Helping attackers by declaring your defence setup in your signature

Discussion in 'other security issues & news' started by Wayne - DiamondCS, Aug 5, 2004.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    It's becoming increasingly common on various forums for people to declare which security programs they use in their signature. Just remember that you're making things easier for anyone wanting to target you - not only do they know exactly which programs you DO use, they also know which ones you DON'T use, and can easily analyse your setup to anticipate your 'style' of defence setup - which programs you would go for and which ones you'd avoid. Consider vulnerabilities for example - often the attacker can only use a vulnerability against you if they know you're using the program in which the vulnerability resides, and by declaring your security setup in your signature you're taking the guesswork out of the equation for them.

    Anyway, just something to be aware of.
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Thanks for the advice. ;)
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good post Wayne, thanks.

    Cheers :D
     
  4. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Good point & thanks for reminding.

    Yes, I thought too a while back ....

    ;)
     
  5. Ronin

    Ronin Guest

    The answer is simple. Lie a bit in your signatures.
     
  6. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    As a good friend reminded me...also good reason NOT to ever post your hijackthis log in a forum :eek: Then they would know what whacked you last and what you are paying for in Security Products or just running for free.
     
  7. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Primrose

    That's true. I thought that was a dead give away compare to Signature really ...

    I mean you are going to give all the details on your systems ...

    hmmm ...

    I am getting really paranoid now ... :eek:
     
  8. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    With all due respect, a couple of points in rebuttal:

    1) The advice is really only useful as protection against attack of you as an individual. And unless I'm greatly mistaken, that kind of hacking is extremely rare, compared to more typical malware attacks which are directed against as wide a range of targets as possible on the internet. Sure, I can be hacked, but I've got no reason on earth to believe anyone's out to "get me" personally. I protect myself in various ways from in-the-wild stuff, not personal attacks.

    2) It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help, whether with a particular piece of software/hardware or with your system generally, the info must be provided if you want any kind of reasonable assistance.

    Best to all,
    Mike
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    A lot of "attacks" are downloaded to computers by users.

    If you open the door, they're coming in!! :D
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I think Wayne was just making the point that one can make it easier should an attacker go for you and I quote:
    Just words of caution that's all :D
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    If you don't give "them" your email address, IM, or IP address in either your signature, postings, or Hijack This logs, how can "They" find you and connect your security setup on Wilders with one of the Millions of other interent users out there? (Maybe through some dedicated spyware, but you are blocking those, right?)
    You can edit your Hijack This logs to mask IP addresses, DNS servers, email, even revealing directory names. The only reason you would need to post a Hijack This log anyway is because you are already up the creek. Hopefully, after having learned a lesson, you would tighten up security and prevent it from happening again.
    That being said, concealing your security suite doesn't hurt. And if program interaction is relevant, the programs can be listed there in the post. It is easier anyway then checking the person's sig.
     
  12. Ronin

    Ronin Guest

    Well they could break into this site and grab the logs of course.
     
  13. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Geez, now we have to even view Wilder's with an anonymous proxy just in case?
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Some of us already do. :p (though in my case, more to prevent my ISP from logging my online activity).
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    All right fine Paranoid2000 I guess you can't be too paranoid these days :D
    [Devinco reluctantly activates anon proxy and edits profile for an alternate throw away email address]
     
  16. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I fully agree.
    If a hacker, I think we are talking about Cracker, is interested in my machine, which I doubt, he certainly doesnt need my presence here at Wilders to look after the progs I use, and knowing that he makes his plan to enter my machine.
    And what if he sees we are using top of the bill security progs? Scared him/her?
    I doubt.
     
  17. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Mikebcda,
    Not all hacking that goes on comes in the form of a .exe attached to an email mass-mailed to everyone saying "Hi, please run the attached file", and when individuals systems are hacked they're rarely reported to authorities so statistics aren't reliable and International statistics are virtually non-existant. It happens a lot more than you'd imagine, and when vulnerabilities for particular programs appear you often get hackers that 'fish' for people using that software - not by mass-mailing or other such bulk methods, but by other methods such as using Google to find people who've asked questions about the software, or to find people who post their security setups in their signatures, etc etc - it's really quite trivial, and attacks are very easy to execute, a lot easier than exploits such as shellcodes, buffer overflows and so on.

    By informing hackers of what software you're running you're giving them a good idea of which methods of attack they should use and which they should avoid. If they know nothing about your security setup then they've got a lot more work to do, and also you're giving them no reason to target you. You might be the nicest bloke on Earth (and I'm sure you are!) and maybe nobody has any reason to target you as a person, but declaring your security setup may be enough to entice somebody to target you.

    Which "experts"? There's a big difference between providing information for trouble-shooting and security, and no _security_ expert will ever tell you to disclose your security setup to the International public. If such information is ever required by somebody trying to help you then you can always send them a private message or emails, and then you won't be disclosing the information to uninvited 3rd parties.

    Actually you'll find that such information in signatures is rarely (if ever) used by those helping the person - just knowing that a particular program is installed doesn't really tell you anything about a problem on somebodys computer.

