http://www.arstechnica.com/wankerdesk/01q1/greathack-1.html

This article talks alot about online banking and that worries me. This implies that virtually noone is safe. Especially since Russia seems indifferent to what the people intheir country are doing when it comes to cracking (hacking). And to be financially backed...OMG!
Dave

Hmm...we should be worried. There are far too many IT "security" people out there that haven't the slightest clue as to what they should be doing. It is becoming epidemic..time for basic training..
Thanks for the link Dave.

We have many people here who have made comments about my paranoia when it comes to security on my home computer.

Not one, but two Anti-Virus programs? (PC-cillin and now Innoculate, dropped Norton)
No I.E. access to the net? (Opera)
Eudora for e-mail?
Firewall? (ZoneAlarm)
Fingerprint ID mouse? (BioLink)
Passport files for passwords? (BioLink Security)
AdAware?
AdSubtract Pro?
Dial-up?
Case Intrusion Alarm? (MSI)

I'm not paranoid, I'm cautious! I live in the same town as O.I.T., which has mega computing! I've been hacked into and had stuff stored on my system without my authorization prior to adding most of this. And to top this off, I have three sharp kids (8, 10, 12) who like to see what they can do on not only their computer, but also on dad's!

Finally, you guessed it, I don't have anything of value on my computer!!! Anyone gets in, it will be for naught! (But why should I make it easy for them?)

Harder

[This message has been edited by sharder8 (edited 04-27-2001).]

If you're worried about security, want to learn more, etc spend a few hours here! This is probably the top security site around!
http://www.sans.org

Great site! THanks Randy! Love the reading room....
Dave

Another little tid-bit of information. The mind behind this "fool-proof" integrity test is none other than Steve Gibson. Hes a brilliant security analyst with guruesque programming skills to boot. His site is nothing flashy but his utilities are excellent. www.grc.com (http://www.grc.com)

Yes, I agree, GRC is gret, but I doubt its stringency. I use it often and it is the best tool, but I would be surprised if he covered more than 1/2 the tricks of a good cracker/ hacker. I am sure these script kiddies are figuring out ways to get around these software security programs like ZA, BID and Norton.
Dave

I feel confident that he has incorporated the most common of hacks. But, youre right. The battle between hackers and analysts will always be a lopsided one as there are countless hackers to every one analyst. Until security becomes the priority ahead of profit, i fret it will remain that way.

Sadly, it usually requires a disaster to raise awareness.

Dave, you are correct about the latest round of exploits. ZA can be comprimised through a simple NMAP exploit at initialization of the firewall engine. BID can be overcome through fragmented TCP/IP attacks due to its lack of outbound packet/port filtering. BID is also quite succeptable to some of the latest trojans surfacing around the newsgroups, since it lacks per application rights configuration. Even the powerful Conseal PC Firewall is crashable (and thus bypassable), assuming certain defualt configuration settings are utilized.

I could go on forever about this subject, but I digress. Only one real comment needs to be made,

Does anyone really believe any of the myriad of sofware firewalls and security applications are actually going to stop a real hacker, or even a good cracker?

Robert Richmond

[This message has been edited by RobRich (edited 04-29-2001).]

and that question, rob, roots back to the inherent weaknesses of the program. In any software piece there will always be flaws as they are designed and implemented by humans. Im not sure its feasible to design an impermeable piece of software.

Good question Robert..I say no way. It is almost elementary to overwhelm most software firewalls. The good thing is that most of us have nothing worthy of that much attention..or effort..other than the machine itself...
==edited to remove dumb smiley==

[This message has been edited by smokin1 (edited 04-27-2001).]

You've all got great points and you're all correct! No one security measure, or two, or even three are going to stop a determined hacker! But by taking precautions, and using a combination of tools to prevent infiltration, while you may not stop him, you "may" slow him down or possibly even cause him to give up.

We already know that a vast majority or virii and trojans are designed to hit M$ products. We can even cull the list down to several of the most common target programs. Using this as a starting point for your defenses, you can start closing the opportunites for a hacker. True, if he's determined, he'll either get through them today, or he'll learn a way to tomorrow!

Steve Gibson IS very sharp and thankfully, he's on our side! But he is only one, and think of the prestege a hacker would get by defeating one of Steve's programs. This is enough to cause many to look for a way. And that is sad!

But I think my final statement says it all, "Finally, you guessed it, I don't have anything of value on my computer!! Anyone gets in, it will be for naught! (But why should I make it easy for them?)"

Harder

P.S. Thanks Randy48 and Kryogenitor, both www.grc.com (http://www.grc.com) and www.sans.org (http://www.sans.org) are great sights that I've known about for quite some time.

Echoing sharder8's sentiments, in a slightly different fashion:

The function of a lock is to delay a thief, to force him to make noise; to learn specialized skills and bring specialized tools. All of which increases the odds of detection, and increase the odds that a judge will lower the boom when the crook is captured and sentenced.

By driving away the lazy and inept, you reduce the number of potential intruders.

OK got a new one for ya's:
http://www.hackerwhacker.com/

Pretty good stuff here! And talk about a through system scan! I believe it covers more ports then GRC!

This thread needs to stay up awhile ^^

My job is testing firewalls. I must say it is alarming to discover that most admins leave settings at default. There are too many MCSE's out there that need some real world experience. Nuff said. BTW, great site!

Is it connected to something?

It can be hacked.

Gotta learn from caddmannq's thread about Murphy and the military: Know when to have best and when to settle for good enough.

I need to know more. hehe

Another little tidbit -

MICROSOFT ADMITS FLAW IN WINDOWS 2000 SERVER SOFTWARE

May 01, 2001 12:02 PM

MICROSOFT ON TUESDAY acknowledged that an "extremely
serious" flaw in an obscure extension included in
Windows 2000 could allow a hacker to gain complete
control of any system running both Windows 2000 and
the company's Internet Information Services (IIS) 5.0 server.


For Full Story: http://www.infoworld.com/articles/hn/xml/01/05/01/010501hnmicroflaw.xml?0501alert

Just a bump for those interested in security issues. I may be paranoid, but better safe than sorry.

Dave

As some of you may know, I am coming to you on a reinstalled and security enhanced install of Linux because a few months ago I had a close call with a wouldbe cracker who partially compromized my system and was in the process of downloading rootkit/password utilities when I noticed excessive activity on the DSL modem lights and discovered massive incoming packets. I dont know exactly how he got in, but I now believe I know who may have been responsible for this and it is partly my fault for following his link to a download - this individual later also became inflamed by some of my teasing about Windows on a certain Linux BBS - he has since dissappeared.

Whatever the case, I am now extra paraniod.

One thing my father alwys told me was that locks are made for honest people. For every technique you use to protect your valuables a theif can get around. The point is to make it as dificult as possible for them to get in and then if by chance they do get in record as much info as possible so you can learn form the incident and improve your security.

I am not really worried because i never use my credit card on the internet, i never download stuff that i dont know what it is and if hackers hack in to my computer what are they going to get. Old book reports, projects, and a nice week in jail if they get caught.

My computer's security list looks similar to Sharders, but absolutely nothing valuable on it. In fact, my address, credit card numbers, even my name don't appear anywhere in it. I also don't do business over the internet. If I order, it's through an 800 number and payment through snail-mail.