Accidental Hacking?

Just Testing writes " Here is a story story by a guy who was testing pcANYWHERE and managed to connect to somebody else's PC and how he tried to tell the guy about it..." Kinda funny, but mostly just odd.

Hacker - Cracker

[Telcontar]

At least here, I expect to have it right.
But don't start the usual discussions/flames about that topic unless you really, really want to :)

This isn't anything new...

[Chas]

He happened to find someone with their box not properly secured.

Like the Win* file sharing hole. (Which I lost a Win9x based IRC server to once on the day I got wise about it.)

You can do the same thing with Laplink if you don't set passwords too.

I don't see what the humongous hype is about.

I've said it before. If you're going to use it, set it up and use it properly. Actually take some time do do other than drop the prog on your system.

Otherwise you get what you deserve.


Chas - The one, the only.
THANK GOD!!!

PC Anywhere "unsecure"? Nope.

[Caelum]

An X server can work exactly like at the console
too, just run the window manager remotely. And it
works over ssh for secure key based data transmission.
And even if it's better than telnet, it's not
better than ssh, which everyone who knows anything
is running.

Tales from the Network 'hood

[KevCo]

same thing happened when I first got my cable modem. I had a dozen or so other machines listed in the network neighborhood. Most of them had passwords. Some were read-only. One guy had his whole machine comletely open. I left him a readme on his desktop, too. I also mapped to his printer and printed the message out for him. :-)

hack?

[kfort]

I think the author means cracker in the context he used it in. Someone should tell him the difference. I couldn't find his email address.

PC Anywhere

[Spud Zeppelin]

Notice that he said he was logging in via DSL. Some DSL implementations pretend to be ethernet to a connecting machine, so I wouldn't be surprised if the other computers he was able to see were not, in fact, on his LAN at work, but rather were on the same DSL provider as he was. Something I presume that pcanywhere probably was neither built to expect, nor thoroughly tested on... just a guess, but when I read "DSL" in his article, my ears pricked up...

nbtstat

[Frederic54]

when win95 was born (1995) it was easy to have HD of other people "mounted" on yours computer, using nbtstat and net... it still works i think, even in win98.
--

re: redhat security

[gavinhall]

Posted by stodge:

As I have a web/ftp server permanently connected to the internet running Redhat 5.2, how open is it to hacking/cracking/whatevering??? Is there anything I should do to the default accounts it creates?

Maybe I shouldnt ask this incase anyone who reads this tries to find it!!! ;)

No doubt!

[Ben Hutchings]

Great! Now your computer can reboot without warning due to an off-by-one error. How about getting the 2.2.1 patch and applying it right now?

Accidental Spying? (Was: Wannabe hacker from CNN)

[CNN writer]

Ever wonder how hard it is to become a secret agent? I can tell you firsthand it's probably easier than you may think.

It all started when I was walking on the street from my office. Imagine my surprise when I've seen that somebody forgot his clef into the doorlock. Wonder of wonders, way cool and very impressive. Suddenly I was alone in his house and drinking all his beer and eating some pizza. I found some phone numbers snapped on the wall, so I called there, it was his wife but she though I was a stupid bastard little kid trying to make fun of her so she hang up on me.

I should let him know he had a security problem, so I broke everything in his house and I pee all over the floor etc... To get his attention, I wrote some insanity on the wall. Next day the owner came back at home. I felt bad. I'd freaked him out, and there was no opportunity to explain.

I explained who I was ("Uh-huh," he said), I assured him that I wasn't a secret agent, ("Uh-huh"), that I hadn't done anything to his house ("Uh-huh"), and that he should secure his doorlock ("Uh-huh"). I explained that a secret agent could have had a field day ("Uh-huh") and, well, I hardly got a response. Ho-hum.

It was such a simple door in his house and one that I could have open without him having a clue what was going on. On the other hand, he probably wouldn't have been of much interest to a real secret agent. Frightening.

I would never have guessed that being a secret agent was so easy.

