With stiff penalties for being caught and the whiff of secretive underground or even nefarious acts, computer hacking can be seen as a somewhat dubious pursuit. Not all hackers operate with the motive of emptying your Paypal account, however; there are many hackers who utilize their skills to aid companies in locating security flaws ("penetration testing") or engage in hacking with the goal of becoming cyber-freedom-fighters that champion simple human freedoms, such as the right to free speech.

Computer hacking is as much an art as it is a skill. At its simplest distillation, hacking is the systematic search for chinks in programming armor. While advanced problem-solving, intuition and sophisticated understanding of programming languages are a distinct advantage, there does exist a number of push-button programs that computing wizards have written allowing those less sophisticated in the art of hacking to break into remote computers in a variety of ways. Because of this new ubiquity, today's hackers no longer need to be a programming Wunderkind; they simply need to know where to download software and be able to turn on a computer. It really is that simple and the implications can be disturbing.

Phishing, Push-Button Programs and Brute Force Tactics

There's no need to crack a company's firewall if you have direct physical access to their computers. One aspect of hacking is the impersonation of an employee or service worker with the goal of gaining access to a company's database, where the hacker can then unleash whatever havoc he or she has planned into the system. Another is to engage in simple phishing techniques, such as impersonating an employee who forgot their password and needs help logging into the system.

Because such impersonations often fail thanks to companies becoming more security-conscious, taking over operations of a computer remotely is often the preferred method of gaining access. Such attempts can be facilitated in a variety of ways. One is the brute-force method, in which a program such as SQLmap, Nmap or Burpsuite is used; running one of these programs is analogous to trying every doorknob in a neighborhood to see which house is unlocked. Using a variety of different parameters, these programs can find access to a vulnerable computer or network in less than a minute.

Hackers can also attempt to gain access with a program like Metasploit. With literally a few clicks of a mouse, access to a remote and vulnerable computer can be achieved by a relative newbie. With a related hacking aid, called Meterpreter, a backdoor is created that allows access into an operating system. It does not install itself onto the remote computer, running instead using the computer's memory; in fact, Meterpreter can hide itself inside the operations of a perfectly valid program, so it cannot be detected even by sophisticated programmers. Once engaged, it allows a remote user carte blanche access to the system in question.

Where to Learn the Art of Hacking

Of course, for those who wish to learn the actual skills rather than download someone else's hack, there are a number of practice sites that pose an increasingly difficult set of challenges intended to train neophytes in the art of hacking. For example, Hack This Site starts beginners with the goal of cracking simple flaws in coding scripts or software such as HTML, Unix, Javascript and Apache. Their structured series of tests increase in complexity, incorporating real-word scenarios and even old-fashioned "phone phreaking" challenges that recall the bygone golden age of hacking skills displayed by Matthew Broderick in "WarGames."

Using just these simple tools and free practice sites, beginners have a powerful array of hacking resources just a simple mouse click away.

Controversy was recently courted as Southern California Edison (SCE) prepares to cut their own staff while looking to meet their staffing needs with offshore employees skilled in the field of “IT” or Informational Technology. This has been the second major utility company in the United States to take this path towards providing services to its consumers while holding current rates at consistent levels. SCE does not disclose the exact numbers of expected lay-offs, but the LA Times reports that it is in the hundreds.  Utility companies tell their consumers that these moves are necessary as a hedge against inflation and to keep their services at rates that their customers can easily afford. Critics claim that the use of foreign workers is the first step to using an entirely foreign workforce and promoting large scale unemployment amongst American citizens. Often this has been seen as a conflict between national and international workers for the same jobs, salaries and careers.

It has been noted that this State of California utility company, much like other corporations that hire foreign workers does so primarily when there is a shortage of national citizens that can perform these jobs well. IT workers that are brought in with H-1B Visa work permits usually are college educated and hold expertise in technical areas and studies that local employees may not be especially trained in. Once again, critics decry the fact that these employees are not hired directly. On shore contracting companies operating in the continental United States are directly hired by the utility companies. These contracted companies then serve as “middle-men” and hire a wide range of foreign workers with H-1B paperwork so that they can move to the United States. The workers then perform a variety of jobs instead of American workers who were either born in the country or have achieved American citizenship on their own.

