It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Hacker attack solution?

page: 1
1
<<   2 >>

log in

join
share:

posted on Nov, 3 2008 @ 06:05 AM
link   
Ok, so I might get flamed, or even a few eye rolls on this one, but here goes:

I've noticed that perhaps this site has attracted the attention of a hacker or two (and I'm sure many more over the years this has been up).

Since this is an internet based forum, has tapping your member's skills been considered as a possible security measure?

I'm sure some ATS members have some skill at hacking, or know how its done. Has it been considered to have a pool of dedicated members attempting to break in, then alerting staff when they've found a weak point?

As long as you had trustworthy members you'd appoint for this, you might be able to figure out the weaknesses before the "Bad guys" do...

just a thought....




posted on Nov, 3 2008 @ 06:23 AM
link   

Originally posted by nj2day
Has it been considered to have a pool of dedicated members attempting to break in, then alerting staff when they've found a weak point?


Yes!

This hacking philosophy is adhered to by the loosly termed "white hats" which, of course, is directly opposed to a malicious "black hat" individual or group.

Google is my best friend



posted on Nov, 3 2008 @ 06:25 AM
link   
reply to post by afaik
 


yup, there are white hats, black hats and grey hats...

Grey hats are somewhere in the middle lol

I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p

best part is, it would be free...



posted on Nov, 3 2008 @ 07:25 AM
link   


I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p


Couldn't tell you, I have no idea, sorry.



posted on Nov, 3 2008 @ 07:33 AM
link   
Hrmmmm.
I could run a few attacks on ATS.
But I do not want to get in trouble/banned/kicked/ call from isp provider or worse.


I would say any publicly owned web site is open to all sorts of stuff. and have many weak points. the best protection would be some one behind a desk constantly monitoring incoming packets to ATS. and I don't think some one has that kind of hand on there hands.



posted on Nov, 3 2008 @ 07:36 AM
link   
reply to post by LetsPlayFeedTheGater
 


lol yah, I've had the same thoughts... especially since they frown upon Proxy-ized surfing :p

but it wouldn't take much time... especially if they found 10-15 ATS members willing to participate...

All they'd need is our IP addresses up front to identify us between any real bad ppl...



posted on Nov, 3 2008 @ 07:40 AM
link   
Well, i dono about you,
but usually when im doing that "kinda" stuff, im connected to 10,000+ proxies , witch usually masks my ip.
And im not going to post my ip out there for a bunch of people to see!
U have some ones ip, countless things could happen.



posted on Nov, 3 2008 @ 07:47 AM
link   
Before this discussion goes any further I would just like to remind the particpants of the Terms & Conditions Of Use...




2e.) Illegal Activity: Discussion of illegal activities; specifically mind-altering drugs, computer hacking, criminal hate, sexual relations with minors, and stock scams are strictly forbidden. You will also not link to sites that contains discussion of such material.
...
5a) Unauthorized Access: You will not attempt to access any protected sections of the message board, nor make use of any hacks, cracks, bug exploits, etc. to bypass or modify the features of the forum software or to obtain information beyond the allowed features of your account status. Doing so will result in immediate termination of your account.


Edit to emphasize.


[edit on 3-11-2008 by Gemwolf]



posted on Nov, 3 2008 @ 07:53 AM
link   
reply to post by Gemwolf
 


Gem,

Just so i'm not misunderstood, I was asking about if the powers at ATS had considered using their member talent to help secure their site


I'm not trying to support illegal hacking, but was asking if they had considered using legal hacking from our computer geek crowd that frequent the site.

There is a market out there for white hatters... some companies who are testing out new firewalls and such offer rewards for people who can break into their system. This helps them close up the security holes that were exploited to gain access...

Just wanted to make sure everyone, especially the Mods understood what I'm talking about.



posted on Nov, 3 2008 @ 07:56 AM
link   
reply to post by LetsPlayFeedTheGater
 


you wouldn't need to post it for "all to see"...

only the three amigos, and their site admins would really need it. Its the only way that they could identify between good guys and bad guys.

I would think that if something like this were used on the site, pre-sharing your IP, and possibly more personal information would be needed to make sure you don't go "rogue"...

Its food for thought really, I was just wondering if it had been considered...

I know Hacking sounds scary, and Hackers tend to get bad publicity... but there is an official job title in the real world for (White hat) hackers: Security Systems Analyst.



posted on Nov, 3 2008 @ 08:06 AM
link   
another thought: Since most malicious attackers will use a proxy server to attack, so they aren't discovered... could ATS use the current lists of proxies that are updated daily on the internet, and restrict the IPs right off the site?

