Police set to step up hacking of home PCs

Wouldn't the simplest way to protect your files from snoopers be to manually change the filetype?

eg: change 'filename.txt' to 'filename.xxx' in the properties field?

Sorry, you are VERY mistaken and have not the slightest idea of how cracking a system is done. I have been in the security field since I was thirteen years old, and I am now twenty four. I assure you that there is many ways to get into a system that does not require the user to install a trojan.

portbind shellcode, executed via remote stack overflow found in whatever service someone finds a fault in. This requires you to do NOTHING and you are wide open to having someone full control over you system. Look up the MS08-067 security vulnerability when you get a chance. Before this was patched, and chances are there are still many systems that are affected, it allowed you full access to any Windows system without some lame method of having to download a trojan on your target system.



So with a little programming knowledge, the ability to use a debugger such as gdb, general knowedge of overflows, add in some shellcode, and you have yourself a remotely exploitable peice of code, unrestricted access to any system you desire.

example:

Usage: ./code -target ip- -OS-
Example: ./exploit.pl 192.168.1.1 2
Select OS Version
[-]Windows 2000: OS Version = 1
[-]Windows 2003[SP2]: OS Version = 2
[-]Windowx XP[SP2]: OS Version = 3

result:

Exploit sent to target successfully... Telnet to port 4444.


So I then telnet to port 4444 (or whatever I programmed the shellcode to start up the portbind on) and am greeted with a wonderful command prompt that has full control over your system.


There exists MANY security vulnerabilities that work just as this one has shown and there is nothing you can do about it but to patch them as soon as possible. Also, this has been released and there still exists many, many systems that fall victim to this exact exploit. As for unreleased code, that is a whole new world and requires very little work to crack a system. I have zero days that friends and I have written that would work on the majority of systems if we felt the need. You obviously have been living under a rock when it comes to the field of system security. No system is safe unless it is disconnected from the internet completely.



[edit on 1/4/2009 by deadline527]

[edit on 1/4/2009 by deadline527]

reply to post by lightchild

---

There is really nothing to keep someone from putting illegal material on your machine, especially if you are a Windows user.

With a USB key and physical access, it is even easier.

Maybe I know you personally, and I don't like you. So I come to your home or place of business under false pretenses, then when you step off to the bathroom I copy some jihad-ish mess onto your hard drive in a Program Files folder. Then the next day I call the cops from a payphone or disposably cheap prepaid cellular phone and dime you out.

Now you are in the lockup for something that, though you had nothing to do with it, was really on your physical machine. Now almost everybody in your town thinks you are a "terr'rist"... as will the jury when you are convicted and sentenced. *

* unless you are in the U.S., in which case you will receive no trial

reply to post by citizen smith

---

No, the contents of the file, its genetic makeup if you like remains intact. Your typical virus scanner would be able to detect the presence of a virus in a renamed executable (.exe) file for example.

Within modern versions of the Windows Operating system, its actually possible to hide a file within another file using alternate NTFS streams. However a competent file scanner will still be able to detect this.



[edit on 4-1-2009 by freeradical]

reply to post by Darthorious

---

Your post couldn't have said it any better.Thats what id do.Knowledge is power after all.

It's funny, they claim it to catch the bad guy's, trouble is, the bad guy's and the really really bad guy's have systems in place to stop anyone gaining access. Jo Public hasn't go a clue and it's Jo Public who are the real targets in this.

I cannot quote anywhere, but you're thinking far too simply about it. Computers can supposedly be hacked via the power line believe it or not.

How on earth would you continue day to day life whilst trying to prevent that?

Edit: It is unquestionably and invasion of privacy, but I don't care too much. I'm largely a law abiding citizen. Of course every individual breaks the occasional law, if purposely or not purposely.

But, in all honesty as long what I do not know doesn't hurt me, I'm not overly concerned. In my personal opinion I think this could be used to greatly reduce some of the more sickening crimes, which if it is I'm all for.

