| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 136536 | 2014-03-11 23:08:00 | Think your OS is safe from Malware and don't need any protection? | Geek4414 (12000) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1369996 | 2014-03-11 23:08:00 | Scary stuff ... Peril of thinking that your OS is safe and have no malware protection ... A reporter asked us to hack him, and here's how we did it www.trustwave.com "Now with access to Adam's wireless network, we were able to bypass the two-factor authentication for his bank and email accounts. Both sites did not detect malicious login activity because we were logging in from a previously used location." "Our Pilates-themed spear phishing attack installed custom OS X malware that gave us remote shell access to Adam's wife's laptop. When the laptop was online, we received text message alerts letting us know that the connection was established. We had direct access to view files and run commands on her system until she disconnected from the internet. We pulled every document on Adam's wife's home drive, including her business' financial records and, much to our surprise, W-2 documents for the entire family. Now we had plenty of sensitive information, but wanted to see what more we could find. We were able to obtain Adam's wife's OS X Keychain password management system, which held all of her saved usernames and passwords. Unfortunately, we needed the master password to access that information, so we created an application that asked Adam's wife for her administrative password. She ignored it a couple of times, but eventually, she conceded and entered it." |
Geek4414 (12000) | ||
| 1369997 | 2014-03-11 23:34:00 | Scary stuff ... Peril of thinking that your OS is safe and have no malware protection ... A reporter asked us to hack him, and here's how we did it www.trustwave.com "Now with access to Adam's wireless network, we were able to bypass the two-factor authentication for his bank and email accounts. Both sites did not detect malicious login activity because we were logging in from a previously used location." "Our Pilates-themed spear phishing attack installed custom OS X malware that gave us remote shell access to Adam's wife's laptop. When the laptop was online, we received text message alerts letting us know that the connection was established. We had direct access to view files and run commands on her system until she disconnected from the internet. We pulled every document on Adam's wife's home drive, including her business' financial records and, much to our surprise, W-2 documents for the entire family. Now we had plenty of sensitive information, but wanted to see what more we could find. We were able to obtain Adam's wife's OS X Keychain password management system, which held all of her saved usernames and passwords. Unfortunately, we needed the master password to access that information, so we created an application that asked Adam's wife for her administrative password. She ignored it a couple of times, but eventually, she conceded and entered it." Yup, the moral to that story is don't do any banking or make any financial transactions over a public Wifi network. I saw another doco recently that showed a social experiement doing the same thing to a bunch of teenagers phones. |
Webdevguy (17166) | ||
| 1369998 | 2014-03-11 23:38:00 | This "hack" is so far from reality its not funny. Honestly, if bad guys were going to go to all that trouble, they would just break into your house & steal your PC/laptop. And steal your credit cards & passport at the same time. Want user passwords,eftpos numbers, a.c details etc , its far easier & quicker to break in & then hit you over the head untill you just pass this info on. How many hackers go to your home & setup devices near to your windows ? If he had a descent WPA2 password on his wifi, perhaps the 'hack' would fail at step 1 ? That https website repeatedly crashed FF for some reason, I dont think my FF add-on Blockers liked it. |
1101 (13337) | ||
| 1369999 | 2014-03-12 00:29:00 | This "hack" is so far from reality its not funny. Honestly, if bad guys were going to go to all that trouble, they would just break into your house & steal your PC/laptop. And steal your credit cards & passport at the same time. Want user passwords,eftpos numbers, a.c details etc , its far easier & quicker to break in & then hit you over the head untill you just pass this info on. How many hackers go to your home & setup devices near to your windows ? If he had a descent WPA2 password on his wifi, perhaps the 'hack' would fail at step 1 ? That https website repeatedly crashed FF for some reason, I dont think my FF add-on Blockers liked it. Granted, the WiFi hack part gives them a lot of the social info about the user to help them device a hack, but the Malware hack part does not require direct access to their network at all, it was just an email attachment. The point is that they managed to fool the user into giving in and typing the admin password in, bypassing the only line of defence in the OS if there is no other add on malware protection. |
Geek4414 (12000) | ||
| 1370000 | 2014-03-12 01:06:00 | Honestly, if bad guys were going to go to all that trouble, they would just break into your house & steal your PC/laptop. And steal your credit cards & passport at the same time. Want user passwords,eftpos numbers, a.c details etc , its far easier & quicker to break in & then hit you over the head untill you just pass this info on. That would leave physical evidence. If it was me I'd do it over WiFi. Better that your target doesn't know what hit him until it's too late. |
Agent_24 (57) | ||
| 1370001 | 2014-03-12 01:42:00 | Its like asking a burglar to prove he he rob my house, then leaving the door unlocked . This is what the guy did, ask to hacked & didnt the most basic of security. Sounds more like a IT-setup-to-fail ,to write an article about. Its still a nonsense demonstration. More like a IT stunt , proof of concept . We all know that bogus emails can lead to infected/hacked PC's . WPA2 and chances are the wifi hack wouldnt have worked . More interesting is that the hacks were against a Mac . :-) |
1101 (13337) | ||
| 1370002 | 2014-03-12 02:27:00 | No there was security on his router. Adam mentions in his own post that they were going to break into his house and push the WPS button to get on to the WiFi but decided against that coz they'd have to go through the neighbours to do-so. | Chilling_Silence (9) | ||
| 1370003 | 2014-03-12 03:05:00 | WPA2 and chances are the wifi hack wouldnt have worked . True, but; If he had a shitty WPA passphrase, it's easy. If he had a shitty router with WPS exploit bug, it's even easier. More interesting is that the hacks were against a Mac . :-) Of course, he's a journalist. Have you never watched a Hollywood movie? :lol: |
Agent_24 (57) | ||
| 1370004 | 2014-03-12 06:32:00 | Its like asking a burglar to prove he he rob my house, then leaving the door unlocked . This is what the guy did, ask to hacked & didnt the most basic of security. Sounds more like a IT-setup-to-fail ,to write an article about. Its still a nonsense demonstration. More like a IT stunt , proof of concept . We all know that bogus emails can lead to infected/hacked PC's . WPA2 and chances are the wifi hack wouldnt have worked . More interesting is that the hacks were against a Mac . :-) Of course, the guy is a hit whore. |
Webdevguy (17166) | ||
| 1370005 | 2014-03-12 06:55:00 | And the bank's security wasn't really a "two-factor authentication" at all - Chase.com uses a two-step verification system, which momentarily stymied SpiderLabs’ hackers. Every time she or I logs on from an IP address that Chase doesn’t recognize, it offers to send us an activation code via text to our mobile phones. But a search of Charlotte’s hard drive revealed Chase cookies, which the team copied and used to convince Chase that she was logging in from home. While inside they got into our checking and savings accounts, a corporate bond account, our credit card statements and online bills. They could, if they wanted to, have wiped us out financially. |
decibel (11645) | ||
| 1 2 | |||||