ratul
█████████████████
This isn't new, but i think it's worth sharing, a Black-hat sharing his views on how secure we are, and what our anti-viruses are capable of..
Quite scary and definitely gave me chills...
Read more: Interview With A Blackhat
Some excerpts that scared me:
Update: thought it'd be good if i merge it here rather than starting a new thread.. (WARNING: It's a very long read.. )
Another great read i found about how a man challenged a hacker, and how he showed that hacking is not just limited to your computers, they can track you down physically and do take measures like hiring detectives and all: I challenged hackers to investigate me and what they found out is chilling | PandoDaily
Guess never mess with a hacker..
Quite scary and definitely gave me chills...
Read more: Interview With A Blackhat
Some excerpts that scared me:
Q: And how much do you think you made last year?
A: Off the top of my head? Around about 400-500k. Last year was kind of ****. People became wiser, patches became more frequent. This year we have 3/4 of that amount already.
Q: How easy is it for you to compromise a website and take control over it?
A: For beginners you can simply Google inurl:money.php?id= — go ahead try it. But most of them will be cancelled or dried up. So, now you target bigger websites. I like to watch the news; especially the financial side of it. Say if a target just started up and it suddenly sky rocketed in online sales that’ll become a target. Most of these websites have admins behind them who have no practical experience of being the bad guy and how the bad guys think. This leaves them hugely vulnerable. They patch SQL but choose a DNS that is vulnerable to DNS cache poisoning. You can break in and be gone within an hour.
Q: What is your favorite kind of website to compromise? Or are your hack attempts entirely untargeted? What are the easiest sites to monetize?
A: Most of the time un-targeted but once a company (which I won’t name) pissed me off for not giving me discount in a sale so we leaked every single credit card number online. One type of company I love to target is Internet security, i.e. anti virus companies.
There is nothing better than a clothing store at the summer sales (except porn websites). These are in my personal opinion the easiest and most successful targets to breach. I’ll talk about clothes stores first. Clothing websites are SO easy because of two main types of attacks.
1. The admins never ever have two-step authentication. I don’t know why, but I have never seen one admin have it (and I’ve done it thousands of times). 2. The ‘admin’ usually works there behind the tills or in the offices. They have no clue what they’re doing: they just employ someone to make the website then they run it. They never ever have HTTPS, [so they have] huge SQLi vulnerabilities (e.g.. inurlroduct.php?id=). Once you have the SQLi vulnerability you can go two routes or both. Route one: steal the credit card info and leave. Route two: deface the website, keep the original HTML code but install an iframe that redirects to a drive by download of a banking Trojan.
Now to discuss my personal favourite: porn sites. One reason why this is so easy: The admins don’t check to see what the adverts redirect to. Upload an ad of a well-endowed girl typing on Facebook, someone clicks, it does a drive by download again. But this is where it’s different: if you want extra details (for extortion if they’re a business man) you can use SET to get the actual Facebook details which, again, can be used in social engineering.
Q: What is your favorite/most effective exploit against websites and why?
A: If it’s a 0-day, that obviously ranks at the top. But below that is XSS. It’s really well known but no one patches it. I suppose DDoS isn’t really classed as an exploit but that can bring in monthly ‘rent’ for our ‘protection’. But over all 0-days are the greatest exploits.
Q: Is there something that websites do to try to defend themselves from guys like you that they always get wrong?
A: I could re-write Shakespeare here. I’ll pick three things.
1. Hire stupid admins who have never been a bad guy, just fed with a silver spoon all their lives and went to Uni on mummy and daddies money. If I were the CEO of a company I’d much rather employ someone who has a criminal record for hacking than a Uni graduate any day of the week. The guy who has the criminal record has gained the knowledge of how a bad guy would go about getting in. and not just what a text book says. (This is sooo me.. )..
2. They allow untrained, young, dumb, Saturday workers to operate the phones.
3. Companies don’t purchase DDoS protection. Cloudflare for example offers incredibly strong DDoS protection for 200 dollars a month (also its harder to jack a cloudflare domain). If I extort you for 200-1000 dollars for 1 day why not make yourself immune for the minimal fee?
Q: Which types of browsers tend to be the most vulnerable? Why do you think that is?
A: if you asked me this a few years ago I’d've said almost 100% was IE. That is still hugely vulnerable but now people have taken to the better, faster browsers such as Chrome and Firefox. IE still dominates the market at about 52% but Chrome is the majority of the rest. I think IE is dominating the market because the vast majority of people feel comfortable with it. Unless you actually read into vulnerabilities etc., you don’t know how dangerous IE is, so why do you need to change? Chrome already forced it to be better. One thing that did hugely affect bot infection rates was the mass removal of Java. When news of a java 0-day gets published people panic (rightly so) and un-install it or patch but as we all know java never stays secure for long. (So firefox is still most secure of the three.. ).
Update: thought it'd be good if i merge it here rather than starting a new thread.. (WARNING: It's a very long read.. )
Another great read i found about how a man challenged a hacker, and how he showed that hacking is not just limited to your computers, they can track you down physically and do take measures like hiring detectives and all: I challenged hackers to investigate me and what they found out is chilling | PandoDaily
Guess never mess with a hacker..
Last edited: