Police set to step up hacking of home PCs, page 3
Pages: <<  1    2    3    4    5    6  >>
ATS Members have flagged this thread 31 times


reply posted on 4-1-2009 @ 04:54 PM by deadline527
Originally posted by captiva
reply to post by johnsky


Even encrypted I would be kinda wary of something called plans to kill !

All you need to do is be aware. There isnt a key-logger I know that wont be found by any active virus checker.

To be hacked, you need to be conned into being hacked. On-line transactions etc are unsafe and you should not be giving your info to anyone.

The only thing that should be sacred is your anonimity. Build it, protect it.

Respects


Sorry, you are VERY mistaken and have not the slightest idea of how cracking a system is done. I have been in the security field since I was thirteen years old, and I am now twenty four. I assure you that there is many ways to get into a system that does not require the user to install a trojan.

portbind shellcode, executed via remote stack overflow found in whatever service someone finds a fault in. This requires you to do NOTHING and you are wide open to having someone full control over you system. Look up the MS08-067 security vulnerability when you get a chance. Before this was patched, and chances are there are still many systems that are affected, it allowed you full access to any Windows system without some lame method of having to download a trojan on your target system.


This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000-based, Windows XP-based, and Windows Server 2003-based systems, an attacker could exploit this vulnerability over RPC without authentication and could run arbitrary code. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. The Server service provides file, print, and named pipe sharing over the network.

The vulnerability is caused by the Server service, which does not correctly handle specially crafted RPC requests.


So with a little programming knowledge, the ability to use a debugger such as gdb, general knowedge of overflows, add in some shellcode, and you have yourself a remotely exploitable peice of code, unrestricted access to any system you desire.

example:

Usage: ./code -target ip- -OS-
Example: ./exploit.pl 192.168.1.1 2
Select OS Version
[-]Windows 2000: OS Version = 1
[-]Windows 2003[SP2]: OS Version = 2
[-]Windowx XP[SP2]: OS Version = 3

result:

Exploit sent to target successfully... Telnet to port 4444.


So I then telnet to port 4444 (or whatever I programmed the shellcode to start up the portbind on) and am greeted with a wonderful command prompt that has full control over your system.


There exists MANY security vulnerabilities that work just as this one has shown and there is nothing you can do about it but to patch them as soon as possible. Also, this has been released and there still exists many, many systems that fall victim to this exact exploit. As for unreleased code, that is a whole new world and requires very little work to crack a system. I have zero days that friends and I have written that would work on the majority of systems if we felt the need. You obviously have been living under a rock when it comes to the field of system security. No system is safe unless it is disconnected from the internet completely.



[edit on 1/4/2009 by deadline527]

[edit on 1/4/2009 by deadline527]


reply posted on 4-1-2009 @ 05:34 PM by Symbiote
reply to post by lightchild


There is really nothing to keep someone from putting illegal material on your machine, especially if you are a Windows user.

With a USB key and physical access, it is even easier.

Maybe I know you personally, and I don't like you. So I come to your home or place of business under false pretenses, then when you step off to the bathroom I copy some jihad-ish mess onto your hard drive in a Program Files folder. Then the next day I call the cops from a payphone or disposably cheap prepaid cellular phone and dime you out.

Now you are in the lockup for something that, though you had nothing to do with it, was really on your physical machine. Now almost everybody in your town thinks you are a "terr'rist"... as will the jury when you are convicted and sentenced. *

* unless you are in the U.S., in which case you will receive no trial



reply posted on 4-1-2009 @ 05:40 PM by freeradical
reply to post by citizen smith


No, the contents of the file, its genetic makeup if you like remains intact. Your typical virus scanner would be able to detect the presence of a virus in a renamed executable (.exe) file for example.

Within modern versions of the Windows Operating system, its actually possible to hide a file within another file using alternate NTFS streams. However a competent file scanner will still be able to detect this.



