Re: Need advice about hacking and security

From: Ron Ruble (raffles2@att.net)
Date: 10/29/02 

From: "Ron Ruble" <raffles2@att.net>
Date: Tue, 29 Oct 2002 14:19:27 -0500

"darlene" <dlor60@hotmail.com> wrote in message
news:83724cbc.0210281513.10cd6f5c@posting.google.com...
> I've also received email addressed from myself,
> TO myself which I obviously didn't send. I didn't know someone
could
> duplicate an email address.

It's called "spoofing", and it's trivial. Anyone can
put any return address he wants to on a postcard.

That's all the "from:" address on an email is; a hand-
written return address.

> This 'person' enjoys flaunting its
> capabilities - After that incident this 'person' posted in a ng that
> she received an email from herself, just to let me know that it IS
her
> who sent the letter, and in essence is letting me know she is one of
> the hackers.

So, you already knew you were being targetted.

> > An email, any mook on any of the intervening
> > servers can read. And many system admins
> > leave directories unprotects.
>
> Good advice, but a little too late for me.

Understood.

> ...after I investigated their accusation I realized
> that this was the first evidence I had of the hacker. They asked me
> if I had another computer which I don't, and even had the name of
the
> other "user." I sent emails, called, left messages to investigate,
> but Netzero didn't want to deal with it - They sent me a final
letter
> saying it was my responsibility to secure my password. It was so
> ridiculous...

Not really.

It's like you call the police demanding an investigation
of why your apartment gets tossed every day while
you're at work. Then they discover you leave your
front door key under the doormat.

They don't have the time or inclination to protect
you. You have to do that yourself.

No offence intended here, but...

Ultimately, the average user PC, as it ships from
the store, is a little like Mayberry RFD. You've
got some police protection, sure: a jovial sherrif
who doesn't carry a gun, and his deputy who
does carry a gun but can't be trusted with bullets.

But that's OK; Mayberry is a nice, safe, quiet
little town. Everybody knows everybody
else, you can leave the front door unlocked,
etc.

But, you heard about this new dance club in
New York city, a place called The Internet. You
went, met some people, danced a bit, drank a
bit, and at one point you blabbed to everyone
who would listen all sorts of personal details:
your address, phone number, social security
number, where you keep the spare key, your
mother's maiden name...anything that came
to mind.

And one of these nice, friendly city folk was
a psycho stalker.

You come back home to Mayberry, and
then you find the stalker is harassing you.

Sherrif Andy would like to help, but he
doesn't have any authority in the big city.
And frankly, this is out of his league anyway.
Parking violations and speeding tickets
is more his speed.

The big city cops have real crimes to investigate,
and can't be bothered protecting every
hick from Mayberry who can't be bothered
to learn that you don't trust everyone in the
big city.

You're on your own. Learn to protect yourself
or walk around being treated like a punching
bag.

> I don't know what a trojan is - I do know that I used Ad-aware
> several months ago and found about 40 spyware components.

A trojan is an innocuous-seeming program that
contains a nasty, dangerous surprise inside. Just
like the Trojan Horse looked like a present but
held an invading army, the trojan program lets
a remote user take control of your PC.

Usually, the trojan is sent in email. Either you click
on it, or they take advantage of a security hole in
your email. From then on, the only thing you can
do to prevent them controlling your PC is unplug
it, either from the internet or the power outlet.

Virus scanners detect a lot of them, but there
are also trojan scanners as well; do a search.

> True, the police are not even sure of any regulations regarding the
> internet. They were only aware of issues that may involve credit
card
> number theft/fraud, etc. You have no idea of the extent that this
> individual has gone infringing upon my life. I have my suspicions
of
> who is doing this, and the person by leaving her name in ng's seems
to
> believe she is above the law by taunting me. If I find that she has
> violated any laws (besides my privacy), I will find a way to follow
> up. ;)

She probably has, but most places treat this kind of
thing about as seriously as spitting on the sidewalk.

Actually less serious; some places have hefty fines for
spitting on the sidewalk.

<snip>
> Huh? All of this is right over my head! firewall? OS? I'll look
it
> up.

Like I said before:

Expect to spend a _lot_ of time learning what you
need to know, and a little regular refresher for new
information (a couple of hours) every few weeks
for the rest of your life.

You can't learn everything you need to know on
the usenet newsgroups. Go to the library, get
some books on computer security.

> Someone did suggest I re-install my software, but I thought it
> may remove any proof of individuals tampering with my computer.

You can make a backup. But even if there is
evidence there, it doesn't count for much.

Save copies of the emails, and forget the rest,
as far as being evidence goes.

Good luck.

Quantcast