk memudahkan pengunjung yang berniat membantu mempromosikan situs tersebut. User bisa mengcopy code banner yang telah disediakan kemudian mem-paste ke dalam halaman situsnya sendiri. Biasanya Code Banner akan menampilkan gambar yang akan menuju situs yang dipromosikan saat di-klik. Contoh code banner yang “aman” ialah :

Banner code diatas menyertakan kode ukuran banner pada tag width=“30” Mengapa dikatakan aman? sebelum menjawabnya kita perhatikan dulu code yang sedikit membahayakan berikut :

Kode banner kedua tidak menyertakan deskripsi ukuran dimensi file SPYROlink.gif yang akn ditampilkan pada halaman web. Hal ini berbahaya karena jika seorang penyerang berhasil merusak halaman situs WWW.SPYROZONE.TK, maka ia tidak hanya berhasil merusak halaman situs WWW.SPYROZONE.TK saja tetapi juga semua situs yang menyertakan banner WWW.SPYROZONE.TK. Penyerang bisa me-replace file banner.gif dengan sebuah gambar berukuran super jumbo. Karena script banner tidak menentukan ukuran banner, maka gambar milik attacker aka tampil apa adanya dan bisa merusak tampilan web. Berbeda jika script banner yang digunakan mendeskripsikan secara jelas ukuran bannernya seperti pada saat script pertama. Walaupun penyerang mereplace file banner pada sever WWW.SPYROZONE.TK dengan gambar berukuran raksasa, gambar itu hanya akan tampil sesuai dengan script yaitu dengan lebar “39” dan tinggi “30”. |---[ 4 ]---[ Bagaimana Cara Mendapatkannya ? ]---| Cukup merepotkan memang bila kita harus menelusuri satu persatu halaman web untuk mengumpulkan informasi-informasi diatas. Tapi saya memiliki tips bagi anda : 1. Gunakan Search Engine ---------------------------- Anda bisa memanfaatkan ketangguhan Google.com untuk mendapatkan informasi tersebut. Tapi cara ini hanya efektif jika web korban anda cukup popular. Misalnya anda ingin mencari field-field tersembunyi pada situs korban.net maka ketik saja keyword pada google : “type=hidden” and ”name=price” site : korban.net Maka akan ditampilkan semua hidden field yang berkaitan dengan harga barang pada situs korban.net. 2. Tool Otomatis -------------------- Anda bias juga memanfaatkan beragam tool yang biasa digunakan para HaCKER. Misalnya dengan Wget dari GNU untuk melakukan mirror copy situs korban dan menyampaikan ke system local untuk kemudian menelusuri kode-kode atau mencari sumber-sumber informasi yang anda inginkan dengan memakai grep. Misalnya kini situs korban sudah dibuat mirror pada system local, anda ingin mencari informasi Hidden field. Maka anda bisa menggunakan perintah grep dengan pola syntaks sebagai berikut : Grep – r – i ‘hidden’ * |---[ 5 ]--- [ Upaya-upaya Pencegahan ] ---| 5.1 Konfigurasi Robots.txt ----------------------------- Untuk mencegah web crawler menjelajahi halaman tertentu, anda bisa mengaturnya pada konfigurasi file robots.txt. Lebih jauh mengenai hal ini and abaca pada tulisan saya dengan judul “Mencegah Google Hacking” yang ada pada situs saya WWW.SPYROZONE.TK. Anda juga bisa menggunakan Robots.txt generator yang telah saya sediakan di member area pada situs yang sama. 5.2 Mengikuti Sudur Pandang HaCKER ------------------------------------- Ini merupakan cara yang paling efektif. Pandanglah aplikasi web anda seperti layaknya seorang HaCKER memandang aplikasi anda. Selalu utamakan keamanan walaupun anda sedang dikejar deadline sekalipun. Jangan mudah percaya pada setting-setting default dan hindari penggunaan script Client Slide untuk halaman dengan informasi yang sensitif. Gunakan Script Client Side hanya sebatas sebagai penghias situs agar terlihat lebih hidup atau untuk validasi informasi yang tidak terlalu penting. |---[ 6 ]---[ Penutup ]---| 6.1 Kesimpulan ----------------- Seorang HaCKER selalu mampu berpikir keluar dari kerangka permasalahan. Sedikit saja anda membiarkan serpihan-serpihan kecil itu bisa jadi akan disusun secara menakjubkan oleh sang HaCKER yang berujung pada seragam mematikan. Karena itu selalu waspadalah.

