My Dell Windows XP PC had a sticker on it that say “Please hack me”.
Well, I didn’t see the sticker. Not for a while. I read a very basic article on hacking by Roger Grimes at Infoworld. He talked about passwords sniffed from wireless networks. Their encryption broken in a matter of seconds. I thought it was too easy, it couldn’t be. I had to try it myself. I hopped over to insecure.org downloaded Cain & Abel installed it and was ready to go. Cain is a sniffer + cracker. I had to see for myself.
It took me less than five minutes to sniff the traffic on my private network, send it to the cracker and launch a dictionary attack on the SMB traffic collected. I found two vulnerable accounts, “Administrator” and “Guest”. Both accounts had *no* passwords. The Administrator account was especially worrisome – it never showed up under the account list in my XP control-panel. I never even knew it existed. I had never logged into it (XP offers to create a user account with administrator privileges at install-time). The Administrator account is also my system ‘root’, pardon my reliance on Unix jargon.
Dissapointed in myself, I quickly peeled the sticker off by disabling the two accounts. Maybe I can fix the vulnerability comprehensively by eliminating my dependence on Windows entirely.
I have the article in German and am looking for a translation.
Dear BankNorth.com Customer,
During our regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.
To update your account information and start using our services please click on the link below: https://www.banknorth.com/net/customer/verify.aspx
AFTER SUBMITTING, PLEASE DONOT ACCESS YOUR ONLINE BANKING ACCOUNT FOR THE NEXT 48 HOURS UNTIL THE VERIFICATION PROCESS ENDS.
Note: Requests for information will be initiated by BankNorth Business Development; this process cannot be externally requested through Customer Support.
is this relevant?
While alternative browsers are not immune to security problems, security experts say they do have several inherent advantages over Internet Explorer. Craig Schmugar, a virus research manager with McAfee’s antivirus and vulnerability emergency response team, said Internet Explorer’s integration into Windows made it more vulnerable than other browsers, as did its support of ActiveX technologies. The browser’s wide deployment, he said, also makes it a more tempting target for hackers.
“If you’re talking about Opera, for example, maybe there’s one door in the front of the house that hackers are trying to break into,” Mr. Schmugar said. “It’s easier to secure that one door than the six doors all over the house Internet Explorer might have.”