Defending myself from black hat hackers

  • (2 Pages)
  • +
  • 1
  • 2

16 Replies - 1010 Views - Last Post: 12 October 2018 - 08:42 AM

#1 bobsmith76   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 343
  • Joined: 14-February 17

Defending myself from black hat hackers

Posted 09 October 2018 - 05:51 AM

I kinda like watching these documentaries about black hat hackers. They play that spooky music and the docs have this ominous feel to them that really gets me going. In any case, I gotta start defending myself. I've changed my password from the stereotypical 1234 but I'm wondering if these guys can put software on my computer even if they don't know my password. I have a mac by the way. I'm also assuming that they can only hack into my computer if they are able to put software on it. I'm not sure if that's true or not. Also, although I'm not too proud of it I do watch pirated movies on the internet, you know, potlucker and stuff like that. Those sites automatically download apps to your computer all the time but I never open the apps. Can sites download stuff to your computer even if you don't open the apps?

Is This A Good Question/Topic? 0
  • +

Replies To: Defending myself from black hat hackers

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14690
  • View blog
  • Posts: 58,696
  • Joined: 12-June 08

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 06:40 AM

Quote

Can sites download stuff to your computer even if you don't open the apps?

If the intent is real enough - sure.
Was This Post Helpful? 0
  • +
  • -

#3 bobsmith76   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 343
  • Joined: 14-February 17

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 08:06 AM

View Postmodi123_1, on 09 October 2018 - 06:40 AM, said:

Quote

Can sites download stuff to your computer even if you don't open the apps?

If the intent is real enough - sure.


Can you point to a documented instance of that happening?
Was This Post Helpful? 0
  • +
  • -

#4 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14690
  • View blog
  • Posts: 58,696
  • Joined: 12-June 08

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 08:14 AM

Instances of that happening to you? I don't know you that well, but what ever "potlucker" is, in-conjunction with what ever sites/apps you are using for illegal downloading, seems like an immediate red zone.

In the real world.. sure. "drive by browser attack" wiki outlines one vector.
Was This Post Helpful? 0
  • +
  • -

#5 jon.kiparsky   User is offline

  • Beginner
  • member icon


Reputation: 11376
  • View blog
  • Posts: 19,408
  • Joined: 19-March 11

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 08:58 AM

View Postbobsmith76, on 09 October 2018 - 07:51 AM, said:

I've changed my password from the stereotypical 1234 but


I don't like the implications of this statement.
To be perfectly clear, there are a few ways to handle passwords, and the right one is to just get a password manager. If you must create and manage your own passwords, either out of some misplaced Not Invented Here thing or because you're too cheap to pay for someone else to do it for you, Correct Horse Battery Staple is the right way to generate a user-memorable password. However, since you're just going to default to letting your browser remember the password for you anyway it makes more sense to use python to generate a hash of some nonsense phrase and use that.


Quote

I'm wondering if these guys can put software on my computer even if they don't know my password.


This just reminds me of the brilliant line that Lucy Porter came up with on the News Quiz last week. "Someone hacked into my husband's computer last week. Put a whole bunch of porn on there. (beat) Also, the phone numbers of a bunch of divorce lawyers."

Quote

I'm also assuming that they can only hack into my computer if they are able to put software on it. I'm not sure if that's true or not. Also, although I'm not too proud of it I do watch pirated movies on the internet, you know, potlucker and stuff like that.


When you're thinking about security, you have to start with the concept of a threat model. "They can hack into my computer" is not a threat model. Who are "they", what do you mean by "hack", what machines are you concerned about? What sorts of attacks are we concerned about? What resources are you trying to defend?

I suggest you start by reading Bruce Schneier on security - also, Kevin Mitnick, if you want to think about organizational security.
Was This Post Helpful? 0
  • +
  • -

#6 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14690
  • View blog
  • Posts: 58,696
  • Joined: 12-June 08

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 09:01 AM

View Postjon.kiparsky, on 09 October 2018 - 10:58 AM, said:

[...] also, Kevin Mitnick[...]


Obligatory "Free Kevin".
Posted Image

Sorry - the best I could do of the bumper sticker was some dude holding it. Yes.. yes.. I know.
Was This Post Helpful? 0
  • +
  • -

#7 jon.kiparsky   User is offline

  • Beginner
  • member icon


Reputation: 11376
  • View blog
  • Posts: 19,408
  • Joined: 19-March 11

Re: Defending myself from black hat hackers

Posted 09 October 2018 - 09:14 AM

"... with every purchase of $50 or more."
Was This Post Helpful? 0
  • +
  • -

#8 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2708
  • View blog
  • Posts: 10,807
  • Joined: 03-December 12

Re: Defending myself from black hat hackers

Posted 11 October 2018 - 07:41 AM

Viruses and malware don't need to be opened to be executed, just downloaded. So, yes. You watching pirated movies is an issue that you will not be able to escape from. In fact, a new-ish rootkit was found that even replacing your hard drive will not remove it.
Was This Post Helpful? 0
  • +
  • -