1. LAND Attack LAND attack merupakan salah satu macam serangan terhadap suatu server/komputer yang terhubung dalam suatu jaringan yang bertujuan untuk menghentikan layanan yang diberikan oleh server tersebut sehingga terjadi gangguan terhadap layanan atau jaringan komputer tersebut. Tipe serangan semacam ini disebut sebagai Denial of Service (DoS) attack. LAND attack dikategorikan sebagai serangan SYN (SYN attack) karena menggunakan packet SYN (synchronization) pada waktu melakukan 3-way handshake untuk membentuk suatu hubungan berbasis TCP/IP. Dalam 3-way handshake untuk membentuk hubungan TCP/IP antara client dengan server, yang terjadi adalah sebagai berikut: 1. Pertama, client mengirimkan sebuah paket SYN ke server/host untuk membentuk hubungan TCP/IP antara client dan host. 2. Kedua, host menjawab dengan mengirimkan sebuah paket SYN/ACK (Synchronization/Acknowledgement) kembali ke client. 3. Akhirnya, client menjawab dengan mengirimkan sebuah paket ACK (Acknowledgement) kembali ke host. Dengan demikian, hubungan TCP/IP antara client dan host terbentuk dan transfer data bisa dimulai. Dalam sebuah LAND attack, komputer penyerang yang bertindak sebagai client mengirim sebuah paket SYN yang telah direkayasa atau dispoof ke suatu server yang hendak diserang. Paket SYN yang telah direkayasa atau dispoof ini berisikan alamat asal (source address) dan nomer port asal (source port number) yang sama persis dengan alamat tujuan (destination address) dan nomer port tujuan (destination port number). Dengan demikian, pada waktu host mengirimkan paket SYN/ACK kembali ke client, maka terjadi suatu infinite loop karena host sebetulnya mengirimkan paket SYN/ACK tersebut ke dirinya sendiri. Host/server yang belum terproteksi biasanya akan crash atau hang oleh LAND attack ini. Namun sekarang ini, LAND attack sudah tidak efektif lagi karena hampir semua sistem sudah terproteksi dari tipe serangan ini melalui paket filtering atau firewall. 2. Ping of Death Ping of Death merupakan suatu serangan (Denial of Service) DoS terhadap suatu server/komputer yang terhubung dalam suatu jaringan. Serangan ini memanfaatkan fitur yang ada di TCP/IP yaitu packet fragmentation atau pemecahan paket, dan juga kenyataan bahwa batas ukuran paket di protokol IP adalah 65536 byte atau 64 kilobyte. Penyerang dapat mengirimkan berbagai paket ICMP (digunakan untuk melakukan ping) yang terfragmentasi sehingga waktu paket-paket tersebut disatukan kembali, maka ukuran paket seluruhnya melebihi batas 65536 byte. Contoh yang sederhana adalah sebagai berikut: C:\windows>ping -l 65540 Perintah MSDOS di atas melakukan ping atau pengiriman paket ICMP berukuran 65540 byte ke suatu host/server. Pada waktu suatu server yang tidak terproteksi menerima paket yang melebihi batas ukuran yang telah ditentukan dalam protokol IP, maka server tersebut biasanya crash, hang, atau melakukan reboot sehingga layanan menjadi terganggu (Denial of Service). Selain itu, paket serangan Ping of Death tersebut dapat dengan mudah dispoof atau direkayasa sehingga tidak bisa diketahui asal sesungguhnya dari mana, dan penyerang hanya perlu mengetahui alamat IP dari komputer yang ingin diserangnya. Namun sekarang ini, serangan Ping of Death sudah tidak lagi efektif karena semua operating system sudah diupgrade dan diproteksi dari tipe serangan seperti ini. Selain itu, firewall bisa memblokir semua paket ICMP dari luar sehingga tipe serangan ini sudah tidak bisa dilakukan lagi. 3. Teardrop Teardrop attack adalah suatu serangan bertipe Denial of Service (DoS) terhadap suatu server/komputer yang terhubung dalam suatu jaringan. Teardrop attack ini memanfaatkan fitur yang ada di TCP/IP yaitu packet fragmentation atau pemecahan paket, dan kelemahan yang ada di TCP/IP pada waktu paket-paket yang terfragmentasi tersebut disatukan kembali. Dalam suatu pengiriman data dari satu komputer ke komputer yang lain melalui jaringan berbasis TCP/IP, maka data tersebut akan dipecah-pecah menjadi beberapa paket yang lebih kecil di komputer asal, dan paket-paket tersebut dikirim dan kemudian disatukan