Restricting the use of the anonymous proxy lists would limit where someone could attack from...

There's no way it could ever be all inclusive... but the most visible ones being blocked might be a start...

If there isn't a web tool or site admin tool in place for this already, i'm cringing at the amount of programing finesse it could take to pull it off lol



posted on Nov, 3 2008 @ 08:06 AM
link   
reply to post by nj2day
 


I understand. I saw the conversation going to the "I've hacked so and so", and I just wanted to remind participants not to go down that avenue.

Edit: Clarity

[edit on 3-11-2008 by Gemwolf]



posted on Nov, 3 2008 @ 08:14 AM
link   
reply to post by Gemwolf
 


Gotcha
thanks for the reminder


although, if a hacker had anything worth bragging about, it would probably be best never to tell anyone what they did.


But, there are a lot of idiots in the world...



posted on Nov, 3 2008 @ 08:15 AM
link   
I'm pretty sure the site administrators have messed around with it themselves. I have a friend who wanted to "hack proof" his computer so his friends went after it and did what they could. Then they fixed the holes so to speak.

I'm sure your pretty safe here why would they waste their time on a site like this? I'm sure they want the same info we look for here.



posted on Nov, 3 2008 @ 08:16 AM
link   
reply to post by Gemwolf
 

was saying I could run a few test's
But don't want to for fear of banned/ amoung other things..


Current list's of working proxies?
that wold be a waste of time as in there is no daily update to working proxies ( i think) and there and 100 of thousands if not more proxies. Heck any personal computer could produce a proxy for another person.
from my understanding, a proxy is just the IP of a server machine, like a computer network in some store. or a building that has there network connected to the net.


- Hope I didn't post out of T&C.



posted on Nov, 3 2008 @ 08:21 AM
link   
reply to post by LetsPlayFeedTheGater
 


per T&C, i'm not going to sight sources on this, but yah, there are lots of sites that only exist to search and publish a list of anonymous proxies everyday... some do it more than once a day...

the best ones you have to "know" how to get to, but they are a time saving tool for the amateurs who aren't that skilled...

there's no stopping a skilled hacker... hacking is like 20% knowledge, and 80% spare time... anyone with enough time can get whatever they want...



posted on Nov, 3 2008 @ 02:20 PM
link   
Most of this is dangerous anymore. A company was convicted of intrusion because they did a dns dig on a zone to find internal IP addresses. IE: They asked a server to do it's job and tell them IP addresses.. sad.

I suspect that most of the basics are defended (aside from mim attacks which wouldnt be an ATS thing). The rest of the testing could bring down the sight (from sql injects to port jamming or basic underruns etc.).

BTW: A proxy is a server that does the work and hands to you. "10,000 proxies" smells more like a botnet...

(edit, forgot to include my point
)

Because the 'testing' could bring the site down, do everyone a favor and think twice, then go watch TV instead of looking up scripts to 'help' the staff find vulnerabilities.

[edit on 3-11-2008 by lordtyp0]



posted on Nov, 3 2008 @ 03:41 PM
link   
reply to post by lordtyp0
 


well, it could bring down the site if you inject malicious code...

If someone where to find a weakness such as a place on the site vulerable to SQL injections, or Java injections or the like, the person discovering this would not have to inject any sort of code...

The idea that you found a spot that is vulnerable to these attacks is sufficient, and that is when you'd let the three amigos know....

Think of the last attack that SO posted: Injections into the advanced search function...

If a member had found this was possible first, they could have let the amigos know of the weakness... and they could have patched up the hole before it was taken advantage of....

bringing down the entire website, or a denial of service attack, actually would take a lot of work... I could not imagine anyone "accidentally" bringing down ATS...



posted on Nov, 3 2008 @ 03:55 PM
link   

Originally posted by nj2day
reply to post by afaik
 


yup, there are white hats, black hats and grey hats...

Grey hats are somewhere in the middle lol

I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p

best part is, it would be free...



So do the gray hats cover the tin foil department?
Sorry if this is off topic, but why is it you cannot give this thread a star? Ive seen this happen a couple other times as well.



posted on Nov, 3 2008 @ 03:59 PM
link   

Originally posted by Darthorious
I'm pretty sure the site administrators have messed around with it themselves. I have a friend who wanted to "hack proof" his computer so his friends went after it and did what they could. Then they fixed the holes so to speak.

I'm sure your pretty safe here why would they waste their time on a site like this? I'm sure they want the same info we look for here.


yeah this method is known as a penetration test and all the server service companies do it, including Anitian enterprise security



new topics

top topics



 
1
<<   2 >>

log in

join