Needless to say, the amount of visas issued in a given year is a concern for U.S workers in various fields but particularly in Information Technology. As large corporations stack the employment deck with foreign workers who put in the hours for a fraction of the pay-rate for local employees, local IT professionals are finding it more difficult to find work nationally.  They encounter rejections, endless interview processes or low –ball offers from companies and recruiting agencies looking to fill positions at a bare minimum cost for coveted skill-sets.  

Meanwhile, an H-1B worker is a worker brought in on a temporary basis with a visa allowing them to work freely in the United States. Much like a student or travel visa, it is issued for on a calendar oriented basis.  Applicants who successfully renew the visa for an extended period of time can expect to work in the United States for up to ten years.  Although U.S companies hiring these employees may pay them less than their local employees, the salaries earned by H-1B Visa workers are almost always higher than these workers would earn in their own country of origin.

Both sides can agree on several issues. When it comes to these H-1B Visa workers, their assignments are generally of a contractual nature and require them to reside in this country for a period of months to years. However it is also an accepted fact that while they are in this country, they are responsible for paying rent, utilities and all other living expenses. As residents of the United States on a permanent basis, they are also liable for taxes on any salary they have earned while living here.

Dr. Norman Matloff, a professor at the University of California, Davis and writer on political matters believes the shortage to be fiction. In his writing for the University of Michigan Journal of Law Reform, he claims that “there has been no shortage of qualified American citizens to fill American computer-related jobs, and that the data offered as evidence of American corporations needing H-1B visas to address labor shortages was erroneous. The American Immigration Lawyers Association (AILA) agrees with him and describes the situation as a crisis. Likewise, other studies from Duke, Alfred P. Sloan Foundation and Georgetown University have disputed that in some years, the number of foreign programmers and engineers imported outnumbered the number of jobs created by the industry

The python keyword global is used in a function to distinguish a local representation of a variable with the same name. 

glbvar = 0

def setglbvar():
    global glbvar # include this declaration so that updates to glbvar are NOT LOCAL to this function
    glbvar = 1

def printglbvar():
    print glbvar     # No need for global declaration to read value of globvar

setglbvar()
printglbvar()       # Prints 1

In programming, memory leaks are a common issue, and it occurs when a computer uses memory but does not give it back to the operating system. Experienced programmers have the ability to diagnose a leak based on the symptoms. Some believe every undesired increase in memory usage is a memory leak, but this is not an accurate representation of a leak. Certain leaks only run for a short time and are virtually undetectable.

Memory Leak Consequences

Applications that suffer severe memory leaks will eventually exceed the memory resulting in a severe slowdown or a termination of the application.

How to Protect Code from Memory Leaks?

Preventing memory leaks in the first place is more convenient than trying to locate the leak later. To do this, you can use defensive programming techniques such as smart pointers for C++.  A smart pointer is safer than a raw pointer because it provides augmented behavior that raw pointers do not have. This includes garbage collection and checking for nulls.

If you are going to use a raw pointer, avoid operations that are dangerous for specific contexts. This means pointer arithmetic and pointer copying. Smart pointers use a reference count for the object being referred to. Once the reference count reaches zero, the excess goes into garbage collection. The most commonly used smart pointer is shared_ptr from the TR1 extensions of the C++ standard library.

Static Analysis

The second approach to memory leaks is referred to as static analysis and attempts to detect errors in your source-code. CodeSonar is one of the effective tools for detection. It provides checkers for the Power of Ten coding rules, and it is especially competent at procedural analysis. However, some might find it lagging for bigger code bases.

How to Handle a Memory Leak

For some memory leaks, the only solution is to read through the code to find and correct the error. Another one of the common approaches to C++ is to use RAII, which an acronym for Resource Acquisition Is Initialization. This approach means associating scoped objects using the acquired resources, which automatically releases the resources when the objects are no longer within scope. RAII has the advantage of knowing when objects exist and when they do not. This gives it a distinct advantage over garbage collection. Regardless, RAII is not always recommended because some situations require ordinary pointers to manage raw memory and increase performance. Use it with caution.

The Most Serious Leaks

Urgency of a leak depends on the situation, and where the leak has occurred in the operating system. Additionally, it becomes more urgent if the leak occurs where the memory is limited such as in embedded systems and portable devices.

To protect code from memory leaks, people have to stay vigilant and avoid codes that could result in a leak. Memory leaks continue until someone turns the system off, which makes the memory available again, but the slow process of a leak can eventually prejudice a machine that normally runs correctly.

Related:

The Five Principles of Performance

In Demand IT Skills