Helping attackers by declaring your defence setup in your signature

It's becoming increasingly common on various forums for people to declare which security programs they use in their signature. Just remember that you're making things easier for anyone wanting to target you - not only do they know exactly which programs you DO use, they also know which ones you DON'T use, and can easily analyse your setup to anticipate your 'style' of defence setup - which programs you would go for and which ones you'd avoid. Consider vulnerabilities for example - often the attacker can only use a vulnerability against you if they know you're using the program in which the vulnerability resides, and by declaring your security setup in your signature you're taking the guesswork out of the equation for them.

Anyway, just something to be aware of.

 

Thanks for the advice.

 

Good post Wayne, thanks.

Cheers

 

Good point & thanks for reminding.

Yes, I thought too a while back ....

 

The answer is simple. Lie a bit in your signatures.

 

As a good friend reminded me...also good reason NOT to ever post your hijackthis log in a forum Then they would know what whacked you last and what you are paying for in Security Products or just running for free.

 

Primrose

That's true. I thought that was a dead give away compare to Signature really ...

I mean you are going to give all the details on your systems ...

hmmm ...

I am getting really paranoid now ...

 

With all due respect, a couple of points in rebuttal:

1) The advice is really only useful as protection against attack of you as an individual. And unless I'm greatly mistaken, that kind of hacking is extremely rare, compared to more typical malware attacks which are directed against as wide a range of targets as possible on the internet. Sure, I can be hacked, but I've got no reason on earth to believe anyone's out to "get me" personally. I protect myself in various ways from in-the-wild stuff, not personal attacks.

2) It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help, whether with a particular piece of software/hardware or with your system generally, the info must be provided if you want any kind of reasonable assistance.

Best to all,
Mike

 

I think Wayne was just making the point that one can make it easier should an attacker go for you and I quote:

Just words of caution that's all

 

If you don't give "them" your email address, IM, or IP address in either your signature, postings, or Hijack This logs, how can "They" find you and connect your security setup on Wilders with one of the Millions of other interent users out there? (Maybe through some dedicated spyware, but you are blocking those, right?)
You can edit your Hijack This logs to mask IP addresses, DNS servers, email, even revealing directory names. The only reason you would need to post a Hijack This log anyway is because you are already up the creek. Hopefully, after having learned a lesson, you would tighten up security and prevent it from happening again.
That being said, concealing your security suite doesn't hurt. And if program interaction is relevant, the programs can be listed there in the post. It is easier anyway then checking the person's sig.

 

Well they could break into this site and grab the logs of course.

 

Geez, now we have to even view Wilder's with an anonymous proxy just in case?

 

Some of us already do. (though in my case, more to prevent my ISP from logging my online activity).

 

All right fine Paranoid2000 I guess you can't be too paranoid these days
[Devinco reluctantly activates anon proxy and edits profile for an alternate throw away email address]

 

I fully agree.
If a hacker, I think we are talking about Cracker, is interested in my machine, which I doubt, he certainly doesnt need my presence here at Wilders to look after the progs I use, and knowing that he makes his plan to enter my machine.
And what if he sees we are using top of the bill security progs? Scared him/her?
I doubt.

 

Mikebcda,

Not all hacking that goes on comes in the form of a .exe attached to an email mass-mailed to everyone saying "Hi, please run the attached file", and when individuals systems are hacked they're rarely reported to authorities so statistics aren't reliable and International statistics are virtually non-existant. It happens a lot more than you'd imagine, and when vulnerabilities for particular programs appear you often get hackers that 'fish' for people using that software - not by mass-mailing or other such bulk methods, but by other methods such as using Google to find people who've asked questions about the software, or to find people who post their security setups in their signatures, etc etc - it's really quite trivial, and attacks are very easy to execute, a lot easier than exploits such as shellcodes, buffer overflows and so on.

By informing hackers of what software you're running you're giving them a good idea of which methods of attack they should use and which they should avoid. If they know nothing about your security setup then they've got a lot more work to do, and also you're giving them no reason to target you. You might be the nicest bloke on Earth (and I'm sure you are!) and maybe nobody has any reason to target you as a person, but declaring your security setup may be enough to entice somebody to target you.

Which "experts"? There's a big difference between providing information for trouble-shooting and security, and no _security_ expert will ever tell you to disclose your security setup to the International public. If such information is ever required by somebody trying to help you then you can always send them a private message or emails, and then you won't be disclosing the information to uninvited 3rd parties.

Actually you'll find that such information in signatures is rarely (if ever) used by those helping the person - just knowing that a particular program is installed doesn't really tell you anything about a problem on somebodys computer.

