PCMech Forums - View Single Post

Toaster · 01-27-2002, 01:31 PM

Hello folks,
There are litterally HUNDREDS of "security hampering" "script kiddies" out there.
They, for the most part are aimed at the Micky$oft O/Ss because of the EASE in doing so.
Firewalls, IP Masks and the like IMPROVE security but by no means eliminate security errors.
The biggest problem is not "ports" or open areas but one of "privlages".
Once a user is logged on into a Micky$oft O/S, all privelages are GRANTED, period.
In the UNIX world (all forms of UNIX and Linux), the "super user" or "root account owner" has the say-so on program execution. Simple "users" cannot execute applications other then their own either purposely or "behind the scenes".
Many "hackers" use a "open port scan" and "ride" your IP. To you, nothing is going on when in fact EVERYTHING you do is watched.
Other goodies are "password/account" "sniffers" that ride along notating EVERY keystroke. This includes credit card info and countless other "sensitive" information.
When I buy goodies online, its done so in the UNIX world using Mozilla.
While no browser is "hacker proof", Mozilla is FAR safer then IE which almost advertizes your presence.

A recent method that gets downright scary is multiple DNS forwarding and masking.
This represents itself as a "clone" of your current IP and with the use of your "cookies", the user is essentially "you" with all your sensitive information at their fingertips. This was a UNIX only thing for a long time and is making its way into the Micky$oft world. The user or "hacker" now represents him/herself as "you" or someone elses IP and leaves you to take the blame.
Another method is "packet sniffers" and IP "socket" handlers.

I do system admin and security "hardening" as a "glorified hobby". I moved most of my clients out of the Micky$oft world into the relms of UNIX after a few "frightening" demonstrations.
One demonstration was to "redefine" the administrator and privlages remotely.
On average, this took about 20 minutes going through a "gateway" and routers.
With these newly aquired privlages, I had the run of the system and placed a "note" on every desktop saying thus:
"Your systems security has been comprimised, all data/information was made available and "could" be rendered.."public domain". Ask your ADMIN for details why this was done. No data was read/tampered with, please call 1-800-xxx-xxxx immediately before accessing remote systems."

That phrase alone scared the hell out of some users and rightfully so.
Now, using a UNIX O/S, the possibility of this is GREATELY reduced.
Firewalls are MEANINGLESS if they forward an IP, they actually make the job easier to some degree.
Its alot like locking your car doors and leaving the key in the lock.
Lucky for many users, hackers are looking for "bigger fish to fry".
However, if you present yourself as a target of opportunity....

01-27-2002, 01:31 PM	#18
Toaster Member (13 bit) Join Date: Apr 1999 Location: Now in Phoenix, AZ. Where next? Only 8 states left to see. Posts: 4,661	Hello folks, There are litterally HUNDREDS of "security hampering" "script kiddies" out there. They, for the most part are aimed at the Micky$oft O/Ss because of the EASE in doing so. Firewalls, IP Masks and the like IMPROVE security but by no means eliminate security errors. The biggest problem is not "ports" or open areas but one of "privlages". Once a user is logged on into a Micky$oft O/S, all privelages are GRANTED, period. In the UNIX world (all forms of UNIX and Linux), the "super user" or "root account owner" has the say-so on program execution. Simple "users" cannot execute applications other then their own either purposely or "behind the scenes". Many "hackers" use a "open port scan" and "ride" your IP. To you, nothing is going on when in fact EVERYTHING you do is watched. Other goodies are "password/account" "sniffers" that ride along notating EVERY keystroke. This includes credit card info and countless other "sensitive" information. When I buy goodies online, its done so in the UNIX world using Mozilla. While no browser is "hacker proof", Mozilla is FAR safer then IE which almost advertizes your presence. A recent method that gets downright scary is multiple DNS forwarding and masking. This represents itself as a "clone" of your current IP and with the use of your "cookies", the user is essentially "you" with all your sensitive information at their fingertips. This was a UNIX only thing for a long time and is making its way into the Micky$oft world. The user or "hacker" now represents him/herself as "you" or someone elses IP and leaves you to take the blame. Another method is "packet sniffers" and IP "socket" handlers. I do system admin and security "hardening" as a "glorified hobby". I moved most of my clients out of the Micky$oft world into the relms of UNIX after a few "frightening" demonstrations. One demonstration was to "redefine" the administrator and privlages remotely. On average, this took about 20 minutes going through a "gateway" and routers. With these newly aquired privlages, I had the run of the system and placed a "note" on every desktop saying thus: "Your systems security has been comprimised, all data/information was made available and "could" be rendered.."public domain". Ask your ADMIN for details why this was done. No data was read/tampered with, please call 1-800-xxx-xxxx immediately before accessing remote systems." That phrase alone scared the hell out of some users and rightfully so. Now, using a UNIX O/S, the possibility of this is GREATELY reduced. Firewalls are MEANINGLESS if they forward an IP, they actually make the job easier to some degree. Its alot like locking your car doors and leaving the key in the lock. Lucky for many users, hackers are looking for "bigger fish to fry". However, if you present yourself as a target of opportunity.... __________________ 2 goldfish were discussing Mythology. The discussion ended when a goldfish replied: "There MUST be a God, who changes the water?"