Mega *anti-hacking* anti-intrusion* thread-share tips and tricks to stay protected

AgentDrex said:
Here's an anti-phishing tip from a Network/Systems Administrator point-of-view:

Network and systems administrators never need your username or password and will never ask for it. We can change all of that on our own. Someone who asks you for this information obviously cannot change it and thus is not in a position to have it. Don't give it to them. It would seem like common sense but most of the successful hacks were from simple social engineering techniques such as these.

Example at some huge corporate office. Potential hacker finds number of vice president of the organization: "Hello, this is Dave down in the dungeon, the server room if you will. Is this Mr. Penske?" "Yes, it is. How can I help you Dave?" "Well sir, I certainly don't mean to bother you but we had a small mishap, nothing major but one of the account servers went down just a couple minutes ago. I tried to get her back up and running but she's a goner I'm afraid." "That doesn't sound good, how can I help?" "Its not as bad as it sounds, no major data was lost but unfortunately a few account logins are lost. I have another account server sitting here ready to get to work but I need your old username and password so I can get your account back up and running as soon as possible to minimize downtime." "Should we just change the password, make a new one or something?" "No need to do that sir. I know that you have a lot on your mind and we really appreciate all you do for us. I figure we can just keep the same username and password so you have one less thing to stress over. So having said that, if you can give me that, I'll get right to work on the account and let you get back to your day."

I would hope this wouldn't work but in a larger place, it's easy for the higher-ups to lose track of all the people that work for them. Hence, if you find a person who doesn't take the time to think about these potential situations occurring and goes along with what you ask, you've found yourself a little way further into the target system.

*it worked a lot when I was younger. In 2001, I would look for corporate numbers, names of higher-ups and a little history of the target organization. I would then call them in the early afternoon, right after lunch, when most people are susceptible to engineering. It didn't work all of the time but at least ninety-percent. I made it sound like I knew what I was talking about, wanted to genuinely help resolve this made up issue and knew the organization as if though I truly worked there for a while. People were very eager to help me "help" them. Once I got the username/password, I would use Ghostmail to send the real administrators of the organization an email stating what I had done and what I was able to get. This was in an attempt to make sure policies and procedures into network security were looked into and strengthened. Perhaps that wasn't the best way to go about things but I was young. Now I could care less for lazy administrators. Let them get hacked for all I care. I'll just make sure I am safe out there.
Click to expand...

Yeah...you are right...that's exactly how Mitnick got to do it sans any great programming skills.. Have you read ghost in the wires?? I've always thought he is an overhyped fellow...we have a douche like him in India too..his name is Ankit fadia..A friend of mine from Indishell once hacked his own website... it gave me a good laugh..you can google the Idiot..
 
cgipson1 said:
IByte said:
sm4him said:
This whole thread is *very nearly* as interesting as my next task, organizing all my cans of soup alphabetically (Where does Alphabet soup go? A? or do I need to put some of it in each letter category?...) :D

But, speaking of hacking:
HOW did AgentDrex manage to LIKE Charlie's post TWICE??
Is that showing on anyone else's computer? I'm seeing "AgentDrex, AgentDrex and Aliyawar like this."

Ya'll carry on talking about hacking, and stopping hackers, and whatever in the world else it is you were talking about--I dozed through most of the thread--but I believe AgentDrex just won. :lol:

EDIT: Just to be clear--that was humor. I have NO intention of organizing my soup cans alphabetically. I'll be lucky if I manage to put them all up in the cabinet, instead of leaving them in the grocery bag down on the kitchen floor... :lol:
Click to expand...
Watch the movie Sneakers, that will show people how the real OG do it lol. I'll alphabetize your soup Oo OCD is telling me to do it lol.
Click to expand...

and read the book Hackers by S. Levy.... it details the history of "Hacking" starting back in early MIT days when a "hack" was just a really cool use of the available languages, tools and systems. The term "hacker" was not even malicious back then... fascinating book.
Click to expand...

It is really shocking how the hacker term got perverted in the following years.. Look at guys like ESR and RMS,torvalds,norvig...they are the real hackers...not dolts like us who try to get into other'd domains through illegal means... :):)
 
..........Phishing.....

Agent Drex has already started the talk on phishing..I hope you all know a few things about phishing..If you don't here is phishing in a nutshell...

Phishing is a technique in which someone tries to get private digital information from you by posing as someone or something he is not...Most popularly this technique is used to acquire other user's passwords by sending them a fake login page or something... For eg--here is a fake login page of photoforum by me..
Click here----->>>> Fake photoforum login page ... you can't tell the difference until you pay attention to the details..that's where the social engineering part comes in..if you are good at pranks you can lure anyone into signing in on your page... Technically,phishing is not considered as hacking by most of the people in the business.. but nonetheless,it is nasty....

If you sign in on the fake login page the data you entered get saved to a text file..which is then used by the the person who owns the page to gain access to your account...

For example...you can type anything in the username and password fields and I can tell you what you typed(hurry,because i have hosted it on a free hosting site and they take down phishing pages very fast)....

Now..what can you do to avoid phishing..

Always check the domain name in the address bar before logging in..don't sign in if you have any doubt that this page is a phishing page..and if you do please take the time to change yoor password... sometime the phishing attacks can be very complex... in that case you have to just pay attention to the details ...I have left a few details in my phishing page..let's see if you can catch them..

