Explain the risks of hackers to me

Rob9874

Diamond Member
Nov 7, 1999
3,314
1
0
I need some clarification. I have a firewall installed, because I've heard all the horror stories of how hackers can get into your system. But what can they do? I just read some messages about people who have had their PayPal or eBay accounts hacked, but I tend to believe they fell for an email scam, and they provided their password to someone. Or they downloaded some program from an email that allows hackers to see your keystrokes. But they're claiming that hackers got into their system because they have a 24/7 cable modem, and the hacker could check their cookies for passwords and such. Is this even possible?
 

Ameesh

Lifer
Apr 3, 2001
23,686
0
0
most would be "hackers" can be stopped by simply putting a NAT on your network and not opening any suspicious email attachments, really sophisticated hackers probably dont give a damn about your paypal account.
 

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
they're claiming that hackers got into their system because they have a 24/7 cable modem, and the hacker could check their cookies for passwords and such. Is this even possible?
yes, a number of security fixes have been to fix holes related to remote access.

Windows 2000 and XP run a bunch of different "services" processes all the time (bring up task manager to see), some of which accept commands or connections from other computers.

You're right that most password "hacking" is really naive users following an e-mail link and handing over the password themselves, but any Windows machine with a network connection still does need protection. [ ed ] though as stated above, being behind a router will almost always be good enough.
 

notfred

Lifer
Feb 12, 2001
38,241
4
0
Originally posted by: Ameesh
really sophisticated hackers probably dont give a damn about your paypal account.

And they definitely don't give a damn about your home PC on a cable modem.

Worry about people hacking a home PC is undeserved paranoia, cable or not.
 

MinorityReport

Senior member
Jul 2, 2002
425
0
0
Originally posted by: Rob9874
I need some clarification. I have a firewall installed, because I've heard all the horror stories of how hackers can get into your system. But what can they do? I just read some messages about people who have had their PayPal or eBay accounts hacked, but I tend to believe they fell for an email scam, and they provided their password to someone. Or they downloaded some program from an email that allows hackers to see your keystrokes. But they're claiming that hackers got into their system because they have a 24/7 cable modem, and the hacker could check their cookies for passwords and such. Is this even possible?

Here is an example of paypal acount theft:

Take a screnshot of www.paypal.com

Go to adobe photoshop/Fireworks and slice it into HTML. You can copy the page directly but this way its less work. Make a giant image background of that screenshot but leave the form fields as HTMl elements.

Make the form part where it says username/password send the info to an e-mail address of your choice. You need a simpel java/cgi script for this .. avaliable in every html help site.

Now put this page up in a server and fake the DNS binders/ virtual domain to make it look like its from paypal domain. somethign iek www1.paypal.com/signup/bonus/form.cgi > etc ect

Send that link to some unsuspecting moron and write a convincing e-mail sayign paypal offering a bonus or some promotion etc with e-mail headers faked from paypal domain.

That sucker will fall rigth in .. he will take that link to be paypal .. and put his details into the form fields.

You have your script e-mail you that info .. and bingo.

Now you have have access to someone's paypal account.

This prank or trick was famous and was successful many times.
$100,000+ was lost in this untill the FBi cracked on the monkeys for good
 

ElFenix

Elite Member
Super Moderator
Mar 20, 2000
102,373
8,497
126
Originally posted by: notfred
Originally posted by: Ameesh
really sophisticated hackers probably dont give a damn about your paypal account.

And they definitely don't give a damn about your home PC on a cable modem.

Worry about people hacking a home PC is undeserved paranoia, cable or not.

certain companies tech support love to tell people they've been hacked or have a virus when theres a problem they don't understand.

actually isn't there something left open in xp home, but not xp pro, that would allow someone to harness a lot of computers for a DDoS attack?
 

SherEPunjab

Diamond Member
Oct 23, 2002
3,841
0
0
Originally posted by: MinorityReport
Originally posted by: Rob9874
I need some clarification. I have a firewall installed, because I've heard all the horror stories of how hackers can get into your system. But what can they do? I just read some messages about people who have had their PayPal or eBay accounts hacked, but I tend to believe they fell for an email scam, and they provided their password to someone. Or they downloaded some program from an email that allows hackers to see your keystrokes. But they're claiming that hackers got into their system because they have a 24/7 cable modem, and the hacker could check their cookies for passwords and such. Is this even possible?

Here is an example of paypal acount theft:

Take a screnshot of www.paypal.com

Go to adobe photoshop/Fireworks and slice it into HTML. You can copy the page directly but this way its less work. Make a giant image background of that screenshot but leave the form fields as HTMl elements.

Make the form part where it says username/password send the info to an e-mail address of your choice. You need a simpel java/cgi script for this .. avaliable in every html help site.

Now put this page up in a server and fake the DNS binders/ virtual domain to make it look like its from paypal domain. somethign iek www1.paypal.com/signup/bonus/form.cgi > etc ect

Send that link to some unsuspecting moron and write a convincing e-mail sayign paypal offering a bonus or some promotion etc with e-mail headers faked from paypal domain.

That sucker will fall rigth in .. he will take that link to be paypal .. and put his details into the form fields.

You have you script e-mail you that info .. and bingo.

Now you have have access to someone's paypal account.

This prank or trick was famous and was successful many times.
$100,000+ was lost in this untill the FBi cracked on the monkeys for good

thats true, reminds me of two real events, i hope no one gets any ideas:

1) at UT Austin, in the computer lab, someone wrote a program a couple years ago that would store the persons login and password when they tried to enter it. nothing would happen, and they would move to the next computer thinking that one was broken, when really it was storing their passwords. at the end of the day, each day, someone would come, log in, and a .txt file was generated that contained all the logins and passwords. they would then take this home and i'm not sure what they did with it though.

2) this is really brilliant. a couple of guys dressed up in work clothes, rented a commerical van, and placed a rigged ATM machine in the middle of a busy mall. They put it there and non chalantly walked out. People would enter their username and passwords, which it would store, and then no money came out. the guys would come and get the information from them. they got caught when a bunch of customers started complaining to the security guard, but it took a month for them to get caught.