Hey, I'm new here, and I have to say I'm a computer/programming nerd. Even hacking, I barely know anything, and I consider everything ethical for me because I would never do anything wrong, I simply love the knowledge and want to know how to do things. However, I understand why so many people can't trust you when you say that... Anyway, there have been a few hacking questions that have been bugging me for a while.

Why does SQL injection only work for some sites (and even then not many) ? It must be some change in the code, but what? Is there any way to open the file that checks the password to see if SQL injection will work?

Can sites track brute force password crackers? What are packet sniffers? Can they be tracked?

Why do people recommend Linux or Unix for hacking?

Thanks!