With stiff penalties for being caught and the whiff of secretive underground or even nefarious acts, computer hacking can be seen as a somewhat dubious pursuit. Not all hackers operate with the motive of emptying your Paypal account, however; there are many hackers who utilize their skills to aid companies in locating security flaws ("penetration testing") or engage in hacking with the goal of becoming cyber-freedom-fighters that champion simple human freedoms, such as the right to free speech.

Computer hacking is as much an art as it is a skill. At its simplest distillation, hacking is the systematic search for chinks in programming armor. While advanced problem-solving, intuition and sophisticated understanding of programming languages are a distinct advantage, there does exist a number of push-button programs that computing wizards have written allowing those less sophisticated in the art of hacking to break into remote computers in a variety of ways. Because of this new ubiquity, today's hackers no longer need to be a programming Wunderkind; they simply need to know where to download software and be able to turn on a computer. It really is that simple and the implications can be disturbing.

Phishing, Push-Button Programs and Brute Force Tactics

There's no need to crack a company's firewall if you have direct physical access to their computers. One aspect of hacking is the impersonation of an employee or service worker with the goal of gaining access to a company's database, where the hacker can then unleash whatever havoc he or she has planned into the system. Another is to engage in simple phishing techniques, such as impersonating an employee who forgot their password and needs help logging into the system.

Because such impersonations often fail thanks to companies becoming more security-conscious, taking over operations of a computer remotely is often the preferred method of gaining access. Such attempts can be facilitated in a variety of ways. One is the brute-force method, in which a program such as SQLmap, Nmap or Burpsuite is used; running one of these programs is analogous to trying every doorknob in a neighborhood to see which house is unlocked. Using a variety of different parameters, these programs can find access to a vulnerable computer or network in less than a minute.

Hackers can also attempt to gain access with a program like Metasploit. With literally a few clicks of a mouse, access to a remote and vulnerable computer can be achieved by a relative newbie. With a related hacking aid, called Meterpreter, a backdoor is created that allows access into an operating system. It does not install itself onto the remote computer, running instead using the computer's memory; in fact, Meterpreter can hide itself inside the operations of a perfectly valid program, so it cannot be detected even by sophisticated programmers. Once engaged, it allows a remote user carte blanche access to the system in question.

Where to Learn the Art of Hacking

Of course, for those who wish to learn the actual skills rather than download someone else's hack, there are a number of practice sites that pose an increasingly difficult set of challenges intended to train neophytes in the art of hacking. For example, Hack This Site starts beginners with the goal of cracking simple flaws in coding scripts or software such as HTML, Unix, Javascript and Apache. Their structured series of tests increase in complexity, incorporating real-word scenarios and even old-fashioned "phone phreaking" challenges that recall the bygone golden age of hacking skills displayed by Matthew Broderick in "WarGames."

Using just these simple tools and free practice sites, beginners have a powerful array of hacking resources just a simple mouse click away.

When eCommerce companies want to optimize information security, password management tools enable users to create strong passwords for every login.

Better than a Master Pass
A two-factor authentication, a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code can drastically reduce online fraud such as identity theft . A common example of two-factor authenticationis a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.

LastPass 3.0 Premium and RoboForm, security downloads offer fingerprint-based authentication features that can be configured to any computer PC or mobile application.  Both are supported by the Google Authenticator mobile app for smart phone and device integration.

LastPass 3.0 is most powerful on-demand password manager on the market. LastPass 3.0 Premium includes mobile support and more features. Dashlane 2.0 is is not as robust, but includes a user-friendly interface. F-Secure Key is a free, one-device version of these top competitors. F-Secure Key is for exclusive use on an installed device, so password safe retention is dependent on proprietary use of the device itself. The application can be upgraded for a small annual fee.

Password Manager App Cross-Portability
F-Secure Key syncs with Mac, PC Android, and iOS devices simultaneously. A transient code is generated on mobile devices, in addition to the two-factor authentication default of the F-Secure Key master password security product.

Password capture and replay in case of lost credentials is made possible with a password manager. Integration of a password manager app with a browser allows a user to capture login credentials, and replay on revisit to a site. Dashlane, LastPass, Norton Identity Safe, Password Genie 4.0 offer continuous detection and management of password change events, automatically capturing credentials each time a new Web-based, service registration sign up is completed.

Other applications like F-Secure Key, KeePass, and My1login replay passwords via a bookmarklet, supported by any Java-equipped browser. KeePass ups the ante for would be keyloggers, with a unique replay technology.

Personal Data and Auto-Fill Forms
Most password managers fill username and password credentials into login forms automatically. Password managers also retain personal data for form fill interfaces with applications, and other HTML forms online. The RoboForm app is one of the most popular for its flexibility in multi-form password and personal data management, but the others also capture and reuse at least a portion of what has been entered in a form manually.

The 1Password app for Windows stores the most types of personal data for use to fill out forms. Dashlane, LastPass, and Password Genie store the various types of ID data used for form fill-in, like passport and driver's license numbers and other key details to HTML acknowledgement of discretionary password and personal information.

