Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Sir Dystic on the "Real Hacks"

From: InfoSec News <isn () C4I ORG>
Date: Sat, 27 May 2000 16:18:08 -0500
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,9955,2576961,00.html

The Cult of the Dead Cow member says we can't depend on the media to
reveal the true perils of PC security.

May 25, 2000

The next time you're confronted with an email attachment, you may be
dealing with something more than a mere virus.

Sir Dystic, who is best known for authoring the original BackOrifice,
tells us what the media has been missing in PC security.

Here's a transcript of what the outspoken member of the Cult of the
Dead Cow said in this week's CHAOS Theory.

Beware the silence

Do the hacks you hear about in the news bother you? Well, the hacks
you hear about are really just the tip of the iceberg. If someone
who's hacked your machine decides to vandalize its website, chances
are they had no more use for that computer or didn't know what to do
with it anyway.

If an email virus or worm violates so many inboxes that the media
decides to report on it, chances are it's just going to inconvenience
you at the worst. For every media-publicized hack you hear about,
there are dozens you don't hear about. You never hear about them
because the people who are doing them are getting away with it.

What you should really be concerned about are worms and trojans
getting onto your system without you knowing-- systems on your network
being controlled by other people without the knowledge of their actual
operators. Not only can these compromised computers be used to hack
into other computers, but they can sit silently on your network
collecting whatever data goes by them-- passwords, personal
information, credit card numbers, anything.

If you're sure one of your machines has been taken over, wait before
you disconnect it from the Net. If one of your machines has been
owned, and nothing destructive has happened yet, it's probably not
going to anytime soon unless the person who is controlling it panics.
Contact your ISP's security department, explain to them what's
happening, and see if they can help you gather more information on who
is in your network.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: