Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: December 25, 2024, 12:50 pm

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ask a computer security expert (part 2)
#21
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 1:12 am)Tiberius Wrote:
(July 17, 2017 at 1:04 am)Tres Leches Wrote: What's the best security software to install on my laptop?
Also, do you cover your webcams with opaque tape when you're not actively using them? (I do Smile )

-Teresa

I would recommend Avira (https://www.avira.com/) these days. Stay far far away from Kaspersky. Despite it certainly being one of the top, if not the top anti-virus solution out there, the company is known to work closely with the KGB (and lie about it) and Russian government. Best scenario is that they are a shady company, worst scenario is that their entire AV suite is a piece of spyware for the Russians.

I cover my webcams with a few layers of white sticky labels. Enough so that when I turn the camera on, all I see on the screen is black.

(July 17, 2017 at 1:06 am)paulpablo Wrote: Do you know much about computer game creation?  Do you know much about app creation?

I know a small amount regarding both, but I wouldn't consider myself an expert on either. I've created a few basic games but nothing advanced, same with apps.

Sooo... a *friend* is now uninstalling her Kaspersky software today...thanks for the tip! (from my friend, of course) Wink

Can my mobile phone "hear" me? I know it does when I say "ok google". Can it hear me without a prompt? Reason why I ask is occasionally I'll have a voice to voice conversation with someone about a particular topic (like, say, a specific travel destination) and later that topic will appear shortly thereafter in ads or more prominently in websites I visit.

I'm going with "yes, your phone can hear you" because I'm naturally suspicious. But I'm wondering what you have to say about it.

-Teresa
.
Reply
#22
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 9:09 pm)Tres Leches Wrote:
(July 17, 2017 at 1:12 am)Tiberius Wrote: I would recommend Avira (https://www.avira.com/) these days. Stay far far away from Kaspersky. Despite it certainly being one of the top, if not the top anti-virus solution out there, the company is known to work closely with the KGB (and lie about it) and Russian government. Best scenario is that they are a shady company, worst scenario is that their entire AV suite is a piece of spyware for the Russians.

I cover my webcams with a few layers of white sticky labels. Enough so that when I turn the camera on, all I see on the screen is black.


I know a small amount regarding both, but I wouldn't consider myself an expert on either. I've created a few basic games but nothing advanced, same with apps.

Sooo... a *friend* is now uninstalling her Kaspersky software today...thanks for the tip! (from my friend, of course) Wink

Can my mobile phone "hear" me? I know it does when I say "ok google". Can it hear me without a prompt? Reason why I ask is occasionally I'll have a voice to voice conversation with someone about a particular topic (like, say, a specific travel destination) and later that topic will appear shortly thereafter in ads or more prominently in websites I visit.

I'm going with "yes, your phone can hear you" because I'm naturally suspicious. But I'm wondering what you have to say about it.

-Teresa

Your cell phone can be turned on remotely, and listened to, without your knowledge, even while looking at it to see if it is on. There is a diagnostic mode for it.
If you get to thinking you’re a person of some influence, try ordering somebody else’s dog around.
Reply
#23
RE: Ask a computer security expert (part 2)
That's no bueno, Fireball. What do you mean by diagnostic mode? I can check myself on whether it's spying on me?

-Teresa
.
Reply
#24
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 12:11 am)Tres Leches Wrote: That's no bueno, Fireball. What do you mean by diagnostic mode? I can check myself on whether it's spying on me?

-Teresa

Nope. And I agree that it is no bueno. When I worked in aerospace, we were not allowed to have cell phones in meetings, for this reason. Of course, if you aren't doing anything defense related, the likelihood of that listening in is reduced by orders of magnitude. Who of our adversaries care about things most people do? People say all kinds of stuff on FaceBook that I would never mention. If I had an actual FB account, that is. My niece and daughter-in-law report every trivial detail of their day. My wife sees it, and tells me the important stuff, which is essentially nothing, about it. "We had blueberry waffles for breakfast", etc. Big Grin
If you get to thinking you’re a person of some influence, try ordering somebody else’s dog around.
Reply
#25
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 6:30 pm)c172 Wrote: Were you a geek/nerd in school, or the cool kid on the block or somewhere in the middle?

I was a geek.

(July 17, 2017 at 6:58 pm)ignoramus Wrote: What's some of the dumbest hacking things you've seen in the movies?

Eg, matrix? Portscan?

The portscan in the matrix was actually done with a real "hacking" tool called Nmap: https://nmap.org/movies/

The dumbest things that I can remember in no particular order:

1) Using invalid IP addresses. This happens so often it's laughable. A valid IP address has 4 numbers, separated by periods, and each number is between 0 and 255. Movies and TV shows regularly just stick 2-3 random numbers in each place so you get IPs like 134.452.12.228 which doesn't exist.

