Your Ad Here Your Ad Here
Results 1 to 10 of 10

Thread: Very Important

  1. #1
    shn's Avatar 3μ|\|(7
    Join Date
    May 2003
    Posts
    3,585
    A little far fetched but this is an example of what happens when you:

    Do not update or refuse to use antivirus software
    Fail to have sufficient firewall (software or router)
    Think that getting hacked wont happen to you.
    Neglect to consider the fact that your box could be compromised right now



    Expert slams outlandish hacker claims
    By Robert Jaques [27-06-2003]
    Suggestion that hackers control three million servers is 'nonsense'


    Security expert Neil Barrett has poured scorn on research released this week claiming that hackers are in control of at least three million servers around the world.

    Intrusion prevention system vendor Trustcorps said that it had "scientific and anecdotal" research indicating that the average hacker 'owns' between 600 and 800 systems at any time.

    The company estimated that there are at least 1,000 hacker groups, with an average of five hackers per group each owning at least 600 systems. Each hacker will own a compromised system for six months on average.

    An extrapolation of these statistics by the security firm suggests that there are a minimum of three million systems owned by hackers at any one time.

    "Much hacking is focused simply on 'ownership': knowing that you have complete and unfettered access to, and control over, a system," said Trustcorps.

    "It is extremely desirable for someone to 'own' millions of dollars worth of computing power, and for the people they have 'stolen' it from to be completely unaware."

    But Barrett, technical director at Information Risk Management, questioned how any hacker could own 600 computers at any one time.

    From his experience working with the police, he said that hackers typically control no more than 12 systems at any time.

    "The sheer mechanics of 600 computers - no. How can you control 600 computers?" he said.

    Barrett added that a system is often not 'owned' by a single hacker, because others will have discovered the vulnerabilities as well.

    But Trustcorps insisted that, while some hackers will launch targeted attacks on specific systems, taking weeks or months to penetrate them, this is unusual because much hacking is automated and indiscriminate.

    Hackers use automated scanning tools to search for systems they can attack successfully. This way they can penetrate and own hundreds or even thousands of machines in a few hours, the company claimed.
    Source -- http://www.vnunet.com/News/1141901

  2. Internet, Programming and Graphics   -   #2
    Good article shn. Hope this enlightens the users who laugh at the people who use firewall and are a little paranoid.
    <span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
    <span style='color:blue'>Try not to let your mind wander...it is too small and fragile to be out by itself</span>

  3. Internet, Programming and Graphics   -   #3
    muchspl2
    Guest
    where&#39;s the ass that said anyone who uses a AV and firewall were stupid
    what a tool he was, compleatly oblives to all the shit on the net, he also said he was the "founder/owner" of gamecopyworld in his sig

  4. Internet, Programming and Graphics   -   #4
    Dam they know I best pack me bags, sell the house, blow up the PC after smashing it & run



  5. Internet, Programming and Graphics   -   #5
    h1
    Guest
    Firewalls are your friend.

  6. Internet, Programming and Graphics   -   #6
    Robert00000's Avatar Interweb Fantasist BT Rep: +1
    Join Date
    Dec 2003
    Age
    14
    Posts
    1,518
    Whats the most popular method of hacker attack (to gain control of a server), is it bruteforce?

    If so it can easily be prevented by using longer passwords and a more varied combination of characters, but too many people don&#39;t.

    I&#39;ve seen many hackers use accessdiver and other bruteforce software to gain entry into other peoples accounts (used it myself to test security of my server). But these software can only gain access if the login info has common words in them.

    If repeated failure from a particular proxy is detected it can be blocked by installing a script on the server.

    The reason a lot of servers are vulnerable is because the people who run them don&#39;t know much about security, and so get attacked.

    As for home pc&#39;s, i think strong firewall should be installed by default on the OS, something similar to zonealarm with component varification activated. This way people who use it will be forced to learn about the security of their system.
    Robert00000

  7. Internet, Programming and Graphics   -   #7
    SeK612's Avatar Poster BT Rep: +10BT Rep +10
    Join Date
    Nov 2002
    Location
    UK
    Posts
    739
    Access Driver struggles if a server has a proxy killer (basically blocks the IP after a few incorrect logins) or spits out fake logins. Of course some of these protections can be gotten around using different programs but on the whole they act as a pretty good deterent.

  8. Internet, Programming and Graphics   -   #8
    mogadishu's Avatar {}"_++()_><.,{}}[":+
    Join Date
    Jun 2003
    Posts
    2,759
    You can use various programs to leech proxies from the web (hundreds of thousands at a time) then test them in a proxy analyzer that uses a proxy judge. I did this one on my friends server and sure enough I got 2 hits.. (heh they were something like username:password and admin:password) But anyway.. you can get like 10,000 working proxies then the scropts that block those proxies can block all they want, u still have a ton.

    But do you really have access to the whole server ( i didnt try beyond changing a few settings)? I would think the hackers have more advanced tools than access diver.
    signature removed, check the boardrules.

  9. Internet, Programming and Graphics   -   #9
    SeK612's Avatar Poster BT Rep: +10BT Rep +10
    Join Date
    Nov 2002
    Location
    UK
    Posts
    739
    Yes you can get around a proxy killer with lots of proxies. I believe you can get around fake pass servers using other programs (Sentry is one I&#39;ve heard of). In my experience programs like Access Driver are used mostly for brute forcing porn sites and getting access for free. Actually breeching a top level server (and doing stuff like changing the sites pages) takes alot more work and loads of different methods.

  10. Internet, Programming and Graphics   -   #10
    mogadishu's Avatar {}"_++()_><.,{}}[":+
    Join Date
    Jun 2003
    Posts
    2,759
    yea, i used access diver to get into his php control thingi.. i forget what it was called.
    signature removed, check the boardrules.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •