WAN Show Hackers

[Paranoid Kami]

Linus stated on the Wan show that he thought it would be an interesting idea to show what hackers can see with their virus's. I wanted to post saying that it would be a bad idea. If you give attention to hacking it will just lead to more people trying it out. I have a brother-in-law who constantly hacks as well as lies and manipulates all the time so I know what the receiving end is like. Don't want there to be more people trying this out.

 

As for anti-virus's there are virus's out there that can't be detected by them or can be detected by some and not others. The databases on these anti-virus's are constantly updated to keep up with new virus's being made but there will always be a delay. Also, they can't really detect a virus on the BIOS or if the hacker has physical access to install things inside of their keyboard or monitor.

[HAFBlade]

I 100% DISagree.

Ignoring the facts doesn't prevent someone to do something. It is like never talking about thiefs because someone could think about stealing.

It is much better to show people the consequences to make them aware how important it is to secure their data and computers.

 

Only my opinion.

[LogicalDrm]

Adding to above. Showing what someone else can get by illegal means is educational. It shows value of using strong passwords, using AV software, not downloading or running anything shady. Just like reality TV crime shows and docs show what can happen if you trust blindly to strangers, steer into hard drugs or gambling.

 

Your notion that seeing something will increase its popularity is very conservative. Its the same argument used about video games since they had 3D graphics. Or about movies or TV shows. But as actual scientific research has shown (I can dig up articles if you need references), there's no obvious correlation between consuming some type of content and turning into certain kind of person. It may be trigger, but only if person already is on the edge.

[GamerMoment]

On 11/14/2022 at 9:12 PM, Paranoid Kami said:

I have a brother-in-law who constantly hacks as well as lies and manipulates all the time so I know what the receiving end is like.

Obviously don't dox anyone but can you speak more about this? lol...

[Kisai]

On 11/14/2022 at 12:12 AM, Paranoid Kami said:

Linus stated on the Wan show that he thought it would be an interesting idea to show what hackers can see with their virus's. I wanted to post saying that it would be a bad idea. If you give attention to hacking it will just lead to more people trying it out.

Half-true. If you make available the tools, or where to find them, that leads to people being "scriptkiddie's"

 

Trust me, blackhats and whitehats basically all originate from doing this. The blackhats figure out how to get the tools onto targets, the whitehats figure out how to remove them.

 

I can tell you from personal experience, back in the win9x-WinXP era that Windows security was a sieve that you could rip the password from, remotely without the user ever knowing, and without even having to install anything. During early versions of Cable modems, if you connected an XP computer to the cable modem (before firewall/router/wifi access point combo modems were a thing) your machine would be infected in minutes by other infected computers sharing the same node.

 

Not everything is directly people doing it. The vast majority is unattended activity. Only spear-phishing is directly targeted.

 

I won't name the tool, but there was a tool that the local ISP somehow got on their server, and while the temptation to dick around with the server was there, the most logical thing to do with the tool was to tell it to shut the server down. Anyways this tool, had a backdoor in it, marketed as a "security tool" whatever password you set it to have, didn't matter, because there was a second password it always accepted.

 

So what did I do? I overwrote versions of that tool I found on peoples machines with the one I changed the backdoor password on, locking the script kiddies out. Therefor the only way for those kiddies to get back into those windows machines was to get physical access to them.

 

 

8 hours ago, LogicalDrm said:

Adding to above. Showing what someone else can get by illegal means is educational. It shows value of using strong passwords, using AV software, not downloading or running anything shady. Just like reality TV crime shows and docs show what can happen if you trust blindly to strangers, steer into hard drugs or gambling.

A lot of it is situation dependent. Up until Windows Vista, it was very easy to access peoples machines. Vista, 7, 10, 11 changed how UAC is done, and the default user is no longer "admin" level access. Which of course, also broke a lot of software that expected it to work that way. However even then, if someone downloads something and doesn't give it "admin" control , it still can reach into everything that user can reach. 

 

It used to be, From 95-XP that you could quite literately have Windows give up all the saved passwords, and it's for that EXACT reason why "save my password" should never be done. Ever. Windows shares, Internet Explorer, Chrome and Firefox, don't do it. It's just not a smart thing to do, since anything can tell it to give it up.

 

Even today, I don't trust the browsers on Windows.

