The term ‘ethical hacker’ is often misrepresented as the keywords "ethical" and "hacking" are an oxymoron. A hacker is defined as an unlawful individual breaking into systems and obtaining private data without explicit authorisation. Society in general has a perception of a hacker as a person wearing a hoodie and hiding in a dark basement.
If you are anything like me, when you hear "Hacking in the Year 2030" you immediately visualize hacking robot armies and UFOs to take them down with lazers and ultrasonic USB attachments via your PlayStation 10 using only changes in pupil dilation to read mental instructions of what hacking tools to launch.
Well this technology may very well be around in 2030, but unfortunately most of you are more likely to still be exploiting Cross Site Scripting (XSS) vulnerabilities in the web interface of the killer robots.
Lets say that at some point you decided to adhere to security best practices and set a password on your iPhone backups so that they are encrypted. A year or two later you have upgraded your iPhone to a new version and you want to transfer all of your data across to the new phone. You attempt to restore from your backup and, doh, you need to remember the password you set. You try every password you could have set but none of them work.
About a month ago I was chatting on skype to a colleague about a payload for one of our clients. Completely by accident, my payload executed in my colleagues skype client.
I decided to investigate a little further and found that the Windows and Linux clients were not vulnerable. It was only the Mac skype client that seemed to be affected. So I decided to test another mac and sent the payload to my girlfriend. She wasn't too happy with me as it also left the her skype unusable for several days.
SMS 2-factor authentication has been implemented by a number of security conscious organisations, including banks, to secure online transactions. SMS 2-factor authentication has had a major impact in reducing online fraud. This is because an attacker most not only capture the victim's username and password to login to their bank account, but they must now also have the victim's phone to receive the SMS 2-factor authentication token. This restricts the number of possible attackers dramatically.