TradeBanners Member
The How To Hacker's
Defense Site
Password Decoding Utility is causing Corporate concern - Everyone knows that leaving your ISP or Network password saved in Windows95's Dial-Up Networking is still not readable. However, now there is a way to read stored passwords. Revelation 1.1, created by Snadboy Software, allows passwords hidden behind a line of asterisks to be decoded into plain text that can be copied down or saved to a floppy drive for future use. And because of its size of 15KB, Revelation can easily be saved to a floppy disk and rapidly installed onto any computer for decoding of passwords. The program is available for download from more than 20 FTP sites that are listed on Snadboy's Web site at http://www.snadboy.com. The best way to prevent someone from finding out what your password is would be to simply make sure that you do not save your passwords in the cache. This program cannot, however, work over the network or work remotely. The program has to be run locally on a user's system.
ActiveX or How To Put Nuclear Bombs in Web Pages - ActiveX is often referred to as OLE renamed. What does this mean? Any ActiveX Control downloaded over the web might be a trojan or virus. Be careful! Mr. Fred McLain offers a demo program called Exploder. (http://www.halcyon.com/mclain/ActiveX) It is not dangerous in itself, instead Exploder is a demonstration that ActiveX can be dangerous. The question is doesn't Code Signing and Microsoft's AuthentiCode technology prevent people from distributing malicious ActiveX controls? The answer is NO. The Code Signing simply attempts to identify who signed the control. Anyone can go out and get a code signature. It's a pretty much automatic process. All you have to do is go to a web site, give them a name, address, credit card number and some other information (none of which have to be yours), click "I Agree" on a page full of legal jargon, and pretty soon you get an e-mail with the information you need to sign the control in it. Once you have your Digital ID, you can sign any unsigned ActiveX control. Nobody reviews these controls! In other words, a signature doesn't tell you who wrote the control and it doesn't tell you if the control is safe or not. So, with the number of hot credit card numbers out on the net, it doesn't even tell you for sure who signed it. A danger is that seeing that a control is signed will give people a warm fuzzy feeling about the control, and encourage them to run it, even though it does not guarantee their safety! The lesson here is that if you do not know anything about the company or web page author, then do NOT accept their free download of their ActiveX program!
Surf the Net Anonymously - Did you know that when you visit a web site, they have the ability to determine what site you came from? Also, who you are, what type of browser you are using, your IP address, and even your Email address? To most of us, we don't care about this information being taken from our computers, when we surf the Internet. However, there might be times when we want to visit a web site anonymously. Now there is a way to do this. Visit The Anonymizer (http://www.anonymizer.com) first, then surf the net. They will keep the servers you visit from knowing who you are and where you've been. It takes longer to get from one place to another using The Anonymizer, but if privacy is a concern for you, it may be worth it.
Email Bombs - Ever
hear about someone receiving multiple copies of an Email? Perhaps
100 copies, or 1000 copies, or even 5000 copies? And they are all
from an anonymous receipient. Well it is possible to do so with an Email
Bomb Program. You can search for these programs here:
An Email Bomb program is a fully FUNCTIONAL harrassment tool. However, there is a
cure for this if you are the victim. First of all, most Email
programs allow you to direct incoming mail to a specified folder.
One program that we use is Microsoft Mail. So, if you start to
receive the same message over and over again, simply stop the
program and direct all incoming mail with that message to your
trash folder. Sign back on and let it automatically trash these
multiple copies for you. Another defense is to simply not
retrieve mail from your Email server for a specified period of
time. For instance, GeoCities only allow mail to remain on their
file server for 7 days, and then it is deleted automatically. So
if you start to retrieve multiple copies, then sign off for 8
days and the Email will disappear automatically. The third way is
to simply call your IP Provider, and after properly identifing
yourself, they will delete the contents of your inbox on their
server for you, without a charge. Email Hacks - Your
computer can now be an active participant in Email hacks. You
simply visit a web page, their server delivers to you and
executes a Java Applet, and then Email is sent (coming from your
machine!). To prevent this from happening, simply turn off your
browser's Java. Learn more about this from The Hostile Mail
Applet Page at his site (http://www.nyx.net/~jbuzbee/mail.html).
You can even download a copy of his Java script that will perform
this mail hack. Span and block spam
- There is company located in Dresher, Pa., that is
being paid by various clients to fill two million E-mail inboxes
a day with unsolicited commercial advertisements. The company is
Cyber Promotions, (http://www.cyberpromo.com),
and anyone can hire them for their own promotions. They are
currently preparing a court appeal, which ruled against them and
said the firm has no First Amendment proctection to the right to
spam. If they succeed, there is still new technologies that may
indeed provide a way to block spam. One company, Cypherpunks (http://infinity.nus.sg/cypherpunks/current),
are investigating a scheme to use electronic cash that would
create an "e-guard-dog" to protect the users' inboxes.
This guard dog could be programmed to levy a charge of a few
cents, payable in DigiCash's e-cash, for every E-mail received
from a stranger. By putting the charge back to the sender, it
would put out of business the spam kings instantly.
Back to Top
Member of the Internet Link Exchange
Electronic mail address
TheView@hotmail.com
Number of visitors this year: