how hackers break into pc

Discussion in 'other security issues & news' started by david banner, Dec 16, 2007.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Wow! You just confirmed one of my suspicions. Many forum-admins and regular members are very knowledgeable about computers, and what would prevent some of them from usiing their knowledge and expertise to hack into someone else's email account, etc.?
     
  2. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    My God! Did you see the Halle Berry movie called "Perfect Stranger"? I figured that they were people in real life who were like the Giovanni Ribisi character. :eek:
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    What, you ask? I don't know, perhaps the fact that it's impossible?

    Some people here are in extremely dire need of waking up to the real world and getting a grip.
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    I always thought that even if anyone can see a port, a closed or open one, there has to be a exploit in the specific software that uses that port for anyone to find a way to get root access to a computer. Or have I just dreamt that?
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    No, you didn't.

    As a challenge to the community awhile back I gave out my IP address to Wilders and several hacker forums in an open challenge for them to hack me. Ports 135, 137 and 445 were wide open and unsecured on my computer. There were some tries, including a couple of Sasser worms from Taiwan, but in the end nobody could get through.

    The threat of hackers is real, but the delusions of some of the replies in this thread are nothing but prime-quality comedy material. There is a fine line between security awareness and paranoia, and too many people are treading on the wrong side of that line.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Another movie with Halle Berry where hacking is taken to another level of science fiction is Swordfish. Please ...
    Mrk
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    There is way too much hype regarding super hackers breaking into people's home PCs. Some folks will tell you to just give up since you can't possibly protect yourself, and to go hide under your bed. Quite frankly, its a load of crap.

    Unless you are running some unpatched and unprotected services, allowing just any inbound connections into your PC, with no protection at all, you are not likely to get hacked from the outside in. Simple basics like just running a cheap NAT router, with no ports forwarded in if you don't need them, will stop inbound attacks. A good software firewall (many free ones available) can do the same.

    Anytime someone starts talking about uber hackers who can get into your system by just looking at you, be skeptical (be very skeptical!). Further, there is no sentient, self-evolving malware that can adapt all on its own, jumping from disk to BIOS to video memory to hide from you. There is no single floppy disk that gives the owner of it total control of every PC and network in the world. There is no super virus that is being held back in basement of the NSA that, if released, would cause every computer in the world, including the chips in your electric toothbrush, to turn into SkyNet and kill all human life. (Okay, the last one is a little extreme.)

    In any case, don't buy into all that hype. Educate yourself as to what is really possible, and take a few simple steps to patch and secure your PC, and you should be fine. It's does not take a degree in computer science or even much money to get and stay secure. Then once you get secured, stop obsessing about whether your computer is safe or not, and go out and actually enjoy the rest of the Internet.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    So I can take the tinfoil off me head when I'm going to bed to sleep at night? I'm still keeping my feet grounded, though.
    Mrk
     
  9. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Security vendors must love all the sci-fi movies featuring uber 20 year old hackers able to compromise your computer, data, and identity instantly with basically nothing to go on.

    "Oh no! You're using MS Paint?! The network has been breeched!"
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I agree

    Again, I agree.
    I know most here at Wilders do put forward some need for a router with firewall, but this is not actually needed. As mentioned by LowWaterMark, a software firewall will do the same, it is just that the firewall may not silently drop unsolicited inbound, and gives rise to a popup that a lot of users may not fully understand. By this I mean: I see some users who will have a popup for inbound to svchost, they see svchost as a trusted windows system application, so allow the inbound, this then can cause possible problems.

    The main problem (IMHO) is the crap some users install onto thier own computers. There are many who like to save money by purchase of software from dubious sources (or even install cracked), this is not a good path to follow (again IMHO)

    Such as a free firewall, such as Jetico1, which can appear to be complicated, can be made simple to use, adding one rule to block inbound connections will take away a lot of popups and stop direct access/possible attack by TCP to windows services.

    I have used software firewalls for quite a while, and do make attacks on these by various methods (simply to check/ report on such). Just because I may see an IP, this will certainly on its own NOT allow me to possibly compromise that PC, far from it.
     
  11. IS200

    IS200 Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    32
    Location:
    pc repair dublin
    I thought I was the only person squirming when I saw that movie

    Has anybody got links to show (on video) how hackers do pen-tests, etc?
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    I have noticed that creating textual firewall rules, like iptables, is the best way to understand how firewalls work and how to simply and painlessly configure them, so much simpler than GUI.

    You can have a full inbound firewall, with spi and ssh in 5 lines!

