My OperaHackers, Phreakers, Geeks, PEN Testers - BEWARE!
Wednesday, January 28, 2009 7:11:57 PM
This is another little personal post. I try to keep these related to computers in some way though. This particular one branches out to all of us who do security audits, or PEN (Penetration) Testing. Anyone who has ever used a phone to remotely dial in to another's network card, or into the Ma Bell systems. This, is a word of caution.
It's easy these days to get caught up in the media hype of what a hacker is. We see things on CSI that make us wonder if a "degaussing loop" around a door way will really allow a hacker to get away with the evil crimes he has committed. We see in movies people using holographic touch screen computers and using these computers to hack into major government servers such as those used for missle launches.
The fact is that yes, these capabilities are out there, but that for a hacker to be using something so sophisticated is practially unheard of. It would surprise most people to know that a computer hacker looks nothing like the typical stereotype of Bill Gates, but rather looks like your common boyfriend, girlfriend, neighbor, classmate, or co-worker. Most of us are not pocket protecting, eye glass wearing, geeks, but rather geeks in a new sense. We are more descrete about what we are capable of. We don't discuss our actions with many, or even on message boards. We conduct our business in private places, secluded from others wearing every day clothing. We may even be sitting at your local coffee shop right now, using encrypted messages to discuss our plans for taking down this particular network. We might also be walking around your neighborhood, armed with nothing more than a PDA that scans for open networks and then launches exploit after exploit until it gets our backdoor program loaded; You'd never even notice us, let alone give us a second thought.
Does this scare some of you readers? It shouldn't. Most of us are hacking for education. We may come to your door one day and as a free service offer to lock your network down to prevent attacks like ours. You should still have some fears though, because for all the good hackers, there are some bad.
This warning stems out beyond the technical realm of things on one note. Coversations. As a computer security consultant, it is in my best interest to not explain how to get away with illegal acts, or to condone them. As a citizen of the United States though, I am titled to my freedom of speech. Where the warning comes in, is be careful how you decide to use your freedom. Pick carefully who you discuss plans or capabilities with. Anyone who knows what you can do can turn you over to legal officials, and they might. I'm not saying be paranoid, don't trust anyone, but for your own sake, it's best to be a little paranoid, and only trust those who have as much to lose as yourself.
The reason I post this word of warning is because I was talking with a friend about ram dumps, and how they can compromise a live (running) or zombie (not running) system. While discussing this I strayed away into network security, explaining all the wonderous things I can do to his PC, and even giving a live demonstration to some of my less technical friends. - This was all a bad idea. I ended up scaring most of them, to the point they honestly thought they couldn't trust me around their PCs or networks. I was slightly offended, a little flattered, and a little upset. All in all though, I showed them how I use my "powers" to serve a greater good, rather than to perform feats of evil.
Still, it all goes to show, be careful who you divulge information to.
Any one of the people present during my demonstration could have accused me of performing malicious acts against their computers or networks and had me arrested.
Granted, they all conscented to me using their computers and their network, but that's not always the case.
Stretching out a word of caution -
and as always:
~ Happy Hacking
PiklesOnFire
It's easy these days to get caught up in the media hype of what a hacker is. We see things on CSI that make us wonder if a "degaussing loop" around a door way will really allow a hacker to get away with the evil crimes he has committed. We see in movies people using holographic touch screen computers and using these computers to hack into major government servers such as those used for missle launches.
The fact is that yes, these capabilities are out there, but that for a hacker to be using something so sophisticated is practially unheard of. It would surprise most people to know that a computer hacker looks nothing like the typical stereotype of Bill Gates, but rather looks like your common boyfriend, girlfriend, neighbor, classmate, or co-worker. Most of us are not pocket protecting, eye glass wearing, geeks, but rather geeks in a new sense. We are more descrete about what we are capable of. We don't discuss our actions with many, or even on message boards. We conduct our business in private places, secluded from others wearing every day clothing. We may even be sitting at your local coffee shop right now, using encrypted messages to discuss our plans for taking down this particular network. We might also be walking around your neighborhood, armed with nothing more than a PDA that scans for open networks and then launches exploit after exploit until it gets our backdoor program loaded; You'd never even notice us, let alone give us a second thought.
Does this scare some of you readers? It shouldn't. Most of us are hacking for education. We may come to your door one day and as a free service offer to lock your network down to prevent attacks like ours. You should still have some fears though, because for all the good hackers, there are some bad.
This warning stems out beyond the technical realm of things on one note. Coversations. As a computer security consultant, it is in my best interest to not explain how to get away with illegal acts, or to condone them. As a citizen of the United States though, I am titled to my freedom of speech. Where the warning comes in, is be careful how you decide to use your freedom. Pick carefully who you discuss plans or capabilities with. Anyone who knows what you can do can turn you over to legal officials, and they might. I'm not saying be paranoid, don't trust anyone, but for your own sake, it's best to be a little paranoid, and only trust those who have as much to lose as yourself.
The reason I post this word of warning is because I was talking with a friend about ram dumps, and how they can compromise a live (running) or zombie (not running) system. While discussing this I strayed away into network security, explaining all the wonderous things I can do to his PC, and even giving a live demonstration to some of my less technical friends. - This was all a bad idea. I ended up scaring most of them, to the point they honestly thought they couldn't trust me around their PCs or networks. I was slightly offended, a little flattered, and a little upset. All in all though, I showed them how I use my "powers" to serve a greater good, rather than to perform feats of evil.
Still, it all goes to show, be careful who you divulge information to.
Any one of the people present during my demonstration could have accused me of performing malicious acts against their computers or networks and had me arrested.
Granted, they all conscented to me using their computers and their network, but that's not always the case.
Stretching out a word of caution -
and as always:
~ Happy Hacking
PiklesOnFire
