reply to post by Indigent
Two years ago a friend of mine called me paranoid because I have a triple head setup, I run linux and I have a kde widget embeded in the background of
one of my monitors that's constantly monitoring Snort IDS, all incoming/outgoing connections + ports and usblockdown with a strick set of rules that
only accept input data from the vendors of the USB devices I own and pops me alert on the widget of anything fishy on my network or if something comes
from a USB stick.
NOW WHO'S LAUGHING!!!
no one because it was true? it is a sad news
edit on 15-1-2014 by Indigent because: ''is'' was missing
If you take in account it takes a single click to a link thats hooked with codes you'll never see that is getting run transparently to the page your
going to see if you will, which can then forward you to a server that'll automatically detect which version of browser your using, the operating
system its on, guess the version and launch an automated custom attack using those parameters to then exploit a hole in the browser so a payload can
be uploaded... Than a post-exploitation script can automatically be fired to kill all traces and erase logs all within minutes. From there all the
websites you've been, passwords to all your bank accounts, any credit card number you type on will be caught and sent back to the attacker.
And thats not the NSA champ...
And thats only moderately sophesticated in terms of attack... Thats the stuff most kids with mid grade computer knowledge can find how to do on
youtube. You don't want to hear about the more high end stuff trust me... For 20$ at radio shack I can McGiver you a device that plugs into a power
socket and stiff ever single damn keystroke of an entire building by pluging it into 1 power socket... As long as they have PS2 keyboards and those
are still commonly used.
There's a huge difference between paranoiya and awareness...
Those codes get injected in publicity ads you see often pretty much everywhere because said companies doesn't verify the codes in the adds they just
bother with taking payment and displaying it...
Thats how the Zeus banking trojan worked and which helped them steal over 70millions from poor folks that would say the same thing you just did, hell
you might even be one of them and you'll only find out in a couple of years...
At this very moment your name, address and enough info is probably in the hands of someone thats just waiting a year or two to order some credit cards
in your name. The trick is they catch the info and wait as long as possible before using it, it makes it almost impossible to trace back to how they
got it in first place...
I personally know someone that went to BC once in her life about 5 years ago and used a credit card which was used last year again in BC... they
waited 4 years to use the stolen info...
I work in the field of security and with the stuff that I know it would make you paranoid to the point where you wouldn't even leave your bedroom... A
guy that owns a pizza shop I know told me about 3 months ago he had installed security cam in his house that he could access anytime with his phone. I
told him to get reg cameras that just record to a DVR type of device cuz those could be hacked within minutes, he wouldn't believe me... took me about
5 minutes because the particular make and model have an embeded backdoor. 90% of them either have no default admin user/pass, either they have some
but they are admin/pass or admin/default or admin/admin and in the best case scenario a backdoor thats not logged like the model he had...
He turned green and purple when I shown him I could watch him in his house anytime I wanted or anyone else on the internet that knew how and could
just scan his address and his the camera firmware page would be able to do the same... Hell he prolly was or would of ended up listed on
edit on 15-1-2014 by _R4t_ because: (no reason given)