Is our computer secure?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Is our computer secure?

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    187

    Is our computer secure?

    From several days I've been reading the news that MacOS was hacked for 30minutes

    I'm wondering - if you have a firewall(good one - like Kerio) how can your PC be hacked from internet? Is it possible at all(hm that seems to be a stupid question) if you don't have any access to the PC to hack him - I meen your PC is connected to internet, but the hacker is neither a limited user or a guest on your PC.
    What will he do to hack your computer?
    Remember, all I\'m offering is the truth, nothing more.

  2. #2
    He will walk your firewall and find a hole in the wall. Firewalking is the term. In short: he will walk the perimeter of your fence until he finds a hole.

  3. #3
    If you have a firewall...

    The firewall itself can be exploited. It's a piece of software like anything else.
    The rules in the firewall can be exploited... you may have services allowed to retrieve mail, websites, p2p, etc... Those are also vectors for exploitation. Attackers may not have access to your PC from the outside, but you have access to the outside from your PC. Any untrusted interaction with functionality on a system is a threat. If your firewall denies all to/fro traffic from a box, then you might as well get off the Internet and uninstall the firewall. Otherwise, you accept a certain level of risk and make the proper arrangements to secure that functionality.

  4. #4
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Oh, Oh, Oh .... ARG!

    I think Soda_Popinsky did a good job at this ( while I wrote ) but I am posting anyway.

    As for onewingaengel's, I am not .....

    This question has a couple of branches.

    First is the controversy over the alleged 30 min attack, which I won't go into except to say that it was reported to use an undisclosed exploit.

    The second, and more pertinent question for this thread, is how do you get past a firewall into the LAN to use the exploit.

    1) Compromise the firewall, then work from there

    2) Compromise the target via email, download, etc., then have it contact back the exploiter, thus ( usually ) flying right by the firewall.

    3) Compromise something else within the network using methods above, then go after the target from within.

    4) just go after the target from within ( other LAN users )

    As for hacking without a user account on the target box, if that is what you are asking, maybe you should ask M$ ?

    Remember, everything I have read on your referenced hack was due to a reportedly undisclosed exploit. There have been no references ( so far as I have read ) to any further specifics. We will have to wait and see if the hoster of that challenge had the necessary logging set up to identify it, and the integrity to notify Apple if they find the exploit used.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #5
    Banned
    Join Date
    Dec 2003
    Posts
    26
    1) Compromise the firewall, then work from there
    I beleave what soda was getting at was that most of the vulnerable applications out there will be trusted applications.

    then have it contact back the exploiter thus ( usually ) flying right by the firewall.
    Installing an IRCd or something similiar on a machine and allowing bots to connect to it, lets be honest... it really doesn't have much to do with evading firewalls so much as it does having a nice and simple centralized area for command and control.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by TheCreator
    Installing an IRCd or something similiar on a machine and allowing bots to connect to it, lets be honest... it really doesn't have much to do with evading firewalls so much as it does having a nice and simple centralized area for command and control.
    Don't forget that there are a lot of "firewalls" that only block incoming traffic and will allow any and all outgoing connections..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Banned
    Join Date
    Dec 2003
    Posts
    26
    Don't forget that there are a lot of "firewalls" that only block incoming traffic and will allow any and all outgoing connections..
    I never said what you're describing doesn't exist.
    Im breaking a myth that its some sort of popularly used method to evade detection.

  8. #8
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    The case of the thirty minute hack was where a remote user
    allowed to log on through ssh was able to elevate his priveliges.

    that's a serious issue if you are allowing remote users to have shell
    accounts on your server, but if you only surf the net and read
    your e-mail, you should worry more about running evil software
    on your computer. In other words, if you run windows, and click on
    attachments in the e-mail, or run cracked games, or other illegally
    copied software from untrustworthy sources.

    No one is going to hack your Mac. At least not unless you are
    running a server.
    I came in to the world with nothing. I still have most of it.

  9. #9
    Banned
    Join Date
    Jan 2006
    Posts
    128
    usually exploit the os or exploit legit services running on the machine.

    can't forget social engineering either.

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    As mentioned above, there are any number of ways to bypass security and exploit a Mac (or any OS, for that matter), even with the firewall on. Do you keep your Mac up to date on patches and updates? If it is set to automatic, do you check that they are getting done?

    There are some concerns about Apples update process and how complete it may be. Check out the article at SANS ISC: http://isc.sans.org/diary.php?storyid=1188.

    As with anything on the internet, keep your system updated, keep an anti-virus tool on it, and exercise extreme care in what you are doing. Also, put a good, strong, complex password on your account and the root account (different passwords, too, BTW).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •