i took the third choice. being hacked is a real threat but with a well configured firewall and common sense, u should be safe. i occasionly visit the dark side of the internet but i know what im doing and show no fear or mercy towards malware and hackers.
"You are not afraid. But you are scared? Is that the word?" No i was joking ! Like i said "No need for fear etc." I wasn't boasting at all ! Just explaining what i do now and then to show that i'm not afraid to test my defences, otherwise how would you know how strong they are, or not ? What's the point in just trusting something you've never taken out for at least a test drive, never mind a cross country rally through rough terrain etc. "I don't believe in stealth. You can still be seen" Once i've left a site and logged off and back on again with a new IP for eg, how they going to find me with a dynamic IP. Please enlighten me with your reasons/thoughts on Stealth and Dyna IP's. If you know something/s that might help, then i'd like to hear about it directly from your good self, seriously. How much closer than to my own front door/FW does it come. Oh yeah inside, well i would love to see that happen. I could write a book on it, so lets hope they do manage it. I'm thinking film rights/merchandising etc already. Anybody want my autograph before it costs you plenty $ lol. StevieO
Old company worked for, the web server I administrated (win2k) got hacked by a know expliot of IIS that was doing the rounds (cant remember which). The only damage was deleting the website files, they could'nt get to the sql server with our ecommerce stuff on. In 7 or so years of being on the internet the only hacking attempt I have know be sucessful. I've seen lots of random noise and worms and script kiddy attacks, but only stuff that would work on people who dont run a firewall and have never patched their OS in their entire installs life.
All I'm saying is, if you are truly so unafraid, why run so much? The stealth vs closed debate is one that has being covered a lot on this forum and all over the web. Surely the great S has read about it? Is this a boast or just a joke?
"why run so much?" So you think i do then. What i do run has served me very well up till now. Even if i didn't experiment with Apps and visit potentially dangerous sites, why not be as protected as you can be, just in case anyway ! So no i'm not afraid/scared etc, just cautious. Of course we can only be protected against the things our systems and Apps are set up and designed for. Everybody is open in some way or another to Zero day attacks, even you i have to say, for which we could very well be at risk from. Whether these were browser related or otherwise. I am aware of the stealth vs closed debates, but i Specifically asked you for your own reasons/thoughts on Stealth and Dyna IP's, and how you think that i could be seen and/or at risk ? With regard to the book/film thing, yes of course it was tongue in cheek ! But if anything did actually happen to my PC internals etc from the men in black etc that i had any Evidence of, then i'm sure people would be interested in hearing all about what/how etc. I know i would if it happened to someone else. StevieO
firstly, no i couldn't hack into someone's computer if they have their firewall setup correctly. if a port was open then i more then likely could, it's not something i'm into though so i've never tried. if you have someone's IP with an open port there's a live cd you can use with all the programs you'll need to exploit that computer. the live cd will do all the hard work of running an exploit and loading a payload for you. it can tell the OS running by the way it replies to pings (if it doesn't reply you can just tell it to do the scan anyway) it can make a good guess what's running on the port too. you can then load up a list of all the known exploits for the infomation you have (OS and/or service running on the open port). before you run the exploit the live cd will work out if the exploit will work to save you the time of running something which won't crack the target when you find an exploit which will work you can then select the payload you want, something like open VNC, and open VNC will be installed on the remote computer for you. secondly, the reason i'm scared is because good hackers (not script kiddies ) are so skilled and obsessive. they'll pick some software and spend hours and hours going through it trying to find something to exploit. when something is found they won't tell anyone apart from maybe afew other hacking friends they know they can trust. if the exploit found is for a popular program 1000's of people could be exploited before anyone finds out. maybe no one will find out. what would happen if the recent meta file print cancellation exploit was only known by afew hackers? would you be safe? i was listening to an old hacking radio broadcast the other day, on the program a hacker was talking about an exploit he had found which worked against anyone using AOL's instant message client, no one knew what the exploit was but him. his friend had just found a huge hole in phpBB too. here's the notice given from phpBB about the friend's exploit http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513 EDIT and abit OT BTW this is how they responded to being told about the exploit. it seems the hacker - Jessica, was totally white hat and did everything she could to worn phpBB about it but they just wouldn't believe her so she hacked their site, got into lots of trouble and decided to stop using the internet. http://www.phpbb.com/phpBB/viewtopic.php?p=1316231 the SID exploit i was talking about in my first post was posted on a hacking board, the exploit would probably defeat anyone here, you just needed to accept cookies from the site and click on a link which lead somewhere else on the site. it was no big deal to anyone there apart from me lol i almost fell off my chair.