[edit on 4-1-2009 by MrAnonUK]

Yeah that would be great, specially for all of us living in other countries, and specially if they will use back-doors built onto the OS by Microsoft.



Yeah, i know that feeling ha ha. And i would do the same if it were to happen to me.

This is really dumb, creating back-doors like this will only make it easy for every cracker out there to own any system they want, increasing the zombie machine count by thousands, once the back-door is added, there's no way that code will remain hidden from those who know how to hack windows systems, this is classic, someone who really can 'get it' must be behind all this.

How funny.


Edited because i am drunk, a little

[edit on 4-1-2009 by Kaifan]

Im glad the US doesn't do this...Oh wait we just don't know its happening! I suggest you all download peer guardian 2. In america, you can see the IP's accesing your computer, one day I got one that was the good ole' DoD.

reply to post by Britman

---

Well thats certainly true, I couldn't agree more. The methods used to protect the bad guys are also used by every day people to protect themselfs from control freak governments. For example we've all heard of the great firewall of China, some tech-savy Chinese employ the use of proxies to get around this so that they can enjoy the full-fat freedom of the Internet. Off course if they are caught doing so then....

Why doesnt the government go one further and install a camera into everyones home, whats the difference between that and remote scanning someones computer without jumping through the legal hoops? The camera will only be activated if the government has reason to do so of course!


[edit on 4-1-2009 by freeradical]

reply to post by skoalman88

---

Yes, Linux is the way to go - I agree with you . The live DVD edition of Knopix is also good. Live edition (for beginners) simply means that you do not install any operating system into your computer, actually you do not even need a harddrive - all you need is a DVD unit.
This is far the most secure way of surfing the net etc - however the warning is that the system can be bit slow .

For the rich people however , you can swap that DVD into a RAM drive : simply a HDD made up of RAM memories . This would make it instant , however the RAM drives can be expensive..

I use Windows for YouTube and stuff, but i never access bank/emails without Linux. I use SUSE 11 here..

lets hope this is run just by uk bobby.By far not the smartest people on the planet.Still 10 years behind us so they say.

reply to post by sty

---

Seems a little overkill unless your planing terrorist attacks.

10 years behind your (the US if you meant, U.S.) power abusive policing? Yeah right.

[edit on 4-1-2009 by MrAnonUK]

Nah, unless information could sent and received by power line, which current computers do not do, that's impossible. network communication needs more than that to work.



Problem is, since the back-door is there, sooner or later someone will find out how to get into any computer, then, think about it, they could use your computer at their will, commit any crime, and guess who will be charged for that, and how can you prove it wasn't you?. It was made from your home computer after all..

As deadline527 a few posts ago, no computer is safe while connected to the network, and if gov will be able to search your pc whenever they want, expect to see other people doing the same, expect abuse and expect the worst, because if they can do it, everyone else can do it as well.

Not too sound pessimist, but it is really easy to see how this could be use to create zombie networks, to frame people and god knows what else, evil minds can imagine great things, evil things, but great anyway

Id say just wipe your hard drive once a month and do fresh installs of windows.Keep all sensative info on disc and keep a microwave on your computer desk.

reply to post by MrAnonUK

---

yes I ment U.S and im english.

reply to post by humanaqurian

---

hehe, you do not need to do that . If your PC is decent enough you can use a Virtual PC for your surfing. Everyting you do can be wiped when you turn the pc off, then next time you turn on the pc you get a brand new pc HDD (virtual one) .

Look here:

www.virtualbox.org...

however, as someone said however - the best way to keep your PC safe is to keep it unconnected haha

[edit on 4-1-2009 by sty]

Re-formatting your hard-disk doesn't erase the data it contains unfortunately. Windows wasn't really designed as a totally secure operating system, oh certainly its improved over the years but it still doesn't come with a built-in method to scramble/erase personal data.

[edit on 4-1-2009 by freeradical]