Information Security News mailing list archives
Sir Dystic on the "Real Hacks"
From: InfoSec News <isn () C4I ORG>
Date: Sat, 27 May 2000 16:18:08 -0500
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,9955,2576961,00.html The Cult of the Dead Cow member says we can't depend on the media to reveal the true perils of PC security. May 25, 2000 The next time you're confronted with an email attachment, you may be dealing with something more than a mere virus. Sir Dystic, who is best known for authoring the original BackOrifice, tells us what the media has been missing in PC security. Here's a transcript of what the outspoken member of the Cult of the Dead Cow said in this week's CHAOS Theory. Beware the silence Do the hacks you hear about in the news bother you? Well, the hacks you hear about are really just the tip of the iceberg. If someone who's hacked your machine decides to vandalize its website, chances are they had no more use for that computer or didn't know what to do with it anyway. If an email virus or worm violates so many inboxes that the media decides to report on it, chances are it's just going to inconvenience you at the worst. For every media-publicized hack you hear about, there are dozens you don't hear about. You never hear about them because the people who are doing them are getting away with it. What you should really be concerned about are worms and trojans getting onto your system without you knowing-- systems on your network being controlled by other people without the knowledge of their actual operators. Not only can these compromised computers be used to hack into other computers, but they can sit silently on your network collecting whatever data goes by them-- passwords, personal information, credit card numbers, anything. If you're sure one of your machines has been taken over, wait before you disconnect it from the Net. If one of your machines has been owned, and nothing destructive has happened yet, it's probably not going to anytime soon unless the person who is controlling it panics. Contact your ISP's security department, explain to them what's happening, and see if they can help you gather more information on who is in your network. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Sir Dystic on the "Real Hacks" InfoSec News (May 27)