Primrose,

Spot on, it's exactly the same problem although actually it's even worse in one sense because such logs disclose full directory paths, and there are many vulnerabilities/exploits that can be used to destroy/overwrite existing files but only if the full path is known, but yes - like disclosure in signatures, they usually show exactly which security programs are and aren't installed.

It just seems that a lot of people are quite innocently setting their signatures to disclose their security setups without understanding the posible ramifications of that. It's completely up to you whether or not you disclose such information but it's important to just be aware of it, and it seems not many people are.

Gerard,
Just as one brief example - your signature says that you use Firefox 0.93. If I want to attack you and can execute a vulnerability against that build of Firefox then all I need to do is attract your attention to a webpage to infect you. That might also take a bit of social engineering (say, sending you some friendly emails for a couple weeks to gain your trust), but it's still all trivial. Even if the exploit required scripts to be enabled I could just make it so the webpage required scripts to execute in order to view the page, and I could use a plethora of tricks to help prevent you seeing the exploit in the source code. That's just one simple example against just one program.

Regards,
Wayne

 

Hi Wayne,

I understand your answer and it has a logic in it. On the other hand the majority of the members and visitors here are using one or another combination of AV/AT/AS etc. So its not a very high secret about that. Also you can read through all the postings if you want to get a more specific idea what someone is using to get all the nasties out.
I had a more or less feeling that I am safe computing using those apps. Is that a false feeling?
If so I agree with I believe Ronjor said to put other apps. in your defence setup than you really have, which will give you an extra safety barrier.
Am I right?

Regards

Gerard

 

Yes, but an attacker isn't concerned that you have an anti-virus - that's not an obstacle to them. What they want to know is which anti-virus. For example, if they want to modify a trojan so that it slips through detection of your anti-virus then they need to know exactly which anti-virus you're using, because each scanner will detect the file differently so even though the attacker may be able to get the trojan to be undetected by one scanner, another scanner may still detect it. Modifying a trojan so that it bypasses detection of all scanners is unpracticle and would take the attacker more time than it's worth, so knowing exactly which anti-virus program you use is a big advantage to the attacker as it allows them to easily and quickly customise their attack specifically for your defence.

Sorry but I'm not quite sure what you meant in regards to Ronjor's comment ... ?

 

Hi Wayne,

Thanks for explaining.
Sorry it was not Ronjor, it was Ronin said this:
The answer is simple. Lie a bit in your signatures.

Gerard

 

I thought the first line of defense was the most effective (against attack), my router - besides, i've got nothing here but a cheap car stereo ane no credit card/online banking used.

 

Thank you ronjor! -

 

Well I certainly agree with you also Most who do a personal attacks leave a trail in any case.

I still remember when stealth was a biggie but you do not hear much about that these days.


The whole issue about "stealth" simply says that your router or
computer doesn't reply to say "no connection available here", which
would verify to a potential hacker that there is a computer at your ip
address.

Hackers or otherwise hostile agents, that don't care whether there is
anything at your ip address, will attempt to hit you anyway. The
whole issue of "stealth" became less important on January 25, 2003.
http://www.wired.com/wired/archive/11.07/slammer_pr.html

Slammer didn't check for anything at a given ip address. It just sent
itself to that address. It infected 90% of its potential targets in
10 minutes, by simply not caring what it was invading.

Blaster continues to infect hosts constantly. Look at any of the
Microsoft.public.*.* discussion groups, every day somebody asks about
their computer shutting down with "NT Authority..." or "RPC Call...".
http://www.microsoft.com/security/incident/blast.asp

If your computer is vulnerable to an attack, and a Blaster or Slammer
type worm is sent in your direction, you WILL be infected. Stealth or
not.

Stealthing yourself is a good idea. But it does not replace a good
layered defense. Each layer is necessary because no layer produces
complete protection.

The first layer is a NAT router (hardware firewall).

The second layer is a software firewall.

The third layer is good software. This layer contains many parts.

AntiVirus protection.

Adware / spyware protection.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Harden your operating system. Check at least monthly.
http://windowsupdate.microsoft.com/

The fourth layer is common sense. Yours. Don't install software
based upon advice from unknown sources. Don't install free software,
without researching it carefully. Don't open email unless you know
who it's from, and how and why it was sent.

The fifth layer is education. Know what the risks are. Stay
informed. Read Usenet, and various web pages that discuss security
problems. Check the logs from the other layers regularly, look for
things that don't belong, and take action when necessary.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.


http://groups.google.com/groups?hl=...0hkirjl0sfjgkf5s03ssqjfff3c8d@4ax.com&rnum=13

And if you run WinXP..do it with NTSF and limited accounts.