Yea well some of us had commodor 64's and Amigas back in the day also hehe. But it was just so freekin easy back then.
Now you have to go so far out of your way to do it (Comparativelly) it's not "Stumbled" upon like then and quite obvious what your doing.
But the way I see it you educated yourself. I'd bet my left nut you don't use internet banking lol.
I did hear about UNIX systems slicing through firewalls like a hot knife through butter, and the people using it also wrote a nice script kiddy package
so all the wana be cool kid hackers made a LOT of background noise bouncing off firewalls filling up logs while they got in and out undetected. Fascinating.
Don't get me wrong either anyone because I know how most people react to someone who has dabbled.. suspition. For the record I never have used said knowlwdge in a malicious manner,
And never will. I help people with P.C problems and try to educate them, but they cant live without there internet bank. Hell most dont even read boxes that pop up.. they just accept because it's in the way of what they were looking at : /
They even have there own staff brainwashed, last time I walked into a bank the teller was begging me to use internet banking. Her face went a little blank when I asked her what she'd for a job once she was finished making it obselete for her employer. Hope she wasn't one of the recent layoffs :(
I didn't stumble upon much by accident. My intentions however were always quite clear :D
Firewalls are one of those things - getting through them requires understanding of how and why they are needed, and how to implement them. Any sys admin that configures a firewall should also know how to go about trying to break through it. UNIX was just a platform - most of the hosts ran Unix, and the early internet and ARPANET before that were all mostly UNIX type OSes of some description. Because it was so legacy, and a lot of sys admins came from an era was data wasn't considered as valuable, and they couldn't think of why anyone would want to break in, they tended not to worry about security. Systems were left open, default passwords were used, and security policies really didn't exist. You could get into one system and bounce around to others easily. Most UNIX variants have a lot of very useful tools on them for interconnectivity, for coding and various other bits and pieces that sys admins like to use. They're the same tools that someone might want to use if they break in.
Firewalls have changed a lot, as once they were often just essentially a service sitting on server. Possibly even the server of interest. These days they're a dedicated piece of highly configurable hardware and are quite intelligent.
To get through a firewall then and now, you just need an open port. It's like a window. There's always going to be a few open, otherwise the network/system/whatever can't be seen though the internet. Once you've got a port, you need to know what service is at the other end, and exactly how you can exploit that service. This really isn't rocket science, unless of course you're the one who created the initial exploit and went looking for a specific host type to try it out in the wild.
Script kiddies are a different kettle of fish - plenty of s'kiddiot (script kiddie idiot) tools are written for Windows - actually most are, and have been for as long as script kiddies have been around. By nature, s'kiddies don't understand what they're doing, so they use someone elses tool kit to do it.Windows lacks a lot of the core functionality, so they get it packaged up as a GUI showing them how to do what function, quite often with the tools having what we would consider these days as malware embedded inside it working to the authors benefit. As long as I can recall, a lot of these toolkits have been trojanised.
If they understood, they'd have been using a far more superior OS like Linux, and would know how to leverage its existing tools to achieve the same objectives. But they don't get it. They just want to be "cool hacker kids" without doing the hard yards.
I've used Internet Banking since the late 1990s, and I have no problem with it. If the banks are insecure, you're knackered anyway. If you're worried about the bit in the middle, understanding how SSL works, then understand how a "man in the middle" attack would have to work, and that should make that clear. If you're worried about the risk being at your own PC get rid of Windows (my preferred option) or learn how inherently insecure it is, and how horribly insecure the behaviours of its users are (this is a far bigger issue than the inherent insecurity of the Windows platform), rectify your own behaviour and it's a pretty fair bet you won't have too many issues.
Social Engineering is a superior way of getting access to things. Requires far more front and a lot of planning, but has been quite effective. Kevin Mitnick was a master of social engineering. Since his release, he's written a few books on how he did it (Kevin is now a security consultant). Read his book the Art of Deception, and you'll see how incredibly obvious has tactics were, and yet how effective they were. The behaviour of people in an organisation can be by far the biggest, most dangerous security threat of all. And that's just when they all have good intentions.
For the record, nothing I've said above isn't common knowledge. The average network security guy/gal in any organisation knows about the tools I'm referring to, and they know how to use them. They understand how to break into networks, and they understand the points of risk in systems. Anyone who runs a system online should understand how to break into a system. If they can't do this, then there is no way that they can properly test their own security defences.They don't have to be awesome 7337 hAx0r material, but they do need to understand how to do it, and how to use what tools to achieve what objectives.
The difference between a network/system security guru and a "hacker" is nothing more than intent. If you have the knowledge, you just need to decide which side of the fence you're on. Sometimes that gets a little blurry :D