Pure Hacking Blog

Voice and data has been combined in a way that creates a single network but it has also created a new way for hackers to penetrate computer systems. The integration of voice and data has led to new risks to security that must be addressed with equally new approaches to protecting data. Called VoIP, the voice over internet protocol can be a new management tool for business success or it can be a big open window into your system that’s easy to enter.

VoIP penetration testing is designed to find that open window into the system and close it. Rigorous testing is done on the transmission technologies to determine where it is possible for the system to be breached. One of the mistakes companies make is believing the IP phones and related software have enough security controls built in to them already and they do not need additional enhancements.
How can the VoIP system be compromised or how does it allow unethical and criminal intent be carried out? There are lots of ways and one of them is as old as the telephone itself – eavesdropping. Inadequate security controls can also lead to attackers accessing the server data through the transmission technology, hackers stealing phone calls, service interruptions, and the use of sniffing tools.

When Manipulation is the Goal

VoIP penetration testing is a process whereby an attempt is made to purposely manipulate the VoIP system. All entry points into the WAN and/or LAN are tested and an attempt is made to gain access into the VoIP infrastructure. In other words, security experts try to penetrate both the VoIP system and then use it to see how deep a hacker can get into the computer system itself.

Read more »

The cyber world is full of acronyms and one of the most important is SCADA. SCADA is short for “supervisory control and data acquisition” and refers to a computer system that collects and analyses a constant flow of data. A SCADA system is used to monitor and control some of the most essential systems in the world. SCADA systems are used in plants and on sensitive equipment that handles energy, oil, water, gas, waste treatment, nuclear power, transportation, and/or telecommunications at the business or national level.

A SCADA system is the “brains” of these mission critical operations. The computer system gathers real time data and provides information about the status of the utility and transportation systems at every point. It reports on leaks, flows, environmental conditions, and breeches. Computer systems today are designed to eliminate as much vulnerability to outside breeches as possible, and to report when a system has been hacked, modified, or even when new exposures have been created.

Yet reports emerge regularly about SCADA systems that have been penetrated. As recently as April 2009, there was a report by the Wall Street Journal that hackers in China and Russia were attempting to hack into the US electric grid. What is truly interesting about this situation is the fact the hacking was not detected by the companies controlling the grids. It was uncovered by US intelligence agencies.

Read more »

In the world of computer security, penetration testing is one of the most important concepts. Penetration testing is a method used to test a computer system or network to identify possible points where unauthorised access can be obtained. The purpose of penetration testing is to locate any and all points of vulnerability within the computer system. Basically the person doing the penetration testing is trying to hack into the system.

The term ethical hacking was devised to describe a tester who is hired to try and breach security in a computer system. Whereas the illegal hacker will steal information for the purposes of committing a crime, the ethical hacker will report information about hacking results so security can be improved. During penetration testing, someone has been authorised to breach a security system…if he or she can.

Assessing the Risk

Penetration testing can search for security system weaknesses in several ways.

Read more »