[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: was BabyCam now hacking
>who would bother
unfortunately, loads of people, its easier prey than corporate sites.
I had a number of attacks within a couple of hours of installing ADSL.....
Daniel
-----Original Message-----
From: Mark Harrison [mailto:Mark.Harrison@xxxxxxx]
Sent: 14 March 2002 09:09
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] BabyCam
You only have to open OUTGOING ports on the firewall.
I don't have a problem with that. My standard rulebase allows outbound
connection on ANY port.
What I _don't_ want to do is open INCOMING ones.
On the "who would bother" question - a lot of hacking attempts
these
days aren't directed. They're script puppies running probes against
blocks of IP addresses ;-(
I agree - the company websites I'm responsible for are much jucier
targets than my home LAN, and maybe I'm a bit obsessive about the
security model for home compared to most people ;-)
-----Original Message-----
From: BUTLER, Tony, FM [mailto:tony.butler@xxxxxxx]
Sent: 13 March 2002 17:23
To: 'ukha_d@xxxxxxx'
Subject: RE: [ukha_d] BabyCam
> That's not how IM works.
>
> IM is not a Peer to Peer service. It's Client-Server.
The example I gave was client server too - any old client could open the
user's CD drawer, provided they knew the port no and command syntax!
> My PC picks it up by first opening a two-way channel to Microsoft's
> server farm (logging on), and then listening on that channel.
>
> It's not a "port listener. It only listens on a channel that IT
has
> established.
>
> So on that basis, it doesn't have the problem of "static,
> open port" to
> respond to.
There are lots of problems with IM and firewalls because ISTR, it
randomly
chooses a port to connect to.
Thus, you put your PC in a DMZ & it is open to attack, or your have to
open
a wide range of ports.
@ least with the static port solution (and I'm not trying to say 'my
solution is better than yours, because it's not. They each have
merits), it
is one port and an unknown command syntax, whereas IM is well know and
thus
potentially hackable.
Of course, whether someone really wants to hack your system or not is
another matter. I have reasonable (though for all the hackers out
there,
read "VERY VERY STRONG!" :-)) security on my system, but not the
worlds
greatest because I feel microsoft or barclays or <any other big
company>
makes for far more interesting hacking material than my little lan on a
paltry 512k/128k connection, so who would bother?
Oh yeah, and why bother? All you need is a voice recognition & control
package (MS GameVoice might even do it) on the PC that will recognise
mini-Mark's 'WAAAAHHH' and send the right keystrokes to start IM on the
home
PC and send a 'WAAAHHHH!' message to you at work :-)
There you go - sorted for the price of a mic and some voice software!
Tony
********************************************************************
Visit our Internet site at http://www.rbsmarkets.com
This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorised to
retain, read, copy or disseminate this message or any part of it.
********************************************************************
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
***********************************************************
This message is confidential and intended for the exclusive
use of the addressee(s) only and remains the property of
Exchange FS Group plc. You should not disclose its contents
to any other person. If you are not the intended recipient
please notify the sender named above immediately.
Registered Office: Munro House, Portsmouth Road, Cobham,
Surrey, KT11 1TE. Registered in England No. 2596452
***********************************************************
Home |
Main Index |
Thread Index
|