Mitigation

Back-Hacker Blog

Member for

5 months 3 weeks
Submitted by AlReaud on Sun, 11/13/2016 - 14:17

The Back-Hacking Blog came into existence around December 2011 after I started using Kali Linux. It comes from the idea of defending against hackers in a manner similar to Krav Maga. The putative system or security administrator doesn't just sit there passively receiving attacks, rather in the background they start probing the intruder's system, looking for weaknesses and exploits and using all of the tools available. However, make sure you read that first Back-Hacking link (and this one). There are legal, ethical and logistical questions to be addressed. Sometimes it is quite effective, as related in SunTrust Spoof: Additional ways of protecting your SunTrust access it can be quite effective. The other side of the coin is that it is not for the uninitiated. You may compromise your systems, open yourself or your organization to legal liability or criminal prosecution depending on your jurisdiction, and/or straight up waste your time. My personal position is that it is like carrying a concealed weapon, to be used only justifiably in self-defense.

SunTrust Spoof: Additional ways of protecting your SunTrust access

Member for

5 months 3 weeks
Submitted by AlReaud on Tue, 09/27/2011 - 19:50

Updated: 11/6/2016

This is a recent phish wherein you get the following email (allegedly) from SunTrust Bank:

Subject: Additional ways of protecting your SunTrust access
From: "Suntrust"<infor@suntrust.com>



SunTrust Online Banking Alert:

Banking with SunTrust Online is about to become even more secure!
As a valued SunTrust online customer, the security of your identity and personal account information is extremely important. We are installing Enhanced Online Security as an additional

Hacker Mitigation

Member for

5 months 3 weeks
Submitted by AlReaud on Tue, 09/27/2011 - 19:03

This is a series dedicated to insuring that hackers and phishers can do no harm to your computer or your finances. Computer security basics will not be covered in this series.

We shall differentiate between two species of attacker as follows:

  • HACKER - The hacker (or cracker, depending on your school of thought) is an individual or bot that attempts to seize your machine via remote access. On operating systems that allow for a remote shell or graphical user interface with remote access, the remote login features are attacked via malware or social engineering. If successful, such attacks gain control of the hardware and operating system, allowing the creation of further bots, spam factories, etc.
  • PHISHER - The phisher is an individual or bot that attempts to steal your identity, banking information, and/or other sensitive financial/personal information via mostly social engineering based attacks. Getting a victim to click on a link going to a website that spoofs an actual one, lets say a bank's, has become very common. Such a spoof tricks you into divulging personal information to information thieves via spurious websites and forms. This is the hardest kind of attack to stop, as current Internet security applications have no control over operation of the wetware.

In the following, examples are given 

Whois as a tool to prevent scamming on Craigs List Job Ads

Member for

5 months 3 weeks
Submitted by AlReaud on Tue, 06/14/2011 - 19:30

To those of us that have to look for a job, Craigs List is a good tool, but with some serious identity theft risks involved. In Fort Collins, there has been a rash of fake advertisements posting for usually high-end technician/engineering jobs. Automated Guided Vehicle Technician, R & D Technician, etc. Some of these look like to-die-for jobs. You apply, send off a resume, and then you get an email, usually from a free email service, like Hotmail, Gmail, etc.: