Interesting Conversation with a Hacker

[STV0726]

Not to get off topic, but when you guys update your routers firmware does it keep your settings and things like your security, ports open, wireless network security, etc etc.? Mine does I believe.

[awkwardpenguin]

Interesting reading, both the thread and the links. I'm just getting into the Reddit article but the firewall writeup is amusing. I guess I can see where he's coming from with some points but one would think a security professional would have exacted his thoughts more clearly and turned down the vaaast generalizations. It reminds me of the sensationalist bs like Linux is DEAD, the laptop/desktop is DEAD, etc. Intentional pot-stirring for the OMG! factor.

TheWingedBringeth, if you're gonna check out ChromeOS, also take a look at Jolicloud. It's an Ubuntu based cloud system which evidently does some full native gtk programs. Could be a decent other option but I've only read brief comparisons, no 1st hand usage for me.
http://www.jolicloud.com/jolios

Also just to be clear, Ubuntu does have a firewall setup. It's not accessible other than by terminal and it's disabled by default, but Ubuntu comes with ufw which is a frontend for iptables which configures the netfilter kernel module. You can install gufw for the GUI way of doing things and there are various levels of logging available.
http://manpages.ubuntu.com/manpages/...an8/ufw.8.html

Though I see what you were getting at HM, Ubuntu only opens ports on an as-needed basis.

Quote:

Originally Posted by No_script

You don't need to execute to exploit a system, really there are plenty of other options. UNUP exploit, TCP/IP exploit, FTP stack overflows, DNS poisoning, MITM, and I could go on.

You mean "to exploit a user." To gain control of a system, you need to execute arbitrary code at some point.

OTOH, the goal of most blackhats is to compromise the user. Why bother rooting their machines if you can make more money by phishing them?

BTW

Quote:

Give me your i.p, I bet it will probably take a friend of mine 10 minuts to r00t your system without you knowing.

127.164.89.28. Give it a try.

[kjdemuth]

I've ran joli cloud since it came out a few years ago. I really like it. It's gui is very simple, much like chromeOS. You can even run it on any machine that you log into the cloud. I'm thinking about putting it back on. I've been bouncing around from mint to ubuntu since they both came out. I like my joli though. YOu can also run apps on it as well. Very cool.

[xxJackxx]

Quote:

Originally Posted by No_script

Give me your i.p, I bet it will probably take a friend of mine 10 minuts to r00t your system without you knowing...

LOL. Reminds me of a story I read about on a forum once, it's been years... supposedly the guy gave the attacker an IP Address... of 127.0.0.1... and supposedly, the attacker deleted his own hard drives.

[Ranget]

Quote:

Being behind a router is ok... unless you're like 99% of people still running the firmware that came with it.

just to be clear how to change you Router Firmware ?
some router Doesn't support Firmware Change just update
i mean you can't Use tomato or DD-wrt wich also has bugs and exploits

not to get of topic but that's a very important thing we are talking about
i mean we are putting the First line of defense is our NAT router

it protect the Whole network not just the computer i mean Like your Itv and
such stuff which i doubt companies will implement a Firewall in a TV

i had a Problem in the Past with a two routers that Got hacked and
the hacker opened the Incoming Port 80
after a lot of fight with the Router i didn't know what i did that Fixed that hole

which mean Routers are Vulnerable

so what should we do in order to Protect our selves against incoming attacks

Quote:

LOL. Reminds me of a story I read about on a forum once, it's been years... supposedly the guy gave the attacker an IP Address... of 127.0.0.1... and supposedly, the attacker deleted his own hard drives.

that's funny
but we should consider the possibilty of hackers having 0day

[noone_particular]

Quote:

Reminds me of a story I read about on a forum once, it's been years... supposedly the guy gave the attacker an IP Address... of 127.0.0.1... and supposedly, the attacker deleted his own hard drives.

I think it was posted here, or a link to it was. No idea what the thread subject was and searching for it sounds too much like work.

Quote:

Give me your i.p, I bet it will probably take a friend of mine 10 minuts to r00t your system without you knowing.

This statement itself is a joke. Any real hacker wouldn't have to ask for your IP.