kembali di komputer tujuan. Misalnya ada data sebesar 4000 byte yang ingin dikirim dari komputer A ke komputer B. Maka, data tersebut akan dipecah menjadi 3 paket demikian: Di komputer B, ketiga paket tersebut diurutkan dan disatukan sesuai dengan OFFSET yang ada di TCP header dari masing-masing paket. Terlihat di atas bahwa ketiga paket dapat diurutkan dan disatukan kembali menjadi data yang berukuran 4000 byte tanpa masalah. Dalam teardrop attack, penyerang melakukan spoofing/pemalsuan/rekayasa terhadap paket-paket yang dikirim ke server yang hendak diserangnya, sehingga misalnya menjadi demikian: Terlihat di atas bahwa ada gap dan overlap pada waktu paket-paket tersebut disatukan kembali. Byte 1501 sampai 1600 tidak ada, dan ada overlap di byte 2501 sampai 3100. Pada waktu server yang tidak terproteksi menerima paket-paket demikian dan mencoba menyatukannya kembali, server akan bingung dan akhirnya crash, hang, atau melakukan reboot. Server bisa diproteksi dari tipe serangan teardrop ini dengan paket filtering melalui firewall yang sudah dikonfigurasi untuk memantau dan memblokir paket-paket yang berbahaya seperti ini. 4. Half-Open Connection Half-open connection attack juga disebut sebagai SYN attack karena memanfaatkan paket SYN (synchronization) dan kelemahan yang ada di 3-way handshake pada waktu hubungan TCP/IP ingin dibentuk antara 2 komputer. Dalam 3-way handshake untuk membentuk hubungan TCP/IP antara client dengan server, yang terjadi adalah sebagai berikut : 1. Pertama, client mengirimkan sebuah paket SYN ke server/host untuk membentuk hubungan TCP/IP antara client dan host. 2. Kedua, host menjawab dengan mengirimkan sebuah paket SYN/ACK (Synchronization/Acknowledgement) kembali ke client. 3. Akhirnya, client menjawab dengan mengirimkan sebuah paket ACK (Acknowledgement) kembali ke host. Dengan demikian, hubungan TCP/IP antara client dan host terbentuk dan transfer data bisa dimulai. Dalam serangan half-open connection, penyerang mengirimkan ke server yang hendak diserang banyak paket SYN yang telah dispoof atau direkayasa sehingga alamat asal (source address) menjadi tidak valid. Dengan kata lain, alamat asal paket-paket SYN tersebut tidak menunjuk pada komputer yang benar-benar ada. Pada waktu server menerima paket-paket SYN tersebut, maka server akan mengirimkan paket SYN/ACK untuk menjawab tiap paket SYN yang diterima. Namun, karena paket SYN/ACK dari server tersebut dikirim ke alamat yang tidak ada, maka server akan terus menunggu untuk menerima jawaban berupa paket ACK. Jika server tersebut dibanjiri oleh paket-paket SYN yang tidak valid tersebut, maka akhirnya server akan kehabisan memory dan sumber daya komputasi karena server terus menunggu untuk menerima jawaban paket ACK yang tidak akan pernah datang. Akhirnya server akan crash, hang, atau melakukan reboot dan terjadilah gangguan terhadap layanan (denial of service). Tipe serangan half-open connection atau SYN attack ini dapat dicegah dengan paket filtering dan firewall, sehingga paket-paket SYN yang invalid tersebut dapat diblokir oleh firewall sebelum membanjiri server. 5. UDP Bomb Attack UDP Bomb attack adalah suatu serangan bertipe Denial of Service (DoS) terhadap suatuserver atau komputer yang terhubung dalam suatu jaringan. Untuk melakukan serangan UDP Bomb terhadap suatu server, seorang penyerang mengirim sebuah paket UDP (User Datagram Protocol) yang telah dispoof atau direkayasa sehingga berisikan nilai-nilai yang tidak valid di field-field tertentu. Jika server yang tidak terproteksi masih menggunakan sistem operasi (operating system) lama yang tidak dapat menangani paketpaket UDP yang tidak valid ini, maka server akan langsung crash. Contoh sistem operasi yang bisa dijatuhkan oleh UDP bomb attack adalah SunOS versi 4.1.3a1 atau versi sebelumnya. Kebanyakan sistem operasi akan membuang paket-paket UDP yang tidak valid, sehingga sistem operasi tersebut tidak akan crash. Namun, supaya lebih aman, sebaiknya menggunakan paket filtering melalui firewall untuk memonitor dan memblokir serangan seperti UDP Bomb attack.