Scour.net will scan your machine

[Sethb]

I've got some MP3's and other junk shared using Windows Networking here on our campus, and I've noticed that if you don't password protect your folders (I just leave mine read-only so that people can copy stuff) that a nice little agent from Scour.net comes along and catalogs your machine, then all of a sudden you wind up with about 30 people at once downloading your files using Scour's Media Agent. It gets rather annoying, so those scans may have been by Scour.net, not a hacker/cracker or even a Green Bay Packer.

re: redhat security

[sammy baby]

Sure, you're vulnerable. :)

Most non-denial of service attacks focus on either

• exploiting a bug in a program running on a computer
• exploiting someone being stupid about access to the system (bad passwords, for example).

Before you assume that there couldn't be any possible holes in the software you're running, consider that Rootshell [rootshell.org] reports that a couple very popular FTP daemons (including, probably, yours) can give up root access.

If you aren't sure, assume you're vulnerable. If you are sure, you're probably wrong.

RE: Tee-hee

[Alron]

I know the feeling, I'v had multiple ISP's try
try to kill my pay accounts for the simple act
of me trying to point out that they have security
holes and where they are... and how to fix them
why must people be so paranoid about people who
try to help?

Tales from the Network 'hood

[Mooset]

Ah yes, what fun it is to exploit idiots. I found that leaving a message on their desktops usually has no effect (not that I'm suprised, most commercial Windows systems now adays have desktops almost completely covered with icons out of the box). It's much easier to get all the files from their "Windows\All Users\Application Data\Microsoft\Outlook Express\Mail" and read around in them until you figure out their e-mail address and send them a letter about it. Not that I would advocate violating someone's security...

VNC

[drwiii]

Back Orifice + a hacked-up version of VNC + a fast connection = better potential

Just remember to redist the modifications you make to VNC when you upload it to the BO'ed computer ;>

sigh

[dangerboy]

crap like that gives ex-crackers like myself who would actually modify 'ps' and utmp/wtmp source by hand, just to be able to explore in peace. sigh. cracking has gone point-and-dick.

Oh geez ..

[Splat]

This unfortunately is incredibly way TOO common. Since we're on the subject here, can someone tell me what are the differences between pcAnywhere and VNC? The only one I am aware of is I believe pcAnywhere can run over IPX and VNC can not.

Windows beware!

[sjames]

A quick scan of my logs the other day made me really glad to be a Linux user. It seems that ipchains had logged at least three attempts by different people to scan my system (on a dynamic IP) for SMB shared resources.

It seems taht an unsecured '95/'98 box doesn't stand a chance. What a shame!!

that's a DISadvantage.

[DunbarTheInept]

• It has many benefits over X servers, one being that it works exactly as if I'm sitting at the machine in question.

Uhhh - that's a disadvantage, not an advantage. You see, two people can't comfortably use the mouse and keyboard and screen at the same time, but two people *can* do remote X off the same machine at the same time.

Tales from the Network 'hood

[luge]

When I was still a windows user and used to surf the school's LAN for mp3s, I frequently found people whose entire hard drives were on the network with read/write access. At least twice, I left word docs on their desktops titled "PLEASE READ" with dire warnings about the results of their stupidity, and even instructions on how to change the situation. Result: they deleted the files and left the passwords unset. Yet more reason for dumb people to give their brand new PII's to me...

Scary for ISP's

[rtfm]

I allready get inundated by customers who are complaining about threats and other misdemeanors by 3l33t n00b Hax0rs (... yeah right) who are spending their after-scool time prowling around mIrc. After explaining to my "user-knowledgeable" clients that the Internet is very much like real-life. There are just some neighbourhoods that you don't tread into lightly, or without some sort of protection. I can now see this as a problem with Joe. Q. Internet who is going on vacation and wants to access his email via his computer through a remote acess connection. Then my tech guys get the call of him complaining that someone accessed his entire C drive and replaced all his recipes for meat loaf with pics from pron sites. All I can hope for is some sort of literature accompanying this software stating. "WARNING: Do not use if you don't know the difference between left and right mouse buttons!"
-- But then again I could be wrong

Mac Surfing

[nikonius]

I audit our university mac Network all the time.
Too many people leave their Guest access wide open on their machines.

I always get about the same response as this guy.

"What do you mean your in my hard drive????"