[edit on 4-1-2009 by freeradical]


reply posted on 4-1-2009 @ 05:41 PM by humanaqurian
reply to post by Darthorious


Your post couldn't have said it any better.Thats what id do.Knowledge is power after all.


reply posted on 4-1-2009 @ 06:01 PM by freeradical
reply to post by Britman


Well thats certainly true, I couldn't agree more. The methods used to protect the bad guys are also used by every day people to protect themselfs from control freak governments. For example we've all heard of the great firewall of China, some tech-savy Chinese employ the use of proxies to get around this so that they can enjoy the full-fat freedom of the Internet. Off course if they are caught doing so then....

Why doesnt the government go one further and install a camera into everyones home, whats the difference between that and remote scanning someones computer without jumping through the legal hoops? The camera will only be activated if the government has reason to do so of course!


[edit on 4-1-2009 by freeradical]


reply posted on 4-1-2009 @ 06:02 PM by sty
reply to post by skoalman88


Yes, Linux is the way to go - I agree with you . The live DVD edition of Knopix is also good. Live edition (for beginners) simply means that you do not install any operating system into your computer, actually you do not even need a harddrive - all you need is a DVD unit.
This is far the most secure way of surfing the net etc - however the warning is that the system can be bit slow .

For the rich people however , you can swap that DVD into a RAM drive : simply a HDD made up of RAM memories . This would make it instant , however the RAM drives can be expensive..

I use Windows for YouTube and stuff, but i never access bank/emails without Linux. I use SUSE 11 here..


reply posted on 4-1-2009 @ 06:05 PM by humanaqurian
reply to post by sty


Seems a little overkill unless your planing terrorist attacks.


reply posted on 4-1-2009 @ 06:07 PM by Kaifan

I cannot quote anywhere, but you're thinking far too simply about it. Computers can supposedly be hacked via the power line believe it or not.

How on earth would you continue day to day life whilst trying to prevent that?



Nah, unless information could sent and received by power line, which current computers do not do, that's impossible. network communication needs more than that to work.


Edit: It is unquestionably and invasion of privacy, but I don't care too much. I'm largely a law abiding citizen. Of course every individual breaks the occasional law, if purposely or not purposely.


Problem is, since the back-door is there, sooner or later someone will find out how to get into any computer, then, think about it, they could use your computer at their will, commit any crime, and guess who will be charged for that, and how can you prove it wasn't you?. It was made from your home computer after all..

As deadline527 a few posts ago, no computer is safe while connected to the network, and if gov will be able to search your pc whenever they want, expect to see other people doing the same, expect abuse and expect the worst, because if they can do it, everyone else can do it as well.

Not too sound pessimist, but it is really easy to see how this could be use to create zombie networks, to frame people and god knows what else, evil minds can imagine great things, evil things, but great anyway


[edit on 4-1-2009 by Kaifan]


reply posted on 4-1-2009 @ 06:12 PM by sty
reply to post by humanaqurian


hehe, you do not need to do that . If your PC is decent enough you can use a Virtual PC for your surfing. Everyting you do can be wiped when you turn the pc off, then next time you turn on the pc you get a brand new pc HDD (virtual one) .

Look here:

www.virtualbox.org...

however, as someone said however - the best way to keep your PC safe is to keep it unconnected haha

[edit on 4-1-2009 by sty]
Pages: <<  1    2    3    4    5    6  >>    ^^TOP^^




Newest topics getting replies, in real-time:

Anonymous hacks CIA
  Breaking Alternative News, Posted 15 hours ago, 112 replies
Free Psychic Readings
  General Chit Chat, Posted 11 hours ago, 96 replies
Hollow Earth Theory New Evidence.
  General Conspiracies, Posted 9 hours ago, 62 replies
Anonymous show your face!
  Rant, Posted 6 hours ago, 58 replies
Free will
  Philosophy and Metaphysics, Posted 13 hours ago, 50 replies