Pertama nemu tutorial ini jadi penasaran gimana hasilnya, eh pas dicoba ternyata boljug. Habis... suka kesel juga sih sewaktu nungguin login page yang lama ngilang Argh

Ikutin aja cara ini:

1. Buka aplikasi Notepad (C:\WINDOWS\NOTEPAD.exe).
2. Ketik: "del c:\windows\prefetch\ntosboot-*.* /q" (tanpa tanda kutip) lalu save as dengan nama file "ntosboot.bat" ke dalam C:\.

3. Dari START menu, jalankan "Run..." dan ketik "gpedit.msc".

4. Setelah muncul kotak Group Policy, di kotak sebelah kiri bagian Computer Configuration klik dua kali Windows Settings lalu klik lagi pilihan Scripts (Startup/Shutdown). Lalu, di kotak sebelah kanan klik dua kali "Shutdown".

5. Pada kotak Shutdown Properties, klik "Add...", "Browse..." pada kotak "Script Name:". Cari lokasi file yang tadi di save di "C:\ntosboot.bat", klik Open -> OK -> Apply -> OK lagi dan keluar.

6. Dari START menu, jalankan "Run..." dan ketik "devmgmt.msc".

7. Klik dua kali "IDE ATA/ATAPI controllers".

8. Klik kanan "Primary IDE Channel" dan pilih "Properties".

9. Setelah muncul kotak "Primary IDE Channel Properties"pindah ke tab "Advanced Settings". Pada "Device Type" di bagian "Device 1" ganti pilihan "Auto Detection" menjadi "None", klik OK.

10. Klik kanan pada "Secondary IDE Channel", pilih "Properties" dan ulangi lagi langkah 9.

11. Reboot/restart komputer Anda.

Bagaimana hasilnya?