2) That bit in the James Bond film "Skyfall" where they just plug a terrorist hacker's laptop into the MI6 computer network and it "hacks" them. There was so much wrong with that scene. Firstly, MI6 are at least technically competent, so they wouldn't ever just plug a laptop into the same network as the rest of the organization. They'd use a separate network, one not connected to anything. Secondly, IIRC (and I just read the plot synopsis) they were trying to decrypt the laptop. Well to decrypt the laptop, unless it uses a TPM, you would just need to remove the hard drive and mount it separately. Nothing would be running at a software level on the laptop or the hard drive while the decryption took place. Finally, even if the laptop managed to connect to MI6 systems, I doubt it would be able to find and access things like the release mechanisms for the cell that the terrorist is in.

3) Any hacking scene where they show the network being gradually compromised, often with "layers" of firewalls being displayed as a visual on a screen and slowing disappearing. Hacking a network with multiple layers of firewalls / protections is (a) not quick, and (b) not done with visual effects for the "good guys". Instead you'd probably see a load of tech guys looks at logs and the occasional alert window.

Also, non-movie related, but I've played the game "Watchdogs" and it's enjoyable and even slightly realistic (in what you can hack), but the most unbelievable thing is that the hacker is doing all of it via a smart phone. Even the best smart phones aren't that good. Proper hackers would use a netbook at the very least. Ever tried to type complex OS commands on a touch screen? Fuck that.

If you want to watch a good hacking movie that was mostly accurate with the hacking, watch War Games.

(July 17, 2017 at 7:00 pm)Sal Wrote: AVG any good?

It's kinda bloaty ...

I wouldn't say so. It's decent, but so is every AV these days.

(July 17, 2017 at 9:09 pm)Tres Leches Wrote: Can my mobile phone "hear" me? I know it does when I say "ok google". Can it hear me without a prompt? Reason why I ask is occasionally I'll have a voice to voice conversation with someone about a particular topic (like, say, a specific travel destination) and later that topic will appear shortly thereafter in ads or more prominently in websites I visit.

I'm going with "yes, your phone can hear you" because I'm naturally suspicious. But I'm wondering what you have to say about it.

-Teresa

It really depends. For the "OK Google" thing it is of course listening all the time, but it's matching what you say against a voice print on the actual device, i.e. it's not sending everything you say to a server somewhere. Same for Alexa (though once triggered, Alexa *does* send your query and any other background noise to Amazon for processing). Siri is the same way if you have it set to listen all the time.

Now whether your phone can be inadvertently turned into a listening device, I would say it's "technically" possible, but probably not actually doable for most phones. Apple certainly seem to have their user's privacy in mind with certain features they develop and of course the FBI lawsuit from a few years ago. It would be very surprising to me if they had coded a backdoor that allowed them to just turn on the microphone whenever they wanted. The source code for Android is readily available so I can't see Android phones doing it either.

As for the adverts, I would say there's probably a more rational explanation: If you are having these conversations with a friend, you probably have some interest in the subject at hand, and have either visited or searched for the subject at some point as well, or have an email with the subject mentioned. All these things can be scanned and the information sold to advertisers.
Reply
#26
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 11:10 am)Tiberius Wrote: Also, non-movie related, but I've played the game "Watchdogs" and it's enjoyable and even slightly realistic (in what you can hack), but the most unbelievable thing is that the hacker is doing all of it via a smart phone. Even the best smart phones aren't that good. Proper hackers would use a netbook at the very least. Ever tried to type complex OS commands on a touch screen? Fuck that.

Ever heard of a thing called "Hacker's keyboard"?
A full keyboard for your phone!
https://play.google.com/store/apps/detai...d&hl=en_GB

Sure, the keys are tiny and it gets clumsy... but I'm sure any half decent hacker can train his fingers to hit just the right spot every time! Tongue

(July 18, 2017 at 11:10 am)Tiberius Wrote: If you want to watch a good hacking movie that was mostly accurate with the hacking, watch War Games.

Kinda outdated... and that military computer that has it's gaming centre connected to the actual nuclear weapons launching system.... so not realistic!
Oh and learn the futility of playing a game by playing it tons of times. AI in the 80's was that advanced?!
Reply
#27
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 11:38 am)pocaracas Wrote: Kinda outdated... and that military computer that has it's gaming centre connected to the actual nuclear weapons launching system.... so not realistic!
Oh and learn the futility of playing a game by playing it tons of times. AI in the 80's was that advanced?!