    While it sounds daunting, it's actually sooo much easier and more logical.

    I think if Jetico had a command line for the rules, it would really be a good one.

    Or any Windows firewall - for that matter.

    Mrk
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I will agree that such as IPtables is very powerful, I think you would also need to agree that from a standpoint of the average user such config may be beyond most? (or at least most would not see a reason/need for such involvement?)

    From your own point of view, I cannot argue. But Jetico is simple (from my own point of view) others would argue with me, as others may argue with you on such a peronal view.

    Regards,
     
  14. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Yea movies are so bad at depicting 'hacking'. Everyone seems to an obsession with 'hacking' a firewall. Swordfish has someone 'hack' a firewall in under 60 seconds and in Transformers, they were 'brute forcing' a firewall. No wonder people are so misinformed.
     
  15. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    It was beyond me o_O . When I was using Linux I used Firestarter, Shorewall, and Guarddog GUIs with different distros.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    One actually has to read about it, but one gets the point in 2 days imo.
     
  17. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    725
    What does that mean?
    Where is the best place to educate oneself with all the conflicting views and hype?
    Thanks
     
  18. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Keep in mind that unless you've somehow made personal enemies who are also highly skilled, your odds of being hacked as an individual user (as opposed to bots doing a mass search for vulnerable systems) are probably slim to none.

    That kind of skilled individual effort typically targets major institutions such as banks or government agencies. For the typical home user, a reasonable defense arsenal of security apps (plus of course your most powerful defense, common sense) should protect you from nearly anything you're likely to run into.
     
  19. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    725
    But it is interesting to learn and does no harm to know:)
     
  20. clambermatic

    clambermatic Registered Member

    Joined:
    Oct 10, 2007
    Posts:
    216
    In line with what has been stated... generally, it was true. But not in full agreement thou.

    Again, generally true. Hackers are an 'egoistical' lot. See?

    Now... Does anyone ever heard/read about "carnivore"?? Here is something for a reference~ http://epic.org/privacy/carnivore/#resources

    Back in mid-99, i was present for 2 months observing it at Caltech with some selected techies.

    Does anyone ever heard of a warez developer - packeeter? Googlelized that.
     
  21. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    That is easier then you think.

    Okay very unlikely? Look: http://i2.tinypic.com/7y7lyfq.png

    This thing is older then one or two years and extremely persistent.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    What does this screenshot show except your skills in paint?
    Mrk
     
  23. controler

    controler Guest

    See link below


    HD More & Val Smith, tested and mother approved.
    Original presentation at Defcon was like 150 min. this movie is about 40 min so they had to cut it down some.
    I see some of you actually viewd the movie.



    Target profiling
    Discovery tools


    Exploitation

    Getting remote access

    True this was mostly gaining access to company servers but on that page you should find a bunch more Defcon movies.

    example of targeting would be knowing that MOST companies employees username for e-mail is their actual real name ( john.smith@pen-test.com) or net LOL






    https://www.wilderssecurity.com/showthread.php?t=188711&highlight=solcroft

    http://video.google.com/videoplay?docid=8220256903673801959&hl=en
     
  24. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Lol, a alert of a driver called "s" that does not exist. A paradox. Just to inform you: The radioactive icon in AAK means red alert. That is rated as most dangerous from Spydex. No tool is able to find this "s" except AAK (and process explorer from external bootwindows cd), even comodo fails and all other ARK tools. (no matter if RkU (BSOD Nr.1), Gmer... and so on. Only AAK. The problem is you only can catch the echo of "s", probably it destroys itself after loading and re-implants itself when necessary with a unknown method.

    It is not possible to prohibit "s" because you need to restart and then it is already disappeared.
     
    Last edited: Dec 28, 2007
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Don't get offended, but I think you get thrills from chasing unknown ghosts. Really. All I see is a prompt from some unknown application seeing something it cannot fully interpret, hence the partial name - can be bad driver, badly coded remnant of some driver, many, many things.

    It definitely is no matrix thingie. And as to live cd boot, again, you're getting ahead of yourself. Boot from a linux CD - where windows drivers cannot possible have any existence, find the offender (call it that) and remove it. As simple as that. Very simple, very unimaginative, almost boring.

    Besides, this has NOTHING to do with hacking. You could have installed that thing yourself.

    People asked about IPs and network and firewalls. Nothing special. Just packets with special strings telling the system where they came from and what flag they carry. Boring and technical. No black magic.

    Mrk
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.