Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 56

People are in awe of computer hackers, believing that they are some form of modern-day magicians who can manipulate computers at will. The reality is that these hackers in general know a few extra tricks that the average person does not. Fundamentally, there are two ways to hack a computer: take advantage of problems built into the software (or hardware) or take advantage of the way that users or administrators set up and maintain the computer.

Regarding problems built into a computer, everyone can accept that all programs have bugs. Some bugs cause the computer to crash. Other bugs create bad output. Some bugs cause elevated privileges or information leakage. These are all examples of security vulnerabilities.

Regarding how users and administrators set up and maintain a computer, consider how bad passwords can be guessed by another party. Administrators can configure computers to provide users with unnecessary privileges. They can leave the computer open to people from outside of the organization. They can fail to enact encryption on files. There are countless ways that such user actions can make a device vulnerable.

Again, all technology fails either by its design or through its use. Other than researching the track record of known vulnerabilities in software and hardware before you acquire it and knowing what patches can be applied to existing problems, there is little that you can do to affect technology design. That makes it all the more important to do what you can to help protect your users from hackers.