The Cost of Protection
LastPass Premium and Password Box are the lowest monthly password manager plans on the market, going for $1 a month. Annual plans offered by other password manager sources vary according to internal plan: Dashlane $20, F-Secure Key $16, and Password Genie, $15.
All password manager companies and their products may not be alike in the end.

Security checks on security products like password managers have become more sophisticated in response to product cross-portability and open source app interface volatility. Norton, RoboForm, KeePass, generate strong, random passwords on-demand. Some security procedures now require three-factor authentication, which involves possession of a physical token and a password, used in conjunction with biometricdata, such as finger-scanningor a voiceprint.

What are the best languages for getting into functional programming?

Computer Programming as a Career?

I suspect that many of you are familiar with the term "hard coding a value" whereby the age of an individual or their location is written into the condition (or action) of a business rule (in this case) as shown below:

if customer.age > 21 and customer.city == 'denver'

then ...

Such coding practices are perfectly expectable provided that the conditional values, age and city, never change. They become entirely unacceptable if a need for different values could be anticipated. A classic example of where this practice occurred that caused considerable heartache in the IT industry was the Y2K issue where dates were updated using only the last 2 digits of a four digit number because the first 2 digits were hard-coded to 19 i.e. 1998, 1999. All was well provided that the date did not advance to a time beyond the 1900’s since no one could be certain of what would happen when the millennia arrived (2000). A considerably amount of work (albeit boring) and money, approximately $200 billion, went into revising systems by way of software rewrites and computer chip replacements in order to thwart any detrimental outcomes. It is obvious how a simple change or an assumption can have sweeping consequences.

You may wonder what Y2K has to do with Business Rule Management Systems (BRMS). Well, what if we considered rules themselves to be hard-coded. If we were to write 100s of rules in Java, .NET or whatever language that only worked for a given scenario or assumption, would that not constitute hard-coded logic? By hard-coded, we obviously mean compiled. For example, if a credit card company has a variety of bonus campaigns, each with their own unique list of rules that may change within a week’s time, what would be the most effective way of writing software to deal with these responsibilities?

Controversy was recently courted as Southern California Edison (SCE) prepares to cut their own staff while looking to meet their staffing needs with offshore employees skilled in the field of “IT” or Informational Technology. This has been the second major utility company in the United States to take this path towards providing services to its consumers while holding current rates at consistent levels. SCE does not disclose the exact numbers of expected lay-offs, but the LA Times reports that it is in the hundreds.  Utility companies tell their consumers that these moves are necessary as a hedge against inflation and to keep their services at rates that their customers can easily afford. Critics claim that the use of foreign workers is the first step to using an entirely foreign workforce and promoting large scale unemployment amongst American citizens. Often this has been seen as a conflict between national and international workers for the same jobs, salaries and careers.

It has been noted that this State of California utility company, much like other corporations that hire foreign workers does so primarily when there is a shortage of national citizens that can perform these jobs well. IT workers that are brought in with H-1B Visa work permits usually are college educated and hold expertise in technical areas and studies that local employees may not be especially trained in. Once again, critics decry the fact that these employees are not hired directly. On shore contracting companies operating in the continental United States are directly hired by the utility companies. These contracted companies then serve as “middle-men” and hire a wide range of foreign workers with H-1B paperwork so that they can move to the United States. The workers then perform a variety of jobs instead of American workers who were either born in the country or have achieved American citizenship on their own.

Needless to say, the amount of visas issued in a given year is a concern for U.S workers in various fields but particularly in Information Technology. As large corporations stack the employment deck with foreign workers who put in the hours for a fraction of the pay-rate for local employees, local IT professionals are finding it more difficult to find work nationally.  They encounter rejections, endless interview processes or low –ball offers from companies and recruiting agencies looking to fill positions at a bare minimum cost for coveted skill-sets.  

Meanwhile, an H-1B worker is a worker brought in on a temporary basis with a visa allowing them to work freely in the United States. Much like a student or travel visa, it is issued for on a calendar oriented basis.  Applicants who successfully renew the visa for an extended period of time can expect to work in the United States for up to ten years.  Although U.S companies hiring these employees may pay them less than their local employees, the salaries earned by H-1B Visa workers are almost always higher than these workers would earn in their own country of origin.

Both sides can agree on several issues. When it comes to these H-1B Visa workers, their assignments are generally of a contractual nature and require them to reside in this country for a period of months to years. However it is also an accepted fact that while they are in this country, they are responsible for paying rent, utilities and all other living expenses. As residents of the United States on a permanent basis, they are also liable for taxes on any salary they have earned while living here.

Dr. Norman Matloff, a professor at the University of California, Davis and writer on political matters believes the shortage to be fiction. In his writing for the University of Michigan Journal of Law Reform, he claims that “there has been no shortage of qualified American citizens to fill American computer-related jobs, and that the data offered as evidence of American corporations needing H-1B visas to address labor shortages was erroneous. The American Immigration Lawyers Association (AILA) agrees with him and describes the situation as a crisis. Likewise, other studies from Duke, Alfred P. Sloan Foundation and Georgetown University have disputed that in some years, the number of foreign programmers and engineers imported outnumbered the number of jobs created by the industry