Knowing how hackers do their dark art is an important part of learning to be secure on-line. It is not my intention in this article to teach you how to hack websites. Rather I want to help the average net citizens learn about the things to look out for when you have profiles and sensitive information about yourself kept on servers of Facebook, MySpace, Bebo, Plentyoffish and etc… Once you know how hackers work their way into your information, you can then know how to protect yourself. If your favorite social networking website is not taking the appropriate steps to protect you then you can at least know that your personal information is in trouble. Since many of the popular social networking sites today may be build or used by people who have little to no proper technical training and experience, you can be sure that our dark hackers are having a fun time.

In this article, I use hacking and cracking as the same term although technically they are different and require different skill sets. Hacking may involve programming skills but cracking usually do not. Anyway, I will discuss a few common and simple techniques that you need to know about, as well as, some more complicated ones that you should be aware of. You need also to start thinking defensively as you read this article so that you can take note of the possible security loop holes that you are or have created. It is critical to bear in mind while reading this article that hacking or attempting to hack a website is illegal in many countries! All your activities on-line are traceable from your ISP (Internet Service Provider) and chances of being caught is extremely high. In my description of the hacks below I have intentionally left out ways to prevent you from being traced so please don’t try it. OK lets start!

Step One:

The first step to trying to hack a website is always to gather information about the users/members or if possible the administrators of the site. Why gather information? (You may ask) Well, one thing for sure, hacking is not magic. You need to know your target before you even attempt to try breaking it. Many of the member profiles on popular social networking sites are public by default so gathering information from there is a simple task. (See how your social networking sites are already providing assistance to our dark art hackers?) When you gather information about your target, you need to know what type of information to look out for. You should copy down information like addresses, phone numbers, birth dates, user Ids, girlfriend or boyfriend information and etc… An added advantage is when you can think the way that your poor victims do. This can be easy when their profiles reveal a lot of information about themselves such as the type of music they listen to, the type of movies they like, the type of hobbies they have and etc…Some administrators are pretty careless too. You can usually find information about them from the site itself or from public DNS (Domain Name Server/System) information type of services. Doing some clever search from the website can reveal nice and handy information that you can use too. One such example is the web address entry field in web browsers. Whenever you do a search or click on some information, the browser would usually convert these action into some form of server side request. In that request, you can find important information such as user Ids, key values and etc that is used to maintain session information, retrieve information from their database or server side scripts. Sometimes you may even find directory paths to a particular file/movie/music, which is an added bonus.

For more advanced and adventurous hacker wannabes, you can try to ping or trace the IP (Internet Protocol) address of the server using their domain name. But bear in mind that some of the information provided by these probes are illegal to use for unlawful purposes. Anyway, these probes can help reveal a lot of information about the server that they are running, additional services that is being used, the path that your data will travel before reaching their server and etc… These information can then be used to try other more complicated techniques that I have briefly explained about in my previous two articles on security. DOS (denial of service) attacks, port scanning, spoofing, phishing, man-in-the-middle and etc will require these information.

Step Two:

Now that all the hard work is over, we can start harvesting our rewards. Now go to the website that your victim belongs to. The most simple and easy way to hack into their account is to try guessing the user Id and password. Some net citizens are just plain ignorant of good security practices. They use passwords like their date of birth, mother’s maiden name, information in their address, phone numbers, or even worse the user Id and password are the same. Trying the set of information about the target user first is recommended. If you don’t succeed, try using the information about their girlfriends and boyfriends. Remember, knowing how they think by understanding them with the information that they have provided about themselves is the key to our success when trying to guess the right passwords to use. If you hit a jackpot, you are in and you can then enjoy whatever is it that hackers enjoy when they have hacked into someone else’s account.

When you review the information that you have collected in step one, you might have discovered some bonus information like directory paths. Directory paths can be used to try back door hacks that allow you to enter into restricted web-pages. Some web servers are poorly configured and so even though you cannot access a web-page indirectly because it has been set private, you can do so by typing in the path to the server directly on your browser. If you do accidentally find a back door to some private content, do remember to alert the relevant administrators of the site of the security breach. Of cause they may sue you for hacking or attempting to hack into their website, in which case, you should have left them to their own down fall and not try to be a hero. Trial and error with absolute and relative paths to access restricted information files and web-pages is a powerful way of getting into and around websites. If trying a web-page directly is unfruitful, you can always try adding relative addressing to branch indirectly in your URL. Some web administrators know as much about securing their websites as a newbie does so you might just hit the jackpot. By the way all the techniques mentioned above can also be tried on Telnet and FTP (file transfer protocol) type services, just be creative about their usage.