Well the entire premise of the movie was they hooked the computer system up to the nukes because the men responsible for firing the nukes were not following orders. The "gaming center" was a legacy part of the system that makes the decisions on whether to fire a nuke or not. The AI was too advanced for its time of course, but it's a movie.

The hacking aspect was pretty spot on.
Reply
#28
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 12:02 pm)Tiberius Wrote: The hacking aspect was pretty spot on.

That it was.
Dial-up and all!
Reply
#29
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 11:10 am)Tiberius Wrote: The dumbest things that I can remember in no particular order:

1) Using invalid IP addresses. This happens so often it's laughable. A valid IP address has 4 numbers, separated by periods, and each number is between 0 and 255. Movies and TV shows regularly just stick 2-3 random numbers in each place so you get IPs like 134.452.12.228 which doesn't exist.

2) That bit in the James Bond film "Skyfall" where they just plug a terrorist hacker's laptop into the MI6 computer network and it "hacks" them. There was so much wrong with that scene. Firstly, MI6 are at least technically competent, so they wouldn't ever just plug a laptop into the same network as the rest of the organization. They'd use a separate network, one not connected to anything. Secondly, IIRC (and I just read the plot synopsis) they were trying to decrypt the laptop. Well to decrypt the laptop, unless it uses a TPM, you would just need to remove the hard drive and mount it separately. Nothing would be running at a software level on the laptop or the hard drive while the decryption took place. Finally, even if the laptop managed to connect to MI6 systems, I doubt it would be able to find and access things like the release mechanisms for the cell that the terrorist is in.

3) Any hacking scene where they show the network being gradually compromised, often with "layers" of firewalls being displayed as a visual on a screen and slowing disappearing. Hacking a network with multiple layers of firewalls / protections is (a) not quick, and (b) not done with visual effects for the "good guys". Instead you'd probably see a load of tech guys looks at logs and the occasional alert window.

You must have missed the episode of Bones where the evil genius hacked the lab's super computer by hand carving fractals into a murder victim's bones. When the lab 3d scanned the bones it uploaded the virus which literally burnt the computer to the ground.
Save a life. Adopt a greyhound.
[Image: JUkLw58.gif]
Reply
#30
RE: Ask a computer security expert (part 2)
(July 18, 2017 at 1:09 pm)popeyespappy Wrote:
(July 18, 2017 at 11:10 am)Tiberius Wrote: The dumbest things that I can remember in no particular order:

1) Using invalid IP addresses. This happens so often it's laughable. A valid IP address has 4 numbers, separated by periods, and each number is between 0 and 255. Movies and TV shows regularly just stick 2-3 random numbers in each place so you get IPs like 134.452.12.228 which doesn't exist.

2) That bit in the James Bond film "Skyfall" where they just plug a terrorist hacker's laptop into the MI6 computer network and it "hacks" them. There was so much wrong with that scene. Firstly, MI6 are at least technically competent, so they wouldn't ever just plug a laptop into the same network as the rest of the organization. They'd use a separate network, one not connected to anything. Secondly, IIRC (and I just read the plot synopsis) they were trying to decrypt the laptop. Well to decrypt the laptop, unless it uses a TPM, you would just need to remove the hard drive and mount it separately. Nothing would be running at a software level on the laptop or the hard drive while the decryption took place. Finally, even if the laptop managed to connect to MI6 systems, I doubt it would be able to find and access things like the release mechanisms for the cell that the terrorist is in.

3) Any hacking scene where they show the network being gradually compromised, often with "layers" of firewalls being displayed as a visual on a screen and slowing disappearing. Hacking a network with multiple layers of firewalls / protections is (a) not quick, and (b) not done with visual effects for the "good guys". Instead you'd probably see a load of tech guys looks at logs and the occasional alert window.

You must have missed the episode of Bones where the evil genius hacked the lab's super computer by hand carving fractals into a murder victim's bones. When the lab 3d scanned the bones it uploaded the virus which literally burnt the computer to the ground.

To be honest I don't find that particularly dumb because I feel like they totally intended for it to be ridiculous and unbelievable.

It's dumb when a show has a vague understanding of something but completely mis-understands some important aspect, and wind up creating something stupid. The "I'll create a GUI in visual basic to track the IP address" kind of thing:

https://www.youtube.com/watch?v=hkDD03yeLnU

Scanning a virus off carvings in some bones which makes the computer burn to the ground...just sounds like the writers knew it was absurd and meant it to be funny.
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  Ask a psychiatric/hospital security guard... Bob Kelso 34 7543 September 20, 2015 at 9:27 pm
Last Post: Bob Kelso
  Ask a computer security expert. Tiberius 25 4798 May 30, 2015 at 7:07 pm
Last Post: pocaracas



Users browsing this thread: 4 Guest(s)