|
|
Posted by Sanders Kaufman on 10/21/07 23:58
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:6-udnf4MZ_UgQobanZ2dnUVZ_hqdnZ2d@comcast.com...
> Sanders Kaufman wrote:
>> Before they can hack the system - they have to FIND the system.
>
> Which is very easy to do. Script kiddies do it every day.
No - script kiddies are only good at hacking systems after they find them.
It's a whole nother kind of hacker that finds the systems.
That's what all these beacon posts here in this group are about.
They're phisihing for developer boxes.
Normally, online, we developers, as developers, are not distinguishable from
the crowd of other folks online.
But our systems tend to be a more target-rich enviornment for hackers.
Obscured - we are secured.
But once one of us responds to one of those posts, the phisher knows that
x.x.x.x is a developer machine.
You and I probably won't get hacked - 'cause we're always secure... right?
But someone like ol' Shelly might not know that the MSDE engine that MS
Office automatically installed on his machine is accepting anonymous
connections with sa authority - or what the security impact of that can be.
Now - a hacker could try to telnet to every IP there is, and in the effort
might find some similarly unsecured boxes.
OR - he can post here on usenet, and get the mark to identify *himself*...
sometimes, repeatedly.
And that's why they do it here on Usenet.
Because NNTP vitually guarantees anonymity - which is security through
obscurity.
Navigation:
[Reply to this message]
|