To Hack is Good(TM), to Crack is a crime.
Many recent articles reporting the exploits of computer crackers have been in the news lately, making one wonder if there has been an increase in the amount of malicious systems cracking. With the proliferation of computer networking, and an increase in Internet connected computer systems the likelihood that someone may try to "pick the lock" on your computer is certainly much higher.
There are actually two different types of computer attacks, which a malicious cracker can use against an internet connected computer.
The first is simply analogous to "breaking in", where an unauthorized intruder uses known security weaknesses to log into your computer and gain full access. This type of access allows the intruder to read files, change data, plant viruses or install damaging trojan horse programs. Additionally, crackers gaining this type of access can use the compromised system as a launching point to break into other systems, thereby hiding their tracks. With many internet connected systems, especially those running some form of the Unix operating system, crackers can also use compromised computers to listen to, or "sniff" traffic from other computers on the local network, even those that have not been broken into.
The second kind of attack is known as a Denial of Service (DOS) attack. This type of exploit is increasly becoming more common as crackers look for weaknesses in newly released software.
Several different vulnerabilities have been found in the current versions of Microsoft's popular operating systems, Windows 95 and Windows NT which allow internet connected vandals to "crash" or "shutdown" systems. A small amount of badly formed data is sent to the target computer over the internet, causing a failure of the networking components. Most frequently, this leads to the dreaded "blue screen of death", a reference to the blue screen that appears on Windows computers when they trap an unrecoverable fatal system error and stop. Other times, the networking functions will simply quit working, making it impossible to get the computer back online without rebooting.
Computers attacked in this way are seldom permanently harmed, and no data is compromised in this type of unauthorized system access. Last week there were news reports of several hundred University, Military and NASA servers being systematically attacked in this way, causing panic and lost sleep among system administrators.
Government agencies aren't the only ones who need to worry about having their computers attacked, or have their files accessed surrepticiously. A large number of Windows users are at risk, even if they just do a little internet surfing. Internet users put themselves at risk in ways many do not understand. People frequenting chat rooms or other public internet areas may not realize they are putting themselves in situations where they might be targeted.
Also, the proliferation of networking technology, such as Ethernet LANs, entering the home market creates an perfect environment for the cracker. People who share data on a computer's hard drive with others in their household, often do not realize they are opening up their system for unauthorized access by crafty internet crackers.
It is possible for anonymous internet users to gain information about a potential target computer using only the built in networking diagnostic programs that come with Windows 95. Using these out of the box tools, crackers may be able to gain access if shared directories are not properly protected.
Instead of deciding to pull the plug on Internet access however, computer users should educate themselves about how their computer functions, and keep their system up to date with the latest software patches. Many people utilize local computer users groups, such as Olympia Microcomputer User Group (OMUG - http://www.olymug.org) to share information and network with other computer users.
At a minimum, users connecting to the internet should make sure to update their system to include the latest fixes and patches. In order to update their computer systems, users should contact the proper software vendor, to make sure they are running the latest version that will work on their hardware.
Microsoft has recently released a patch for Windows 95 which allows users to update their systems to make them less vulnerable to DOS attacks. The patch can be downloaded from Microsoft's Denial of Service attack page at http://www.microsoft.com/security/netdos.htm.
Windows NT users may harden their system against attack by downloading the latest service pack, and related hotfixes from Microsoft's FTP site, or by going to the Mustfix page at the NTBugTraq web site - http://www.ntbugtraq.com/mustfix.htm.