June 17th, 2003, 03:26 AM
Ok, after reading the 100th post detailing some totally impractical super hacking method I thought it might be good to compile a list of all the myths out there and what the case really is. Hopefully this will allow everyone to make more informed decisions (or at least stop posts that are not really of much value).
so, on with the start of the list..
1) Its easy to sniff traffic and steal passwords, or session hijack across the internet - Ok, this one is all over the place, on an internal LAN its highly possible, but across the internet it would require the attacker to take over one of the routers you are passing through and sniff the traffic that way, then hijack the session. Once the packet leaves that first router there is no way to tell where its going after that until it hits the targets external router.
2) Windows is easier to hack then Linux - (sure to raise a few stirs with this one) ok, if you secure Windows it will be secure, if you secure Linux it will be secure, if you don`t secure them then you can attack them with a high degree of success.
3) Organisations connected to the internet leave all kinds of fun ports open for you to break into - Many organisations have decent administrators who do implement security measures so writing something along the lines of "connect to telnet, it will be open" just isn`t the case.
4) You can hack Windows across the net using Netbios - Ok, this is only the case if a Windows box is unsecured and attached the net. Beyond that firewalls will be in place, routers will be in the way, and some People will disable netbios and remove all those default shares you keep hearing about.
5) Open Ports mean you are vulnerable - If you are running a web server you are going to have Port 80 open, so running a port scanner isn`t going to tell you anything other then that port 80 is open. You need to run a vulnerability scanner to find out if your webserver is vulnerable to any attacks.
6) There are 10000000000 Viruses out there - Ok everytime a virus comes out (lets call it "Blue Virus" for discussion purposes) thats a virus, now, everytime someone makes any changes to "blue Virus" even if its just to make it display "hell0" rather then "hello" that counts as a new virus. Now, I think that tends to overestimate things a little.
Ok, thats a start, hopefully other people will add more, or else I`ll just keep on writing stuff.
I hope that someone finds this useful.
Quis custodiet ipsos custodes