A question for computer guys

[Bub]

This article is about a computer hacker:
http://www.nytimes.com/2012/03/09/technology/hacker-informant-and-party-boy-of-the-projects.html?ref=todayspaper
He is self taught, might have graduated from high school and might have gone to college and he partied in the evenings.
Is Internet security so poor that hackers like the person in this article can change your credit score, order merchandise to be deliver to their home without paying for it, etc.
Some how it doesn't seem fair that this guy gets into web sites with ease and I get locked out because I can't remember or mistype a password

 

[Hunter5117]

The ways that these hackers get into systems and programs is way beyond what us normal users can even imagine. Take the iPhone for an example. Despite being up to Version 5 of the firmware, each version has been successfully hacked and opened for unlocking, jail breaking etc. These young guys develop a sixth sense for finding the exploits in the software that will let them get into the code and find a new back door. Not even the considerable resources of Apple can plug the holes in this relatively tiny little bit of code.

It's kind of like trying to build a bullet proof vest out of cloth and cardboard, it may look like the real thing but it sure won't stop anything.

 

[puros_bran]

It's not that easy Hunter. It appears that easy because they already know where to look.

As for the hackers and crackers. Less than 1% daddy's and 99% baby's. That is, the majority of 'hackers' are using other peoples tools, other peoples exploits. They are users just like we are.

How many 'hackers' know more than a few basic command line prompts? How many of them even know that? I'm not running down the real hackers because they do exist, and they are genius.

But here's how far behind most people are. I'm not a hacker, I'm not even a script baby. Your routers address is 192.168.1.1 unless you shop at Wal-Mart then it's 192.168.0.1. If you bought the iPhone your root password is Alpine.
What can you do to fix that? Or what can I do with that?
You ought to know both answers.

Your not going to stop the real deal but you can stop alot of the pudwhackers.

 

[Hunter5117]

Hey PB, sorry but wrong on both accounts. But I do agree 100% about your comments. I am a fully paid up and somewhat active Mac and iOS developer, not that is necessarily much of an accomplishment, and the stuff these guys do makes me feel like I can't rub 2 sticks together and make fire (a feat that is actually much harder than it is let on to be).

 

[puros_bran]

I wasn't directly meaning you in that last bit. I was meaning people in general. That router ip and that password cover 99% of users. Edit in. But it does look like I meant you. My add had already kicked in and I was speaking generic by then. Lol
And yes I knew you were a dev.

 

[MartinH]

PB- I know where you are coming from. I was visiting my regular Jiffy Lube, and realized that they left their Admin page for their router set to the default password. Oy, I was nice enough to tell them. Hey, I have an LTE phone, I don't need no stinking wifi! LOL

But to Hunter, you're right. These "hackers" are mostly script kiddies who buy their stuff from the Russian mob or the Yakuza across the pond, at least that's how it seems. You can find enough hacking tools using Ubuntu and other Linux OS's to get though some basic firewall and server stuff, and all you need to do is learn how to use the interface.

The inter-webs are still very much the proverbial "wild west" but that can also be a good thing.

 

[Kyle Weiss]

I don't think PB's entirely wrong. There's the digital equivalent of sneaking through an unlocked window and then there's sitting down and picking a lock. One is diligent snooping and stealth, one is extensive patience and code.

Some guys buy this code, or even ways to get in to whatever they want to. Others develop their own algorithms and methods to do so.

I wouldn't let it bother you too much, Hunter. Don't compare what you do to what they do, because it's different games, really. You're making things for the general public, many of these guys have other ideas in mind, whether that's the challenge of overpowering the (sometimes unfavorable) realm of Apple software environments, or getting into a retailer's network to steal credit card numbers. You create for the masses, they're mavericks in their own world. You get paid, most of them probably don't. You don't have to worry about going to jail, they do.