Hello, Actually she sits right next to him while he clicks the downloads... We're a liberal family... sort of a way... Iceni - for every 'black' hacker there's a 'white' hacker. Even more so in the opensource community. Mrk
A port open and you could hack it? Wow, i bet you could own the computer that hosts the Wilders forums. Let me summarise, you tell me if I am wrong . Basically, you see what is running on the open port, then you look for any known vulnerabilities. If there is one, you use it. If there isn't any (the target keeps up with patches) you can't do anything. If you are scriptkiddie, you use scripts and scanners that do all this automatically for you. Or they could sell it for loads of cash or keep it when they really need it to work against a specific target... Honestly, if the aim is to infect a lot of people to create a botnet, it is damn stupid to use an undisclosed exploit. The majority of users are way unprotected that you could do it any way you please, and you don't really care who you own, so why risk using your secret weapon? It's cool to do it of course, but if you use it indiscriminately it's likely that you will come up against a well defended system with extremely paranoid defenses (Say someone wilders who runs PG or whatever noticing some strange activity), and he will notice your little trick and the cat is out of the bag. Real pros will never do that. Actually I know for a fact that the recent WMF exploit was independently discovered by several people. In fact, One guy was just finishing the analysis and was going to go public when it was found in the wild. The question was how much did the spyware company pay the guy to reveal this flaw?
i really wanted to say how clever the live cd is and how easy it is to be a script kiddie. i think "secret weapons" are probably fairly common. here's something which just came up on one of my RSS feeds http://www.zdnet.com.au/news/securi..._than_30_minutes/0,2000061744,39241748,00.htm so how do you protect against something you aren't patched against? i can only really think of something like checksum checking. what else is there?
As far as I'm concerned, the threat is virtually non-existent Of course a few years ago i wouldn't have dreamed of ever being so bold as to confidently issue such a statement as this. For one thing there is never any "fear" on this end of being hacked so long as there is a working OFF button to the internet or plug that can be pulled from the wall. In fact some of us harbor a much more immediate threat that can suddenly arise from Windows itself than any outside attempt to invade or intrude on the table. Thats thanks in whole to all the developers of defense software programs that do some basic protecting of areas needed that are well designed to prevent your units from being hacked as they say.
Well given that clueless people like me run stuff like PrcoessGuard, which is pretty powerful.... I always thought those of us in this forum who have some pseudo knowledge about security software are just the flip side of script kiddies. 'Experts' write these none mainstream apps for us to use to defend ourselves. Yeah I read about it. As for such things being "Fairly common" I think it Depends on what type of stuff you are talking about I think. A look at various security lists shows that there are a boatload of vulnerabilities reported every week from all sorts of software. I'm sure there are a lot of situational stuff, that requires semi user interaction to work (the examples you gave where the guy had to click on a link), on less critical software etc.. But the really big and serious ones affecting popular stuff are not that common and highly prized. If it was , you would see for example a lot of webservers getting hacked all the time, online businesses would be owned etc. So basically no one cares about Mac according to him, so he doesn't mind tipping his hand On the other hand you can bet the really critical Windows vulnerabilities are not that easy to find, given that the low hanging fruit has all being picked. if I have a good one that allows me to blow past a fully patched system without any user interaction at all, I'm definitely not going to blow my cover, just to win a stupid hacking contest (win an Xbox!). It's funny. If you use obscure stuff, few people borther to target it, so it means there could be a lot of vulnerabilities in the software that is unexposed. But you are somewhat safe, as long as someone doesn't decide to go after you. If you use popular stuff, you can be sure the most obvious attacks have being considered and blocked already, on the other hand, because a correspondingly large number of people are trying to attack it, statistically speaking some may succeed. But because such exploits are rare, you don't expect them to use it, unless they seriously have some reason to do it. Depends on what you are talking about... I guess that's a big reason why people on wilders are hot on 'HIPS', they hope they can spot and stop anomilies. Hopefully, the attacker doesn't know about this ace in the hole...
I used to worry about it. I was hacked once, back when I used NIS 2002. Now I trust my defenses to detect and stop an intrusion. Other than the items I deliberately bring in, my system has stayed clean for 3 years now. Adding SSM pretty much guarantees it will stay that way. Rick
I'm not really scared, I have been hacked loads of times, each time is something new and helps me understand how it is done and how to prevent it from happening again, not lost anything yet
I voted, As far as I'm concerned, the threat is virtually non-existent... As a mainstream user I am not worried about being cracked, hacked or whatever, I have been online for many years and the only security I have ever used on my pc is an antivirus and firewall. Loading your computer down with tons of security applications is a false sense of security, common sense goes along way and is much cheaper and less time consuming in the long run.
I'd agree pipester, if the user has the least amount of commonsense/intelligence, one would have a better chance of getting struck by lightning while simultaneously checking his/her lottery numbers and discovering they are the sole winner of PowerBall jackpot. I've never experienced anything malware wise I didn't actually subject myself to. - You have to be extremely intelligent to get infected in windows and an absolute genius to get infected in *nix. Having said that, I don't run any AVs, ATs, or ASs, I run nothing more than a firewall and PeerGuardian. While I realize the 'average' user usually needs protection, I am surprised that people that frequently 'security' forums, fall victim to the hype of malware. Hey does anyone want this great Britney Spears video I have? Britney.Spears.mp3.exe 168kb
Hello, Unfortunately I cannot open that file on my Ubuntu. I can send you Britney.Spears.deb 233Kb if you want?? I also have Justin.tar.gz. And Beyonce.rpm. Mrk
I voted... "Yes, I'm afraid, and I take every precaution to prevent." But after taking every precaution to prevent it, am I still afraid? Not so much.
