Ethical hackers use hacking techniques to find vulnerabilities in web sites and applications and computer networks. They also run courses in which they try to explain the techniques for dealing with hackers. On request they also make interventions for the client company which, according to my information, are based on a cost of 3,000 to 4,000 euros.

OBJECTS: it is the so-called INTERNET OF THINGS: appliances, cars, televisions, mobile phones are connected to the network, in reality they have inside themselves a small computer that can be easily violated by hackers. They are like dolls containing bombs sadly known from some recent wars. Unfortunately the new models of cars and appliances are all like this. Don’t make love in front of the TV. unless you cover the TV with a thick blanket. A hacker can break into your car’s control computers and make your car swerve violently when you are driving at 130 km / h on the highway.

This is why having strong passwords and encryption is fundamental to protect the internet of things and ourselves.

The so-called brute force attack or BRUTE FORCE means that once the user of an application has been identified by trying all possible passwords until the right one is found, then entering the application. There are many probable password lists,as one of the weak points is the poor password lengt.  Another important weakness is the obviousness, or use of personal names and dates written on social networks.

The HACKER local network analysis technique allows you to find weaknesses and identify the computer from which to send the malware. The internet network connected to the local network is also analyzed.

A simple search on Google of the sites that have a mistaken management of the error that can open the doors to the HACKERS reveals to us that there are more than 2.000.000 sites with weakness in Italy alone. Then there are the other vulnerabilities. The SQL INJECTION technique, although known, has been at the top of the attack techniques for over 10 years. Simply enter the appropriate SQL command, which is the language to interact with all the DATABASES, in the USER AND PASSWORD fields and the list of customers as well as the entire database can be downloaded. In the case of virtual machines that are on the same physical server, the attack on a site on one of these virtual machines also compromises the other sites on different virtual machines, even if they do not have apparent vulnerabilities.

The COMMAND INJECTION is a technique for inserting powerful hacker commands by exploiting the vulnerabilities found in the source code; passing only from the fields as USER and PASSWORD the hacker enters the database of the website.

The solution of this weakness  is simple and consists in rewriting the calls to USER and PASSWORD with a stronger code.