Donate Now
We've Moved! Check out our new boards.
  New Poll  
my profile | directory login | search | faq | forum home

  next oldest topic   next newest topic
» Scarleteen Boards: 2000 - 2014 (Archive) » SCARLETEEN CENTRAL » Sexual Ethics and Politics » Government mandated hacking? Into YOUR computer? (Page 2)

 - UBBFriend: Email this page to someone!   This topic comprises 2 pages: 1  2   
Author Topic: Government mandated hacking? Into YOUR computer?
Jeffrey
Activist
Member # 5304

Icon 1 posted      Profile for Jeffrey     Send New Private Message       Edit/Delete Post 
[whoops, double post] please delete

[This message has been edited by Jeffrey (edited 10-27-2001).]


Posts: 107 | Registered: Sep 2001  |  IP: Logged | Report this post to a Moderator
sapphirecat
Activist
Member # 5317

Icon 1 posted      Profile for sapphirecat     Send New Private Message       Edit/Delete Post 
Wow, those smileys do a lot to change the perceived tone

Anyway, feel free to call it paranoia if you must; in Real Life(tm), you can't guarantee that every piece of software is going to be bug-free (DLL Hell comes to mind, as does glibc), especially since a database and SQL server are a bit more complex than TOC.

One last thing for tonight... I want to mention that security is a custom thing, and if you are immune to social engineering, that's cool, but the rest of the people in XYZ Corp. might not be. And no matter how secure that server is, it's not going to help much if your border router has a default password, or someone decides to target you with a ping flood.

------------------
Sapphire Cat
You can love me or hate me, but it won't change who I am.

[This message has been edited by sapphirecat (edited 10-27-2001).]


Posts: 235 | From: Louisville KY (St. Matthews) | Registered: Sep 2001  |  IP: Logged | Report this post to a Moderator
cypress
Neophyte
Member # 5925

Icon 14 posted      Profile for cypress     Send New Private Message       Edit/Delete Post 
This entire post is rather amusing I must say.

Hereís how to get into a win95 box that is not running a firewall with a fun little trogon horse.

First download a version of Netbus. It consists of a client and a server. The server is installed on the target machine through a variety of methods. To install the server on the target computer running win95 or ME for instance can be done by sending the program via email or telling the user that the download is a really cool game. The user who doesnít know any better runs the program and depending on how the file was built apparently nothing happens or the server was bound to a small game. The target is none the wiser. You can then connect to the target pc if you know the ip of the computer. After connecting you can get screenshots or delete important files in the system directory of the target computer.

I had fun with my friends as we tried to connect to each other and send them messages to say how lame we were for using netbus before we reset their internet connection. In that case icq was used to transfer the server files to the pc and find the ip of the computer to connect to and see if the computer in fact was disconnected. It was a fun and simple but highly scalable prank.

Iím happy for you and your secure MS boxes. I just love to observe all the packets going in and out of my pc. I donít suppose you have telnet installed?


Posts: 6 | From: Sydney Australia | Registered: Nov 2001  |  IP: Logged | Report this post to a Moderator
cypress
Neophyte
Member # 5925

Icon 7 posted      Profile for cypress     Send New Private Message       Edit/Delete Post 
just with the icq exploits.. different versions have different problems one of them was sending url's. it was possible to write you own packets that had room for just enough assembly code to execute a command of your choice that would run on the recievers pc. That's probably the worst I've seen for icq though
Port scanning is harmless if there is nothing to find I suppose. If there is then it becomes usefull which is why I suppose one was built into some versions of Back Orifice.

As a final thought it's fantastic that Apple or ms provide fixes for exploits etc but just because they have a fix doesnít mean that the target box hasnít been updated. Iím sure you donít have that problem.


Posts: 6 | From: Sydney Australia | Registered: Nov 2001  |  IP: Logged | Report this post to a Moderator
Confused boy
Activist
Member # 1964

Icon 1 posted      Profile for Confused boy     Send New Private Message       Edit/Delete Post 
Just thought of something related to this. My Norton 2000 recently self destructed. The reason turned out to be an auto-update that was not completely compatible with this plder version. There was no suitable patch to fix it on the site. What a very comvenient way of forcing people to buy a new version of Norton every year which is updateable. Utterly callous.

------------------
'An Anarchist is a Liberal with a bomb' Trotsky


Posts: 711 | From: England | Registered: Nov 2000  |  IP: Logged | Report this post to a Moderator
sapphirecat
Activist
Member # 5317

Icon 1 posted      Profile for sapphirecat     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by cypress:
I?m happy for you and your secure MS boxes. I just love to observe all the packets going in and out of my pc. I don?t suppose you have telnet installed?

Telnet? Yeah, I have a telnet client. Last time I used it was last semester, talking raw SMTP to a mail server just because I could. I have a telnet daemon, too, which I used once (with my machine disconnected) to gain experience in configuring it to run both standalone and via xinetd.

Meanwhile, back on Windows, trojaning a system requires the user to run the trojan, and then it doesn't matter whether the system is firewalled or not. (Well, if you have ZoneAlarm, it'll ask whether you want to let the program Whack-A-Mole.EXE access the Internet. If you say "yes", game over.)

I think, looking back with 20/20 hindsight, that computer security is way too complex of an argument to say "This box is secure because the patches and a firewall are installed." It also depends on the users (social engineering, black hats), the tools (telnet vs. ssh, xhosts vs. mit-magic-cookie), and how well-configured those are (cross-site scripting, sendmail relaying). And of course, any holes exist whether there's a patch for them or not.

------------------
Sapphire Cat
You can love me or hate me, but it won't change who I am.


Posts: 235 | From: Louisville KY (St. Matthews) | Registered: Sep 2001  |  IP: Logged | Report this post to a Moderator
cypress
Neophyte
Member # 5925

Icon 1 posted      Profile for cypress     Send New Private Message       Edit/Delete Post 
yup
Posts: 6 | From: Sydney Australia | Registered: Nov 2001  |  IP: Logged | Report this post to a Moderator
Jeffrey
Activist
Member # 5304

Icon 1 posted      Profile for Jeffrey     Send New Private Message       Edit/Delete Post 
"This entire post is rather amusing I must say. Hereís how to get into a win95 box that is not running a firewall with a fun little trogon horse."

Hmm. Who are you responding to? I don't consider social engineering to be hacking at all since firewall or not, you can trick someone into doing anything.


Well, anyways, I stand by my original statements, my computer (OS 9/X) is almost completely 'invincible'. Granted, now I know how insecure certain operating systems are, and I agree, if Windows is truly that insecure I guess a firewall is very important.


Posts: 107 | Registered: Sep 2001  |  IP: Logged | Report this post to a Moderator
  This topic comprises 2 pages: 1  2   

  New Poll   Close Topic   Feature Topic   Move Topic   Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:


Contact Us | Get the Whole Story! Go Home to SCARLETEEN: Sex Ed for the Real World | Privacy Statement

Copyright 1998, 2014 Heather Corinna/Scarleteen
Scarleteen.com: Providing comprehensive sex education online to teens and young adults worldwide since 1998

Information on this site is provided for educational purposes. It is not meant to and cannot substitute for advice or care provided by an in-person medical professional. The information contained herein is not meant to be used to diagnose or treat a health problem or disease, or for prescribing any medication. You should always consult your own healthcare provider if you have a health problem or medical condition.

Powered by UBB.classic™ 6.7.3