#9 bobsmith76   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 343
  • Joined: 14-February 17

Re: Defending myself from black hat hackers

Posted 11 October 2018 - 08:31 AM

View Postastonecipher, on 11 October 2018 - 07:41 AM, said:

Viruses and malware don't need to be opened to be executed, just downloaded. So, yes. You watching pirated movies is an issue that you will not be able to escape from. In fact, a new-ish rootkit was found that even replacing your hard drive will not remove it.


thanks for the info. i really appreciate that.
Was This Post Helpful? 0
  • +
  • -

#10 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6665
  • View blog
  • Posts: 22,751
  • Joined: 05-May 12

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 05:12 AM

View Postastonecipher, on 11 October 2018 - 10:41 AM, said:

Viruses and malware don't need to be opened to be executed, just downloaded.


What? I think there is more to that statement than just at face value. Something has got to execute the virus or malware otherwise it would be just as inert as any piece of data.

Perhaps you meant to say that some viruses and malware can be specially crafted to be delivered as something that is downloaded, but later when opened or read by a program with vulnerabilities, then they become active. For me the most fascinating variation of this I've heard of recently is malware being packaged as part of an SSL certificate chain. When an program reads the certificate data, it is malformed and causes a buffer overflow in the certificate verification code and starts executing within the context of the program trying to verify the certificate. This is evil to an extreme since in the past we've been conditioned to trust certificates, and use certificates to verify the trustworthiness of the rest of the data payload.
Was This Post Helpful? 1
  • +
  • -

#11 bobsmith76   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 343
  • Joined: 14-February 17

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 05:31 AM

View PostSkydiver, on 12 October 2018 - 05:12 AM, said:

View Postastonecipher, on 11 October 2018 - 10:41 AM, said:

Viruses and malware don't need to be opened to be executed, just downloaded.


What? I think there is more to that statement than just at face value. Something has got to execute the virus or malware otherwise it would be just as inert as any piece of data.

Perhaps you meant to say that some viruses and malware can be specially crafted to be delivered as something that is downloaded, but later when opened or read by a program with vulnerabilities, then they become active. For me the most fascinating variation of this I've heard of recently is malware being packaged as part of an SSL certificate chain. When an program reads the certificate data, it is malformed and causes a buffer overflow in the certificate verification code and starts executing within the context of the program trying to verify the certificate. This is evil to an extreme since in the past we've been conditioned to trust certificates, and use certificates to verify the trustworthiness of the rest of the data payload.


What about that infamous email that john podesta opened where he clicked on a link and that allowed the russians to hack into the DNC? wasn't that program executed just by the clicking of a link. i haven't read this article but this is what i'm referring to

https://www.apnews.c...57c3c9a6c962b8a
Was This Post Helpful? 0
  • +
  • -

#12 jon.kiparsky   User is offline

  • Beginner
  • member icon


Reputation: 11376
  • View blog
  • Posts: 19,408
  • Joined: 19-March 11

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 05:56 AM

A phishing attack is comprised of a crafted link which appears to come from a trusted source and leads to an apparently legitimate page where the victim is duped into handing over some secret information. In this case, it appears that the email was crafted to look like it came from google and the link led to a fake "password reset" page - apparently google's but actually controlled by the attacker - and Podesta was duped into providing his password. Note that this is almost entirely social engineering - there isn't a program that was executed, it was a con job executed on Podesta.

Again, Kevin Mitnick is worth reading, since he makes a strong case that technical fixes, while useful, are not sufficient to prevent attacks as long as human beings have access to systems.
Was This Post Helpful? 0
  • +
  • -

#13 bobsmith76   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 343
  • Joined: 14-February 17

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 06:18 AM

Well, I guess that's a classic case of not reading up on the details of a subject before referring to it. my bad.
Was This Post Helpful? 0
  • +
  • -

#14 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2708
  • View blog
  • Posts: 10,807
  • Joined: 03-December 12

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 07:02 AM

View PostSkydiver, on 12 October 2018 - 07:12 AM, said:

View Postastonecipher, on 11 October 2018 - 10:41 AM, said:

Viruses and malware don't need to be opened to be executed, just downloaded.


What? I think there is more to that statement than just at face value. Something has got to execute the virus or malware otherwise it would be just as inert as any piece of data.



Drive-by-download,
Worms like CodeRed

None of which require you to do anything to get infected.
Was This Post Helpful? 0
  • +
  • -

#15 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2708
  • View blog
  • Posts: 10,807
  • Joined: 03-December 12

Re: Defending myself from black hat hackers

Posted 12 October 2018 - 07:23 AM

But, since torrents were mentioned specifically, you also have trojans that could carry and execute a virus. It's an interesting field. I have a [security] friend that I am rehashing and catching up with. He has a meeting with a government group next week about all of this and he is telling some new things that they have discovered in the wild.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2