Cara menghasilkan Uang melalui Blog Bagaimana agar blog kita menghasilkan Uang? Atau mendapatkan Dollar dengan Blog kita?? sebenarnya banyak sekali caranya agar Blog kita menghasilkan Uang, saya sendiri bingung yang mana dulu harus saya perkenalkan. Tapi yang paling utama tentu saja menghasilkan uang dengan Google Adsense. Google Adsense Google AdSense adalah layanan iklan yg dimiliki oleh Google yang terkenal dengan mesin pencarinya dimana para pemilik situs atau blog dapat memasang iklan tersebut di situs atau blog mereka dan mendapatkan komisi dari iklan yang di klik oleh pengunjung anda. Iklan yg bisa anda tampilkan nantinya bermacam-macam jenisnya, bisa berupa teks, gambar,atau link dan semuanya menggunakan sistem kontekstual , dimana iklan tersebut akan relevan atau sesuai dengan isi web atau blog dimana iklan tersebut dipasang. Contoh: jika blog anda tentang buku maka yang muncul adalah iklan buku, jika blog anda tentang film yan muncul adalah iklan film dst.. Mengapa kita di bayar? Para pemasang Iklan membayar uang untuk dipromosikan oleh Google. dan karena anda telah membantu mempromosikan Iklan tersebut di situs atau blog anda. Maka pihak Google memberikan anda komisi jika ada yang mengklik iklan tersebut melalui situs atau Blog anda. Yang harus dikerjakan Tidak ada, tugas anda hanya memasang Adsense/ iklan tersebut di Situs atau Blog anda. Dan berdoalah agar banyak pengunjung yang mengklik Adsense tersebut. Bagaimana cara memasang Adsense. Setelah anda mengajukan Adsense dan disetujui oleh Google maka anda bisa Login ke GoogleAdsense member area dan disitu disediakan menu untuk meng-generate kodeAdsense, anda boleh mengcopy kode-kodetersebut yang nantinya bisa anda paste ke Blog atau website anda. Berapa penghasilan yang akan Saya dapat dari Google Adsene?? Wahh tak terbatas penghasilan yang akan kita terima, dari Indonesia sendiri sudah banyak yang menerima Ribuan Dollar hanya dari Adsense tersebut, Bahkan ada yang satu hari bisa menghasilkankan 400-500 US$. Bagaimana Saya Dibayar? Anda akan di bayar setelah 30 hari setelah total pendapatan Anda dalam satu bulan mencapai minimal $100. Jadi apabila bulan Mei ini Anda memperoleh $100, maka penghasilan Anda tersebut akan dikirimkan pada akhir bulan Juni. Untuk Indonesia, pembayaran akan dikirimkan dalam bentuk cek dan Anda dapat memilih untuk menggunakan jasa pos ataupun DHL (Express Delivery) dalam proses pengiriman tersebut. Berapa yang Harus Saya Bayar untuk daftar Adsense?? Tidak dipungut biaya apapun alias GRATIS!! Jika Anda memenuhi syarat yang di berlakukan oleh Google. Promosikan Blog kamu..!!!! Satu hal lagi yang mungkin bisa jadi tambahan supaya blog kamu jadi terkenal, yaitu dengan mempromosikan blog kamu. Bagaimana caranya?? mudah..!! cukup mendaftar dan ikuti langkah-langkahnya... GRATIS !!!! Ayo buruan...!!! Disini tempatnya :

Technorati Profile

KampungBlog.com - Kumpulan Blog-Blog Indonesia

1. Nyalakan komputer yang ingin anda tembus passwordnya dan masuklah safe mode (Tekan F8) 2. Tekan Ctrl + alt + Del dan isilah form pada kotak dialog yang muncul dengan: Login : Administrator Password : Terserah 3. Reboot Pc tersebut. 4. Lakukan hal yang sama seperti langkah 2 dan kini anda memiliki kuasa penuh dengan komputer tersebut ;) Simple khan? Pada versi terbaru masalah ini telah diatasi oleh Microsoft ;P NAh, tinggal pinter-pinternya anda mencari mangsa ajah ;)