For our jail bird wannabes you can try to script up some stupid DOS attack that is easy to do by writing infinite loops of web server requests. Basically, DOS attacks just load down the server with too many requests that the web server either becomes unusable or crashes. It is also interesting that when a web server crashes, it can sometimes make available what was once private or restricted. In short bad things might happen when servers crash and you can then take full advantage of it. If you have a Telnet terminal or SSH shell and etc, you can also try buffer overflow bugs. You don’t have to understand or write these exploits yourself, you can get these scripts from underground or security or research websites that provides them to us in the name of glory. You will probably acquire the name of a script kiddie but who cares about names when you can get your picture posted in the front page of tomorrow’s newspaper.

For our hardcore jail bird wannabes, you can try a simple phishing hack. Let us take Hiitch as an example. Just imagine Hiitch as a website based social networking service. Now all you need to do first is to buy a domain very similar to ‘hiitch.com’, say ‘wwwhiitch.com’. This is to catch our unsuspecting net citizens. Next clone the Hiitch website by saving the web-pages from your browser. When our victim comes to our fake Hiitch site by accident, they will not notice any differences between the original one and the fake one. The browser will not complain because the identity of the site is not digitally verifiable. Then write up a simple script to save and store the user Id and password that our victim will soon enter. Once their information is entered, send the result to yourself via email then redirect the victim to the actual site by doing a simple post to sign him/her in. The victim will not know or suspect anything even though they have just been hacked.

There are many ways to skin a cat and therefore breaking is always easier than securing an on-line service. Security is hard work for both the service provider and the end user like yourself. It takes proper education on security issues and enforcement on both ends to make an on-line service really secure. Are you the security weak link or your service provider? Ask your service provider how they are protecting you and your information. Play an active part in helping keep yourself and everyone safe while on-line.

After couple months of waiting, I finally got my hands on trying out Joost. I must admit I have been following Joost or formerly known as The Venice Project for quite sometime, perhaps due to the buzz surrounding it. I have seen the screen shot and read their articles, in fact you could say I was quite prepared to be dazzle by what Joost had to offer.

The entire download and installation process of Joost is very straightforward and didn’t take long just like Hiitch. ;) However my initial run of Joost was immediately greeted with problems, the loading of the channel seems to take forever. I have to restart Joost a few times to get connected to one of their programmes. The image quality is fairly decent for an online tv but the programme selection, limited. I understand they are in the process of acquiring additional content with other media companies. Aside from some unexpected UI behavior, the only complain I had is that the video screen get buried by other application or windows when you switched away from it. Joost could really use a feature like “Always on Top” to toggle the screen so that I can check my email and still not miss the show.

Overall Joost is a good application with a brilliant concept but not an excellent one yet. It needs a better UI interface, spoilt for choice channel selection, solid image quality and tons of networking features to really pull audience away from their normal goggle box.

The idea of online TV utilizing peer-to-peer technology to stream programme to your computer is nothing new, take for example the chinese software TVants and PPstream. Both downloadable video playback application offer more channels and programmes to choose from. However the social features for such application remains largely untapped. Joost is definitely heading the right direction by including features like chat, instant messaging and rating system into their application. I simply love the idea that you can chat with other user while watching the same programme.

Likewise, peer-to-peer communication tool has been around for the longest time but none of them offer very comprehensive social networking features. I like to think of Hiitch as a very simple communication tool with tons of wonderful social networking features built onto it. Who knows maybe in the future we may just include our own tv network into Hiitch.

Hiitch is about helping you to succeed in this new digital age of online social networking and Internet communities. Hiitch is an attempt to empower the average online individual with all the right tools and information that he/she needs to create new opportunities for themselves in business, relationships and etc. You need to start hiitching today. Hiitching is about creating new connections that will generate for you new opportunities. When you meet someone on Hiitch, you don’t just add a new contact like in many other social networking solutions. Hiitch was designed to open up for you the whole network that your new contact is connected to. The more people you get to know on Hiitch the more networks you have opened up for yourself. The more networks you have opened up for yourself the more opportunities will be made available. On Hiitch, it is all about who you know. People are the central focus on Hiitch. You don’t search for things that you want on Hiitch, you search for people who are most likely to have them. The greater the number of interesting contacts you have the more valuable your contact will be to other Hiitch users. That is what we think social networking should be all about. Start hiitching now and realize for yourself that online social networking is about to change.

The idea of Hiitch started back in 08 Feburary 2006. After more than one year of development, we are proud to announce the release of Hiitch Beta. Hiitch is a desktop social networking and dating software. It provides an array of social networking features that securely connect members to their friends and family.

Hiitch doesn’t cost you anything, download now and experience an innovative way of meeting friends and new people.