1. What is hacking, and what is a hacker?
Hacking is playing with all kinds of hardware and software to see what makes it work. For example in the process of learning how a computer works, often it is possible to screw up a computer configuration (so that it is unstable and prone to crash, by default Micro$oft Windoze is unstable and prone to crash so in this case ya have to hack a system to make it stable and useable), or access data by using a few simple tricks.
A hacker is someone who enjoys the challenge of making a computer do something cool, which is contrary to popular stereotypes in the media which depict a hacker as some sort of social misfit who breaks into computers to steal credit card information or deface web sites. If a hacker does explore a network the rules to live by is one "do no harm" and two "don't get caught."
2. What is a cracker?
A cracker (sometimes called a black hat) is a hacker who turned to the dark side. Often times crackers are immature individual who seek the excitement and notoriety of cracking a system for tagging (i.e. deface a web site) or a cracker is someone motivated by financial gain, (i.e. someone who gets into a computer network to steal credit card information).
3. What is a script kiddy?
A script kiddy is a wantabe cracker. These individuals lack knowledge of how a computer really works but they use well-known easy-to-find techniques and programs or scripts to break into a computer to steal porn, music files, SPAM, etc.
4. What skill set do you need to be a hacker?
There is no magic to hacking, but like anything else that is worthwhile it takes dedication, a willingness to learn, and most of all patients.
The next skill you will need to pick up is basic programming (I suggest C, although you can begin with other languages such as fortran, pascal, basic, etc.). Again you are not interested in the specifics of a language, you are interested in the skill set of learning about, loops, testing for conditions, setting up arrays in memory, etc.
When you have a basic idea of how a computer works and basic programming skills, it becomes easier to understand TCP/IP and PERL, two important skill sets needed if you want to be a "web hacker."
The next step up from web hacking is IT security, and here ya really have to know all sorts of skills cause real money is on the line (i.e. someone is working for a bank, credit card company, etc.). For an IT professional, the crucial things to know are ATM technology, fiber optics, and a firm understanding of layers.
5. What's the best way to learn how to hack?
Like the Nike ad campaign said "just do it."
These days it has never been easier to learn how to hack and at the same time never more dangerous.
The good news is, as time goes on computer hardware/software keeps on getting less expensive and the processing power keeps on going up. At the same time there are published books on the subject of hacking, lots of information on the web as well as organized hacker conventions like defcon or toorcon (ya never know what kind of interesting info you could pick up that might be useful at some future date). These are just a few reasons why it easier to learn how to hack now as compared to the past.
Now for the bad news. Hacking networks for the simple pleasure of increasing ones knowledge is frowned upon by politicians and corporate types who don't understand the technology enuf to secure sensitive info. And after 9/11 there is a pretty paranoid mindset with the powers that be, that the whole world is out to get them.
If the world was an ideal place hackers might be looked upon as magicians performing "tricks" with computers, I kind of like this analogy of hackers and magicians cause both groups break into or out of things and fool the masses.
6. What the heck is a port? And why are they important?
So ya want to find out about ports eh? To check ports ya can use a port scanner which is just a tool that allows you to check what ports are open, it is kind of like going to a random building and turning all the door knobs and pushing up all the windows to see if anyone of them is unlocked.
A port scanner is a legitimate tool when used by web masters or IT administrators to see if a computer is locked down, it other words it can be used like a guard at a building to see if non public areas are secure. Taking the analogy of building security a bit further, lets compare a site or network to a storefront or museum. Port 80 is the basis of the web, it basically is the http:// protocol, sort of like the public area of a storefront or museum.
In a store front or museum there are areas that store owners or museum curators don't want to give the public general access to for obvious reasons, like storage areas, office space, loading docks, etc. Now if ya get what I'm trying to say, then a port scanner can be used to see if it is possible to access non public areas like the loading dock (ports 21, 20 which is FTP or a file transfer service), administrative offices (port 23 which is TELNET and allows remote login), etc.
FYI there are 65536 ports available for use in TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) which are divided into three ranges. The Internet Assigned Numbers Authority (IANA) manages the first range of 1024 ports (0 through 1023). The second range is the Registered Port Numbers which contain ports 1024 through 49151. The Registered Port Numbers can be used by ordinary programs and users (basically these ports are generally used transiently when needed). The third range is the Dynamic or Private Port Numbers which range from 49152 through 65535. These last range can be used by applications and processes initiated by the user (but this is uncommon).
There is lots of stuff you can do once you have access to a non public area of a building or computer, for example if you are in building ya might be able to crawl through an air duct to reach really secure parts of a building (but for the most part the only experience most people have of checking out an air duct to reach a "secretive and secure location" is done vicariously in a Hollywood movie).
When ya have access to a non public part of a computer system that is not yours, ya can do all sort of stuff if you're cleaver enuf, like pipe various parameters into a program to access even more parts of a system, find your way down to the ROOT, so you can monitor everything just like the owner of the system and even erase or alter logs to cover any evidence that you were in the system.
To illustrate an example what exploits are possible, ports 137, 139, and 445 run a piece of software called "windows Management Port" which is ON all the time, but it is only need when Windows sends data to the printer or looks for a machine in or office or home to share files. If you hook up a broadband modem directly to the net, you expose these three ports on your PC to be exploited. To prevent this exploit you can hook up your broadband modem to a router, which then limits worms to only those ports you are going out on.
7. What up with WiFi?
802.11 or WiFi is a neat way to network computers, this is because no wires are needed to connect computers. Apple computer was the first major maker of computers to push this concept, and soon after makers of other personal computers followed Apple's lead. Coffee houses (like starbucks), have installed wireless networks because it is another way for them to sucker in customers.
One way to achieve reasonable anonymity surfing the web is to find a free WiFi access point (called a hotspot) that does not require a password or a subscription. Because anyone can access the wireless network without identifying herself or himself first, free hot spots in theory are perfect for terrorists, porn perverts and for individuals who download music (because lawyers from the RIAA would have difficulty tracking down individual users).
One file-distribution system that is trying to conceal even its users IP addresses is the venerable Freenet, which breaks from the traditional mold of peer-to-peer networks by cloaking the identities of both the people distributing copies of a file and those downloading it. Because Freenet is intended to provide a near-uncensorable and encrypted way to communicate, its designers specified that individuals may not even know what files are stored on their hard drives. The downside: Freenet remains more difficult to search and offers less content than do the most popular file-swapping networks.
The major down side of wirless networks is that it is pretty easy to find out what other users are up to since pretty much everthing is sent in the clear.... besides that WEP (first generation WiFi security) can be cracked in 10 minutes.