Jangan dulu punya anggapan buruk dengan yang namanya Hacker, karena anda mesti tahu seperti apa Hacker sejati itu. Masalahnya, ada sekelompok orang yang menyebut-nyebut dirinya sebagai Hacker padahal mereka itu adalah seorang Cracker. Hacker sejati sebenarnya tidak sejahat (atau bahkan tidak jahat sama sekali) seperti yang kebanyakan dipikirkan orang. Hacker adalah sekumpulan atau beberapa kelompok yang bertujuan untuk mengembangkan ilmu pengengetahuan dan sharing informasi bebas tanpa batas. Hacker adalah seseorang yang tertarik untuk mengetahui secara mendalam mengenai kerja suatu system,komputer, atau jaringan komputer. Mereka terdiri dari para programer yang ahli jaringan. Mereka jugalah yang berjasa membangun Internet lewat pengembangan sistem operasi UNIX. Istilah Hacker sendiri lahir sekitar tahun 1959 dari MIT(Massacusetts Institute of Technology), sebuah universitas di Amerika yang terdiri dari orang-orang cerdas namun cenderung tidak mempercayai adanya Tuhan (Atheis). Saat itulah semua berawal, dari sebuah ruangan baru, "EAM room" pada Building 26 MIT, sebuah tempat yang merupakan nenek moyang dari "dunia baru" yang kini kita kenal, tempat nenek moyang sebuah mesin yang kini kita sebut sebagai "komputer", mesin yang mampu membawa kita menuju kelebihbaikan dengan kebebasan informasi, dunia para Hacker sejati. Para Hacker selalu bekerjasama secara sukarela menyelesaikan masalah dan membangun sesuatu. Mereka selalu berbagi informasi, memberi jawaban serta berlomba-lomba untuk berbuat yang terbaik agar dihormati di lingkungannya. Mereka tidak pernah berhenti belajar untuk menjadi ahli dan sangat anti untuk melakukan sesuatu berulang-ulang dan membosankan. Mereka berpedoman pada kata-kata bijak : “Untuk mengikuti jalan - pandanglah sang ahli - ikuti sang ahli - berjalan bersama sang ahli - kenali sang ahli -jadilah sang ahli ” Sementara itu, para cracker sibuk untuk memuaskan diri mereka dengan aktivitas Cracking. mulai dari membobol komputer, menebar virus (tanpa tujuan - beberapa Hacker sejati ada yang menulis virus namun dengan tujuan yang jelas), hingga mengakali telepon (Phreaking). Para Hacker menyebut mereka sebagai orang malas yang tidak bertanggung jawab. Jadi, sangat tidak adil jika kita tetap menganggap bahwa Hacker itu jahat dan menakutkan karena sangat jelas bahwa Hacker bersifat membangun sementara Cracker bersifat membongkar. Ingin jadi seorang Hacker?? Tidak ada kata sulit bagi mereka yang mau belajar. Untuk menjadi seorang Hacker anda harus menguasai beberapa bahasa pemrograman dan tentu saja sikap-sikap yang bisa membuat anda diterima di lingkungan mereka. Biasanya calon Hacker memulai dengan belajar bahasa [Python] karena bahasa ini tergolong bahasa pemrograman yang termudah. Bahasan mengenai bahasa ini bisa anda lihat di www.python.org. Setelah itu anda juga harus menguasai [java] yang sedikit lebih sulit akan tetapi menghasilkan kode yang lebih cepat dari Python, [C], [C++] yang menjadi inti dari UNIX, dan [Perl] (www.perl.com ) serta [LISP] untuk tingkat lanjut. Setelah menguasai semua kemampuan dasar diatas, calon Hacker disarankan untuk membuka salah sati versi UNIX open-source atau mempelajari LINUX, membaca kodenya, memodifikasi dan menjalankannya kembali. Jika mengalami kesulitan, disarankan untuk berkomunikasi dengan club pengguna Linux [ www.linpeople.org] Sisi menarik dari seorang Hacker adalah dimana mereka saling bahu-membahu dalam menyelesaikan sebuah masalah dan membangun sesuatu. Tetapi sayangnya, kehidupan mereka yang menghabiskan 90% waktunya untuk aktivitas Hacking bukanlah hal yang baik. Kalau memang benar-benar ingin jadi Hacker, jadilah Hacker yang baik dengan memanfaatkan Teknologi Informasi untuk mengembangkan da'wah Islam.