Regards :):)
 
Ok I'll take the bait and see what you have to offer. How do I stop emails from this site saying that someone has tried to enter my account? If you can solve this then you ARE THE MASTER OF THE WORLD. I changed passwords and even had my username changed. Evidently this is fake emails because no one would take so much time out of their life just to get into my account.

"Dear Patriot,

Someone has tried to log into your account on Photography Forum & Digital Photography Forum with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 117.111.11.204

All the best,
Photography Forum & Digital Photography Forum"
 
There ya go aliyawar. Signed into the fake page you made. I didn't see what I had entered in the passes.txt file. So maybe you stored them elsewhere. Either way, nice example. BTW: I use WOT and it threw up a warning for the site. It's the number one reason for the decline in repeat clients I have had. I used to fix on their puters and they'd come back a few weeks later with more junk. I started installing WOT and they come back less (thankfully). Sometimes I'll call them up to ask how the puter is running and they say have no problems. They seem to really like it.
 
Thanks...Yes web of trust is a good way to prevent these types of attacks...and the data entered is in passes.txt file only...you should've found it there..or maybe you didn't entered the data correctly..didn't hit the login button or something...

Regards:):)
 
Patriot said:
Ok I'll take the bait and see what you have to offer. How do I stop emails from this site saying that someone has tried to enter my account? If you can solve this then you ARE THE MASTER OF THE WORLD. I changed passwords and even had my username changed. Evidently this is fake emails because no one would take so much time out of their life just to get into my account.

"Dear Patriot,

Someone has tried to log into your account on Photography Forum & Digital Photography Forum with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 117.111.11.204

All the best,
Photography Forum & Digital Photography Forum"
Click to expand...

I don't think they are fake mails patriot...someone is trying to enter your account..maybe as a prank or something,someone like a friend...for how long have you recieved tese types of mails and can you share with me the address by which you are getting these mails...
 
Patriot said:
Ok I'll take the bait and see what you have to offer. How do I stop emails from this site saying that someone has tried to enter my account? If you can solve this then you ARE THE MASTER OF THE WORLD. I changed passwords and even had my username changed. Evidently this is fake emails because no one would take so much time out of their life just to get into my account.

"Dear Patriot,

Someone has tried to log into your account on Photography Forum & Digital Photography Forum with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 117.111.11.204

All the best,
Photography Forum & Digital Photography Forum"
Click to expand...

The IP address is from somewhere around seoul in Korea,it means the attacker is from somewhere around you only...I guess a friend or a relative..trying to piss you off....but you don't need to worry..as it is evident..they haven't got into your account yet..and I don't see any reason for their success in the near future...my guesses are---

1.you are using a public cafe or something which is infected from a keylogger...or your own system is infected from a keylogger...their are good antiviruses and antimalwares in the market which will do your job..

2.You are using the internet over a wireless network where someone is trying to sniff the data..

3.The attacker knows you and is just trying to get into your account by brute force...i.e. by hit and trial...
 
I doubt that's it's anyone I know because I'm an American in Korea with no Korean family or friends. If I do have a key logger on my computer then Norton Anti-virus sucks!!! This has been going on for about 5 months now and my emails are getting flooded. The ip address is changing also every time.
 
Norton DOES suck. It's like the dog that barks at the intruder. AFTER the intruder has broken in and started stealing junk. My net machine has no anti-virus of any sort. My main machine doesn't need one. If I had a in-between computer, that would have almost every scanner made.
 
Patriot said:
I doubt that's it's anyone I know because I'm an American in Korea with no Korean family or friends. If I do have a key logger on my computer then Norton Anti-virus sucks!!! This has been going on for about 5 months now and my emails are getting flooded. The ip address is changing also every time.
Click to expand...

Yes..Norton is kinda like a gun without a bullet..it gives you assurance that you are safe from trouble coz you have a gun in your pocket but when you try to fire a bullet in times of trouble,noting comes out...poooffffff... in short it sucks..
 
Josep22h said:
I WANT to hear he details o how things got ugly!
24.jpg
8.jpg
25.jpg
26.jpg
27.jpg
Click to expand...

I have already answered that...:):)go back in the comments...i have replied to bitter jewller..he asked the same question.....

regards :):):)
 
You must log in or register to reply here.

Dancing Christmas Tree

< Previous Thread

Again...

Next Thread >

Most reactions

Similar threads

Lottie
New toy
Replies
2
Views
358
Lottie
Lottie
A
  • Locked
Seeking a few good forums
Replies
11
Views
1K
Scott Whaley
S
nerwin
A.I. Photography - Are we doomed?
3 4 5
Replies
66
Views
5K
greybeard
greybeard
LensOfDylan
Leica Q2 as a first camera? [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°)̲̅$̲̅] (edit: Q3) (edit 2: I don't want a camera)
2
Replies
20
Views
2K
LensOfDylan
LensOfDylan
SquarePeg
Photography is the best hobby!
Replies
11
Views
2K
Cinka
Cinka

New Topics

TPF Gallery Photos

Bricks
6105-baby04
3267-flower1
10904-feetw
6775-_IGP0596copy
10904-LittleFlirtw
Bada Bagh
4626-bench
Painting With Light
6775-_IGP0797copy
1846-IMG_5815web
10904-EyesW
Back
Top