-
March 14th, 2006, 07:37 AM
#1
Senior Member
Is our computer secure?
From several days I've been reading the news that MacOS was hacked for 30minutes
I'm wondering - if you have a firewall(good one - like Kerio) how can your PC be hacked from internet? Is it possible at all(hm that seems to be a stupid question) if you don't have any access to the PC to hack him - I meen your PC is connected to internet, but the hacker is neither a limited user or a guest on your PC.
What will he do to hack your computer?
Remember, all I\'m offering is the truth, nothing more.
-
March 14th, 2006, 07:48 AM
#2
Junior Member
He will walk your firewall and find a hole in the wall. Firewalking is the term. In short: he will walk the perimeter of your fence until he finds a hole.
-
March 14th, 2006, 08:16 AM
#3
If you have a firewall...
The firewall itself can be exploited. It's a piece of software like anything else.
The rules in the firewall can be exploited... you may have services allowed to retrieve mail, websites, p2p, etc... Those are also vectors for exploitation. Attackers may not have access to your PC from the outside, but you have access to the outside from your PC. Any untrusted interaction with functionality on a system is a threat. If your firewall denies all to/fro traffic from a box, then you might as well get off the Internet and uninstall the firewall. Otherwise, you accept a certain level of risk and make the proper arrangements to secure that functionality.
-
March 14th, 2006, 08:39 AM
#4
Oh, Oh, Oh .... ARG!
I think Soda_Popinsky did a good job at this ( while I wrote ) but I am posting anyway.
As for onewingaengel's, I am not .....
This question has a couple of branches.
First is the controversy over the alleged 30 min attack, which I won't go into except to say that it was reported to use an undisclosed exploit.
The second, and more pertinent question for this thread, is how do you get past a firewall into the LAN to use the exploit.
1) Compromise the firewall, then work from there
2) Compromise the target via email, download, etc., then have it contact back the exploiter, thus ( usually ) flying right by the firewall.
3) Compromise something else within the network using methods above, then go after the target from within.
4) just go after the target from within ( other LAN users )
As for hacking without a user account on the target box, if that is what you are asking, maybe you should ask M$ ?
Remember, everything I have read on your referenced hack was due to a reportedly undisclosed exploit. There have been no references ( so far as I have read ) to any further specifics. We will have to wait and see if the hoster of that challenge had the necessary logging set up to identify it, and the integrity to notify Apple if they find the exploit used.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
March 14th, 2006, 09:58 AM
#5
Banned
1) Compromise the firewall, then work from there
I beleave what soda was getting at was that most of the vulnerable applications out there will be trusted applications.
then have it contact back the exploiter thus ( usually ) flying right by the firewall.
Installing an IRCd or something similiar on a machine and allowing bots to connect to it, lets be honest... it really doesn't have much to do with evading firewalls so much as it does having a nice and simple centralized area for command and control.
-
March 14th, 2006, 04:59 PM
#6
Originally posted here by TheCreator
Installing an IRCd or something similiar on a machine and allowing bots to connect to it, lets be honest... it really doesn't have much to do with evading firewalls so much as it does having a nice and simple centralized area for command and control.
Don't forget that there are a lot of "firewalls" that only block incoming traffic and will allow any and all outgoing connections..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 14th, 2006, 05:41 PM
#7
Banned
Don't forget that there are a lot of "firewalls" that only block incoming traffic and will allow any and all outgoing connections..
I never said what you're describing doesn't exist.
Im breaking a myth that its some sort of popularly used method to evade detection.
-
March 14th, 2006, 06:33 PM
#8
The case of the thirty minute hack was where a remote user
allowed to log on through ssh was able to elevate his priveliges.
that's a serious issue if you are allowing remote users to have shell
accounts on your server, but if you only surf the net and read
your e-mail, you should worry more about running evil software
on your computer. In other words, if you run windows, and click on
attachments in the e-mail, or run cracked games, or other illegally
copied software from untrustworthy sources.
No one is going to hack your Mac. At least not unless you are
running a server.
I came in to the world with nothing. I still have most of it.
-
March 14th, 2006, 07:04 PM
#9
Banned
usually exploit the os or exploit legit services running on the machine.
can't forget social engineering either.
-
March 14th, 2006, 07:21 PM
#10
As mentioned above, there are any number of ways to bypass security and exploit a Mac (or any OS, for that matter), even with the firewall on. Do you keep your Mac up to date on patches and updates? If it is set to automatic, do you check that they are getting done?
There are some concerns about Apples update process and how complete it may be. Check out the article at SANS ISC: http://isc.sans.org/diary.php?storyid=1188.
As with anything on the internet, keep your system updated, keep an anti-virus tool on it, and exercise extreme care in what you are doing. Also, put a good, strong, complex password on your account and the root account (different passwords, too, BTW).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|