Slashdot Mirror
Point and Click Cracking
An anonymous reader writes "Washingtonpost.com is running a story about a number of botnets and keylogger operations being controlled by Web-sites with point-and-click type front-end software interfaces. The sites mentioned in the story look like fairly slick PHP pages designed to sort through password data from keylog victims and update infected computers with new code or instructions. From the story: 'The hacking software also features automated tools that allow the fraudsters to make minute adjustments or sweeping changes to their networks of hacked PCs. With the click of a mouse or a drag on a pull-down menu, users can add or delete files on infected computers.'"
Most of the reasons PC's get hacked now days is that end users are still clicking on the links in phising emails and then holes in the browser being exploited. Surely it wouldn't take much for the main browser makers to put in a user idiocy filter to just say aren't you being a bit silly? Of course user education would be best but there will always be a certian newbie segment who are on the internet for the first time and will keep doing this. That software though does look pretty comprehensive
SolarVPS - Quality Windows and Linux Virtual Servers
I often migrate things to web-interfaces that were previously shell scripts. It's more convenient, 'cause I can do the things I need to do from any browser without having to ssh in (which isn't always a possibility, rare, but it does occur). Also, it's easier to show to other people without giving away a shell account. Also also, it's easier to show to people who aren't "in the know" because it looks like something.
-JesseNothing says "unprofessional job" like wrinkles in your duct tape.
Frost's data, along with information stolen from thousands of other victims, made its way to a Web site hosted by a Russian Internet service provider. The site is currently the home base of a network of sites designed to break into computers through a security hole in Microsoft's Internet Explorer Web browser.
So why aren't the police kicking down the doors and confiscating equipment from this ISP? Are they 'protected' or 'special?'
After reading stories like this Dutch hacker arrest,I am not sure why.
Aside from that, Microsoft needs to do something like pushing out mandatory security patches for all users of Windows and/or IE.
I am not sure why they don't do this either. I guess Microsoft thinks that all these lazy suckers deserve to be hacked.
He who knows best knows how little he knows. - Thomas Jefferson
Why if you used .net for the exploit then EVERYONE could just steal your keylog files!
This is basically a non-story. Someone at the washintingpost seems suprised that people do not print out their key logs and search them by hand. The only "new" element is that the tools are migrating to web based apps. Then again isn't that suppopsed to be the next big thing? Why should criminals ignore IT development? I am willing to bet the next one will be using AJAX.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It wouldn't happen if users logged in with SecureID tokens (or similar), and never used Credit Card numbers from physical credit cards on web sites.
Want my credit card number? Here is is!
4264655876823752
It was only good on Amazon.com, only good for a single purchase and expired after the transaction went through. I don't care if anybody steals it because it's useless as (insert crude useless analogy here).
Aren't script-kiddies basically just unpaid volunteer workers for the (presumably blackhat) writers of these click-and-point hacking tools?
Why go to the trouble of writing an easily-countered virus when you can just make cracking tools more convenient for the hordes of script-kiddies with nothing better to do, thus having a much more damaging effect?
One thing I've always wondered about script kiddies: who writes their tools for them, and why? What does the actual black hat get out of the deal? It's not like script kiddies pay for things.
Is it for fame? Signal-to-noise manipulation? Are the little fuckers getting "0wn3d" by backdoors in their "1337 h4x0r t00lz"?
Or is it something else entirely?
A bug in a browser shouldn't lead to such massive breech.
I found out about Rainbow Crack after our website was cracked. I found out about SQL injections after our website was hacked. I found out that 'passwords are obsolete' after mine was posted on a forum [after we got hacked].
We started off over 7 years ago running a gaming site. I did the graphics, my mate used Front Page to get a few pages together. We pirated a verison of vBulletin... None of us knew much apart from a Hello World HTML.
3,000 members later and a dozen or so clued-up kiddies thought they'd take revenge after we caught them cheating our league.
These days we've all learned a few more skills and the whole site is a fully automatic gaming league, linked to a licenced vBulletin with other security measures throw in when we become aware of them.
We are still amatures though. Know of us are experts. We muddle along...
I always posted my findings after each hacking but I too wish there was a one-stop-shop for all things related to web security. Sometimes the hobby can be too stressful - it shouldn't be - it should be as enjoyable as it was in the begining.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
Absolutely right! PC administration should be so difficult that the user shouldn't even bother in the first place. Oh, the operating system should be free, it just should be such a cryptic pain-in-the-arse to install/use/maintain that nobody but an über-geek would bother. Then and only then will computing/the internet be "safe".
.
of course the $100-laptop folks and the "broadband-to-the-masses" folks and the "information freedom" folks can just go take a dump somewhere because all those initiatives will be MOOT
posting AC because the above pot-shot at linux will surely bring on a firestorm such as to make Hades seem like the North Pole in December...
Seriously, websites abound with cracking/booting/keylogging programs for Yahoo chat, and many other protocols, but for some reason, it seems there are more written for Yahoo chat. I'm not including IRC tools, as it seems to me to be a different class, mostly CLI tools.
:D)
:D) hack my PC.
I'll sit in a Yahoo chatroom using gyach and FreeBSD, and I'll watch my pflog monitor and see dozens of scans, boot attempts, etc within a couple hours. (I love the chatroom "tough guys" that come in and threaten to "boot" me and "bluescreen" my PC..they get *really* frustrated when their little VB booter programs fall flat against a BSD box with a PF firewall and *nix chat client
There are numerous chat "crews" that trade in "cracked" accounts/screen names. I've never had my account cracked, but I follow proper practice regarding passwords, which most don't.
I've had chatrooms I'm in fill up with an entire "crew" all trying simultaneously to "boot" me after one of their members fail. They finally tire and drift off with vague threats about cracking my account and having their "1337" friend ("..my buddy is certified by Microsoft, he'll crash your hard drive!"
Anyways, back on topic, there are hundreds of very slick-looking cracking and booting programs available for Yahoo/AIM/MSN, most free (as in beer).
If there are programs just for *chat* that are this slick GUI-wise, it doesn't shock me at all that there are similarly-polished underground tools for other tasks and protocols.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.