Tindakan apa yang akan anda ambil tatkala menyadari putera/putri anda sering terlihat beraksi bersama beberapa kelompok Hacker di Internet?? Mencegah?? Mendukung?? Banyak orang memiliki persepsi salah dalam memandang dunia Hacking. Walaupun sudah begitu banyak para white hat menggembar-gemborkan disana-sini bahwa Hacking is NOT Cracking, Hacking adalah pekerjaan mulia, Hacking isn't CRIME! dan lain-lain... dan lain-lain... dan lain-lain... dan lain-lain... namun tetap saja masyarakat kita beranggapan bahwa Hacking adalah aktivitas NEGATIF. Orang tua akan lebih senang jika anaknya bercita-cita menjadi dokter, perawat atau pilot daripada mendengar putera/putrinya mengatakan "Saya ingin menjadi seorang HACKER!". Tidak bisa dipungkiri, para white hat sendiri pun kadangkala terkesan terlalu melebih-lebihkan dunia mereka dekat pada kesempurnaan. Anak-anak akan lebih memandang bahwa Hacker pastilah kaya-raya, Hacker pastilah hidup serba kecukupan, Hacker pastilah.. ah, dan masih banyak lagi dugaan-dugaan menakjubkan di pikiran mereka. Padahal di kenyataannya, Hacking bukan kegiatan yang mengharapkan untuk mendapat sesuatu, namun berharap akan ada sesuatu yang mereka berikan dan bermanfaat bagi orang lain. Lalu siapa yang salah?? Tidak ada yang salah. Orang tua mana sich yang ingin anaknya menjadi kriminal? Ya, kriminal, karena beberapa tindakan Hacking memang tergolong ILEGAL jika dilakukan pada tempat dan waktu yang salah. Hacking bukan hanya sekedar melakukan serangan-serangan dengan tumpukan-tumpukan exploit, tidak sekedar menghabiskan waktu untuk mendebug program, tidak sekedar mencari security hole. Setiap pengabdi pada budaya Hacker dan melakukan kegiatan demi budaya itu, maka itulah Hacking. Memoderasi milis-milis ilmu pengetahuan, forum-forum besar, menyebarluaskan informasi.. semua itu masuk dalah kegiatan HACKING. Dulu ketika saya masih di bangku sekolah, saya sering mendapat teguran dari orang tua saya.. "Buat apa sih kamu nulis artikel, memangnya dengan menulis artikel kamu akan mendapat uang?? Toh artikel itu nantinya akan kamu sebar luaskan secara cuma-cuma! buang-buang waktu saja.." Hehehe.. mungkin kata-kata diatas pernah anda ucapkan pada kerabat atau putera-putri anda yang rajin mempersiapkan artikel untuk zine situs-situs Hacker. Buang-buang waktu?? Buang-buang uang?? Saya rasa tidak sepenuhnya BENAR. Sekarang bandingkan dengan belajar BIOLOGI (kita balik lagi ke SMA yach..). Buat apa sich rajin-rajin belajar biologi?? buat apa sich ngerjakan-soal-soal sulit di rumah?? emangnya nanti soal-soal yang kamu kerjakan di rumah itu akan dinilai oleh guru?? emangnya semua itu akan masuk rapor di akhir semester?? nggak khan?? Emang enggak, tapi khan kita jadi gape BIOLOGI! Nah, hal yang sama terjadi pada belajar Hacking dan mengabdi pada budaya Hacking. Kita mungkin tidak mendapat uang.. kita mungkin akan kehilangan waktu bermain.. kita mungkin akan kehilangan waktu untuk bersosialisasi.. namun kita mendapatkan PENGALAMAN dan KEMAMPUAN yang tidak akan pernah didapatkan orang lain. Bukankah semua itu layak untuk diperjuangkan? Ada suatu "mitos" yang mengatakan bahwa jika kita bergabung di suatu channel Hacker dan kita bukan salah seorang yang telah dikenal dikalangan mereka, maka kita akan diabaikan. Nah, bagaimana kita bisa dikenal jika kita belum pernah berkarya dan mengabdi pada budaya yang sama dengan budaya mereka?? Jika masalah uang memang faktornya, tidak terlalu sulit bagi seorang Hacker untuk mencari uang. Di jaman yang seperti sekarang ini, mencari pekerjaan tidak cukup dengan sederetan sertifikat dan gelar SARJANA. Kenyataan bahwa relasi dan kemampuan "nyata" ternyata mampu mengalahkan semua itu. Jika anda melamar suatu pekerjaan di sebuah perusahaan yang sedang membutuhkan Administrator Jaringan misalnya. Anda akan lebih mudah dietrima jika sebelumnya anda telah dikenal secara baik dari segi kemampuan daripada mereka yang hanya mengandalkan sertifikat dan ijazah. Surat lamaran anda akan segera menggeser tumpukan surat pelamar lain kedalam tong sampah ;) Well.. mengapa harus takut saat putera/putri kita terlibat aktivitas "HACKING"?? Yang seharusnya kita lakukan adalah membimbing mereka dan memberikan dukungan sambil mengarahkan agar nantinya mereka bisa menjadi seorang Hacker yang beretika dan berguna bagi masyarakat. Yang bisa kita lakukan adalah membantu mereka, entah itu dalam hal membagi waktu dan lain sebagainya.

Google
 

YM =

KampungBlog.com - Kumpulan Blog-Blog Indonesia

aglocomails.com

Tech, News & Reviews
Media n News
Health & Beauty
Tech & Gadget Reviews
Beauty Buzz