    Primrose,
    Spot on, it's exactly the same problem although actually it's even worse in one sense because such logs disclose full directory paths, and there are many vulnerabilities/exploits that can be used to destroy/overwrite existing files but only if the full path is known, but yes - like disclosure in signatures, they usually show exactly which security programs are and aren't installed.

    It just seems that a lot of people are quite innocently setting their signatures to disclose their security setups without understanding the posible ramifications of that. It's completely up to you whether or not you disclose such information but it's important to just be aware of it, and it seems not many people are.

    Gerard,
    Just as one brief example - your signature says that you use Firefox 0.93. If I want to attack you and can execute a vulnerability against that build of Firefox then all I need to do is attract your attention to a webpage to infect you. That might also take a bit of social engineering (say, sending you some friendly emails for a couple weeks to gain your trust), but it's still all trivial. Even if the exploit required scripts to be enabled I could just make it so the webpage required scripts to execute in order to view the page, and I could use a plethora of tricks to help prevent you seeing the exploit in the source code. That's just one simple example against just one program.

    Regards,
    Wayne
     
    Last edited: Aug 5, 2004
  18. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi Wayne,

    I understand your answer and it has a logic in it. On the other hand the majority of the members and visitors here are using one or another combination of AV/AT/AS etc. So its not a very high secret about that. Also you can read through all the postings if you want to get a more specific idea what someone is using to get all the nasties out.
    I had a more or less feeling that I am safe computing using those apps. Is that a false feeling?
    If so I agree with I believe Ronjor said to put other apps. in your defence setup than you really have, which will give you an extra safety barrier.
    Am I right?

    Regards

    Gerard
     
  19. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Yes, but an attacker isn't concerned that you have an anti-virus - that's not an obstacle to them. What they want to know is which anti-virus. For example, if they want to modify a trojan so that it slips through detection of your anti-virus then they need to know exactly which anti-virus you're using, because each scanner will detect the file differently so even though the attacker may be able to get the trojan to be undetected by one scanner, another scanner may still detect it. Modifying a trojan so that it bypasses detection of all scanners is unpracticle and would take the attacker more time than it's worth, so knowing exactly which anti-virus program you use is a big advantage to the attacker as it allows them to easily and quickly customise their attack specifically for your defence.

    Sorry but I'm not quite sure what you meant in regards to Ronjor's comment ... ?
     
  20. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi Wayne,

    Thanks for explaining.
    Sorry it was not Ronjor, it was Ronin said this:
    The answer is simple. Lie a bit in your signatures.

    Gerard
     
  21. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I thought the first line of defense was the most effective (against attack), my router - besides, i've got nothing here but a cheap car stereo ane no credit card/online banking used. :D
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Lynchknot,

    There is an update for Firefox for security issues. Apologies if you know this already.
     
  23. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Thank you ronjor! - :D
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Looking good lynchknot!!
     
  25. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Well I certainly agree with you also :D Most who do a personal attacks leave a trail in any case. ;)

    I still remember when stealth was a biggie but you do not hear much about that these days.


    The whole issue about "stealth" simply says that your router or
    computer doesn't reply to say "no connection available here", which
    would verify to a potential hacker that there is a computer at your ip
    address.

    Hackers or otherwise hostile agents, that don't care whether there is
    anything at your ip address, will attempt to hit you anyway. The
    whole issue of "stealth" became less important on January 25, 2003.

    http://www.wired.com/wired/archive/11.07/slammer_pr.html

    Slammer didn't check for anything at a given ip address. It just sent
    itself to that address. It infected 90% of its potential targets in
    10 minutes, by simply not caring what it was invading.


    Blaster continues to infect hosts constantly. Look at any of the
    Microsoft.public.*.* discussion groups, every day somebody asks about
    their computer shutting down with "NT Authority..." or "RPC Call...".
    http://www.microsoft.com/security/incident/blast.asp

    If your computer is vulnerable to an attack, and a Blaster or Slammer
    type worm is sent in your direction, you WILL be infected. Stealth or
    not.

    Stealthing yourself is a good idea. But it does not replace a good
    layered defense. Each layer is necessary because no layer produces
    complete protection.

    The first layer is a NAT router (hardware firewall).

    The second layer is a software firewall.

    The third layer is good software. This layer contains many parts.

    AntiVirus protection.

    Adware / spyware protection.

    Harden your browser. There are various websites which will check for
    vulnerabilities, here are three which I use.
    http://www.jasons-toolbox.com/BrowserSecurity/
    http://bcheck.scanit.be/bcheck/
    https://testzone.secunia.com/browser_checker/

    Harden your operating system. Check at least monthly.
    http://windowsupdate.microsoft.com/

    The fourth layer is common sense. Yours. Don't install software
    based upon advice from unknown sources. Don't install free software,
    without researching it carefully. Don't open email unless you know
    who it's from, and how and why it was sent.

    The fifth layer is education. Know what the risks are. Stay
    informed. Read Usenet, and various web pages that discuss security
    problems. Check the logs from the other layers regularly, look for
    things that don't belong, and take action when necessary.

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.


    http://groups.google.com/groups?hl=...0hkirjl0sfjgkf5s03ssqjfff3c8d@4ax.com&rnum=13

    And if you run WinXP..do it with NTSF and limited accounts.
     
Loading...
Thread Status:
Not open for further replies.