[...]... Please e-mail us at book@grayhathackingbook.com Also, browse to www.grayhathackingbook.com for additional technical information and resources related to this book and ethical hacking Introduction to Ethical Disclosure ■ Chapter 1 ■ Chapter 2 ■ Chapter 3 Ethics of Ethical Hacking Ethical Hacking and the Legal System Proper and Ethical Disclosure 1 This page intentionally left blank CHAPTER Ethics of Ethical. .. chapters are presented and the other chapters have been updated In Part I of this book we lay down the groundwork of the necessary ethics and expectations of a gray hat hacker This section: • Clears up the confusion about white, black, and gray hat definitions and characteristics • Reviews the slippery ethical issues that should be understood before carrying out any type of ethical hacking activities • Surveys... business NOTE Chapter 6 goes in-depth into rootkits and how they work Although malware use has decreased, it is still the main culprit that costs companies the most money An interesting thing about malware is that many people seem to put it in a category different from hacking and intrusions The fact is, malware has evolved to Gray Hat Hacking: The Ethical Hacker’s Handbook 6 Table 1-1 Downtime Losses (Source:... we believe the industry needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material This is why we are starting this book with a clear definition of what ethical hacking is and is not—something society is very confused about We have updated the material from the first edition and have attempted to deliver the most comprehensive and up-to-date assembly... that staff and student information had been obtained through a security breach by a former student The data had been copied to an iPod and included names, social security numbers, birth dates, phone numbers, and addresses PART I thought to have been introduced into the production line through another company that builds the iPods for Apple Gray Hat Hacking: The Ethical Hacker’s Handbook 8 • The theft... Surveys legal issues surrounding hacking and many other types of malicious activities • Walks through proper vulnerability discovery processes and current models that provide direction In Part II we introduce more advanced penetration methods and tools that no other books cover today Many existing books cover the same old tools and methods that have xxiii Gray Hat Hacking: The Ethical Hacker’s Handbook xxiv... reported that identity theft had topped the Federal Trade Commission’s (FTC’s) complaint list for the seventh year in a row Identity theft complaints accounted for 36 percent of the 674,354 complaints that were received by the FTC in the period between January 1, 2006, and December 31, 2006 • Privacyrights.org has reported that the total number of records containing sensitive information that have been... guys.” The bad guys use the tactics, techniques, and fighting methods of a specific type of enemy—Libya, Russia, United States, Germany, North Korea, and so on 3 1 Gray Hat Hacking: The Ethical Hacker’s Handbook 4 The goal of these exercises is to allow the pilots to understand enemy attack patterns, and to identify and be prepared for certain offensive actions so they can properly react in the correct... prison At the time of sentencing it was the first prosecution of its kind in the United States, and was the longest known sentence for a defendant who had spread computer viruses Gray Hat Hacking: The Ethical Hacker’s Handbook 10 NOTE A drastic increase in spam was experienced in the later months of 2006 and early part of 2007 because spammers embedded images with their messages instead of using the traditional... attacker The commands and logic within the malware are the same components that many attackers carry out manually The company Alinean has put together some cost estimates, per minute, for different organizations if their operations are interrupted Even if an attack or compromise is not totally successful for the attacker (he does not obtain the asset he is going for), this in no way means that the company