 

8 hours ago, LogicalDrm said:

Your notion that seeing something will increase its popularity is very conservative. Its the same argument used about video games since they had 3D graphics. Or about movies or TV shows. But as actual scientific research has shown (I can dig up articles if you need references), there's no obvious correlation between consuming some type of content and turning into certain kind of person. It may be trigger, but only if person already is on the edge.

 

Seeing something simply makes it's awareness more common, and hence, countermeasures. There are, yes, some tools you probably shouldn't mention by name because people will misunderstand the nature of the tool if demonstrate by someone who also doesn't understand the nature of the tool, but that's more because the tools used "correctly" are pentesting and stress testing, and when used maliciously are "hacking, and DDoS'ing",

 

Like, forget windows for a moment and focus on web servers. Unless you physically own the hardware and set it up yourself, you can not actually trust that the BIOS, OS or hardware is secure. If you sign up for a third party to host your servers, you don't know who else they have as customers who might "hack you" intentionally, or be compromised, leading to your data being leaked because you happen to share the same hardware (eg VPS/shared hosting.) 

 

Part of the entire "side channel attack" problem comes from the possibility of this being viable in VPS and Shared hosting systems where there is more than one user using the same hardware. How often does it happen? We will never know. But that spectre-exploitable hardware will not disappear from hosting environments for a long time.

 

[LogicalDrm]

11 hours ago, Kisai said:

Seeing something simply makes it's awareness more common, and hence, countermeasures. There are, yes, some tools you probably shouldn't mention by name because people will misunderstand the nature of the tool if demonstrate by someone who also doesn't understand the nature of the tool, but that's more because the tools used "correctly" are pentesting and stress testing, and when used maliciously are "hacking, and DDoS'ing",

I get the feeling you aren't responding to my post with this. But I will also make note that term "hacking" deserves better than to be related to criminal or mischievous activities.

[Kisai]

3 hours ago, LogicalDrm said:

I get the feeling you aren't responding to my post with this. But I will also make note that term "hacking" deserves better than to be related to criminal or mischievous activities.

Semantics. When regular people talk about "hacking" they are talking about malicious or unwanted tampering. Particularly when it involves money or privacy.

 

Programmers use an entirely different meaning. Which is why I prefixed initially talking about it with blackhat and whitehat to distinguish it from programming jargon. Blackhats being people have primarily harmful intent, and whitehat's having primarily benevolent intent.

 

And this argument has been around for decades what "hacking" is, so let's just use the dictionary:

https://www.merriam-webster.com/dictionary/hacking

 

Quote

transitive verb

4: to gain illegal access to (a computer network, system, etc.)

 

intransitive verb

4

a: to write computer programs for enjoyment

b: to gain access to a computer illegally trying to hack into the network

 

noun (1)

6

a: a usually creatively improvised solution to a computer hardware or programming problem or limitation

 

b: an act or instance of gaining or attempting to gain illegal access to a computer or computer system

 

c: a clever tip or technique for doing or improving something

 

At any rate, I'm not going to argue the definition of hack/hacking/hacker. Everyone in the thread knows what we're talking about because of the subject line.

 

[Takumidesh]

Keeping the information closed off, means ONLY the dishonest people get the info now. The people who are willing to break the rules, will have no problem crossing the line to obtain the info.

 

Zero-days are dangerous BECAUSE of the limited access to the information. The moment that info becomes wide spread, people can work on a fix.

[Paranoid Kami]

On 11/16/2022 at 2:24 PM, GamerMoment said:

Obviously don't dox anyone but can you speak more about this? lol...

Kind of like how Linus was saying before where someone falsely accused him of underage sex and then sent it to all his employees. He would lie for stuff like that as well as stick viruses and other malware on computers/phones to steal information. Linus is actually friends with him for some reason. Not sure why.

[TweedReborn]

The pc security channel has already done this in a self-defense form and it would be silly to show the laymen how to packet sniff and essentially stalk someone online.

 

This is a can of worms he and his team really shouldn't open for some views.... 

[GamerMoment]

3 hours ago, Paranoid Kami said:

Kind of like how Linus was saying before where someone falsely accused him of underage sex and then sent it to all his employees. He would lie for stuff like that as well as stick viruses and other malware on computers/phones to steal information. Linus is actually friends with him for some reason. Not sure why.

wasn't expecting such a scandalising response lol