Systems will never plug all the holes. Their only solution is to become as good as the guys they're up against, and that's a battle that will almost always be one step behind. Not to mention, ever think that it might be that way for a reason? If you suddenly make Fort Knox security that is impermeable, what happens to the developers, retailers, OS makers, firmware/software programmers etc etc that rely on there being trouble out there to protect people from? It's huge business. It makes me wonder, anyway.

 

[gandalfpc]

There are flavors of hackers out ther, from the Russian mob creating viruses to teenage kids using downloaded software to break into systems.

Most of the viruses are created using software kits by low to mid level programmers - new viris could be the work of a clever child with too much time on his hands or the mob...

Then there are those that reverse engineer - using disassembllers to read the source code at a very low level - these are the guys that break open each new iPhone OS, etc. - depending on the system and the amount known about it, this can be a meager or major task - thing like the iPhone or psp tend to bring the cream of the crackers - the rule of thumb is, it will take a determined hacker of top skill exactly as long to crack a program as it took you to protect it...

 

[Hermit]

The next time they catch one of these ********
they oughtta skin him alive on YouTube. :twisted:

 

[mike_68]

As an Information Security Analyst for the past 12 years, I can agree with everthing from above with one addition. Cybercrime has become big business and it's only getting worse.

Foreign governments are now sponsoring corporate espionage against other countries...these people are NOT script kiddies...well, they may have been 10 years ago.

I highly recommend to everyone I know to: Never let sites remember passwords for you, keep online buying under control and try to do business with reputable companies whenever possible. Also, be sure you log out when you leave any site which you have "credentials" on.

Keep your personal computers patches up to date and use a good anti-virus program, preferrably one with a personal firewall. Oh, and there ARE AV programs for smart phones...get one.

And lastly, the odds of a Nigerian prince needing your help to get $20 million is very low so don't respond to that e-mail. :lol!:

 

[monbla256]

As an Information Security Analyst for the past 12 years, I can agree with everthing from above with one addition. Cybercrime has become big business and it's only getting worse.

Foreign governments are now sponsoring corporate espionage against other countries...these people are NOT script kiddies...well, they may have been 10 years ago.

I highly recommend to everyone I know to: Never let sites remember passwords for you, keep online buying under control and try to do business with reputable companies whenever possible. Also, be sure you log out when you leave any site which you have "credentials" on.

Keep your personal computers patches up to date and use a good anti-virus program, preferrably one with a personal firewall. Oh, and there ARE AV programs for smart phones...get one.

And lastly, the odds of a Nigerian prince needing your help to get $20 million is very low so don't respond to that e-mail. :lol!:

Amen to ALL of the above :cheers: As a friend of mine who just retired from working on 'puter security for Sun Microsystems since the 80s has ALWAYS told me, "... there is NO secure or safe 'puter OS or system yet and WON"T be as long as human beings are involved ! There is just TOO much $s to be made ! "

 

[jlong]

Good advice from banker. Do all internet shopping on a seperate debit card maintaining a balance you can afford to loose.

 

[puros_bran]

bah! Nonsense... Just remember 'It can never happen to you'.. run free and easy. Your an American, and you have rights!



And the 7th cousin twice removed of your third grade teachers uncles bartenders maid daughter is the crown prince of Nigeristania

 

[mike_68]

Ha! I like it...

The ongoing "joke" whenever we talk to higher ups about "securing" our environment is that we are going to disconnect the power and network cables from every machine and stack them in a locked room..that would be the best we could do.. :king:

 

[Kyle Weiss]

Good advice from banker. Do all internet shopping on a seperate debit card maintaining a balance you can afford to loose.

I prefer PayPal for this reason. 8) They might get in there, but I don't keep much there. It also makes me reconsider purchases because I have to transfer funds, and that can take a week.

 

[Wet Dottle]

Good advice from banker. Do all internet shopping on a seperate debit card maintaining a balance you can afford to loose.

I prefer PayPal for this reason. 8) They might get in there, but I don't keep much there. It also makes me reconsider purchases because I have to transfer funds, and that can take a week.

I don't use a debit card. Ever. Actually, I don't even have one. Only use credit cards.